Bromium Promises Unbreakable Protection for the Modern Enterprise - Page 2
Security startup uses microvirtualization and hardware isolation to protect the perimeter from attacks.
Bromium's solution: Hardware isolation of "micro-VMs"
"When you click on a URL or do something else, vSentry will instantly do an in-memory, fast clone of the system, forking the entire OS" and creating a micro-VM for the task at "a minimum amount of state, pointed to memory," Crosby explained. That micro-VM only contains what's necessary for the task itself. No access to intranet, DNS, SaaS sites, or anything else that malware writers might hope to infiltrate or compromise.
"When malware shows up in the context of the task, it cannot break into the CPU," Crosby told me. He added that "we don't care about zero-days at all. They have nowhere to go. They can kill their own little slice of the system, talk to their botnet, do whatever they want—we don't care."
This self-remediating, isolate-and-discard security model "empowers the user far more. The user can be on an untrusted network and the device will protect itself. Users don't always have to be on the VPN. The perimeter problem goes away when each device out in the world can protect itself," Crosby said. This may make make vSentry an attractive proposition to companies in the throes of adjusting to employees' new mobility expectations.
Threat intelligence for additional security
Those micro-VMs also serve another purpose: the collection of threat intelligence. "The moment you close that task, because we have the entire execution history of that task, we can produce an entire forensic log of exactly what happened," Crosby told me. With LAVA (Live Attack Visualization and Analysis), the company's behavioral inspection and analysis engine, security teams can look into threats, find new signatures, and fire the new intelligence "into other defensive mechanisms in the enterprise, making every endpoint device into a sensor," he said.
What vSentry costs, and who's using it
As one might expect, Bromium's solution doesn't come cheap, especially compared to traditional AV software. Crosby calls AV "a horribly commoditized business. If you look at McAfee for enterprise, they cost something like $5 per end user." In contrast, vSentry lists at $150 per end user.
"And people pay it, because we do the job," Crosby said.
Currently, Bromium's customers use vSentry and LAVA to protect high-value targets in industries like financial services (including the NYSE), government, and oil and gas. Future uses of vSentry need not be limited to the perimeter, however. Bromium focused on endpoints to avoid overlap or competition with existing hypervisor use cases, but while "this initial first use case on end user devices delivers great secure devices, you could use it anywhere," including further inside the network or cloud stack, he pointed out.
Will vSentry take the security space by storm? Named a 2013 Gartner Cool Vendor and backed by investors like Andreessen Horowitz and Intel Capital, the company doubled its customer base in the second quarter of this year. vSentry's price point might appear prohibitive for many organizations, but if Bromium can demonstrate superior protection in the face of the modern threat landscape, enterprises may find themselves ready to shell out for the benefits of microvirtualization.
Jude Chao is executive editor of Enterprise Networking Planet. Follow her on Twitter @judechao.