Bromium Promises Unbreakable Protection for the Modern Enterprise
Security startup uses microvirtualization and hardware isolation to protect the perimeter from attacks.
According to the hordes of vendors, experts, and evangelists at last week's VMworld in San Francisco, virtualization is continuing its takeover of the enterprise, with even the network poised to go virtual. This paradigm shift creates new opportunities. One vendor looking to seize those opportunities is Cupertino, CA-based security startup Bromium. Founded in 2010, Bromium takes virtualization and applies it at the micro level for endpoint security that, if all works as the company claims, can secure enterprise networks at the macro level, from the perimeter on in.
Last week, I spoke to Bromium co-founder and CTO Simon Crosby about Bromium's microvirtualization concept. A 2007 InfoWorld Top 25 CTO, Crosby founded and served as CTO of XenSource prior to its acquisition by Citrix and then became CTO of Citrix's Virtualization and Management Division. In his opinion, traditional AV, network security appliances, and software sandboxes are all too vulnerable, while Bromium's solution is not.
The problem with most security solutions
Crosby and Bromium assert that most security solutions simply have too many vulnerabilities. Traditional antivirus (AV) relies on known virus signatures for detection and remediation, making AV useless against zero day exploits. AV also depends on patching and updating to maintain its already limited level of effectiveness. Many network security appliances, meanwhile, fail to detect advanced malware. In a recent Bromium blog post, Crosby pointed out that since these appliances often look for malicious activity, malware writers know to "wait for user interaction before they commence their attack," thereby bypassing network appliances.
And then there's the sandbox problem.
Software sandboxes—or virtual containers, depending on who's talking—have garnered some attention of late, with companies like Invincea (and, by extension, Dell DDP | Protected Workspace) and Trustware basing their solutions around the use of software to contain suspicious and malicious code. As Bromium demonstrated at Black Hat EU and Black Hat USA this year, however, sandboxes have serious vulnerabilities. One of those is a kernel mode vulnerability. "If I get you to browse to a website that feeds the kernel a poisoned font file, for example, the kernel will fail on its own, and I can just step over," Crosby told me.
That's not all, either. The other vulnerability Bromium demonstrated allows code to escape virtual containers due to a design limitation inherent in all sandboxes. "In every sandbox, there are several Windows system processes that are visible, that expose vulnerabilities. They have to be present, otherwise no application will run. So if there's a vulnerability in one of those Windows core services, you can jump from the user space to the kernel," Crosby explained. This is a "fundamental system limitation" of software sandboxes, he added.
Next page: Bromium's solution, what it costs, and who's using it