Bromium Promises Unbreakable Protection for the Modern Enterprise - Page 2

Security startup uses microvirtualization and hardware isolation to protect the perimeter from attacks.

 By Jude Chao
Page 2 of 2   |  Back to Page 1
Print Article

Bromium's solution: Hardware isolation of "micro-VMs"

In contrast to software sandboxes, Bromium's vSentry solution relies on hardware isolation for protection. vSentry is built on the Bromium Microvisor, a Xen hypervisor that creates "micro-VMs" for each untrustworthy task, whether that task is following a hyperlink, accessing a file, downloading an email attachment, or some other operation with the potential to endanger the endpoint and the network.

"When you click on a URL or do something else, vSentry will instantly do an in-memory, fast clone of the system, forking the entire OS" and creating a micro-VM for the task at "a minimum amount of state, pointed to memory," Crosby explained. That micro-VM only contains what's necessary for the task itself. No access to intranet, DNS, SaaS sites, or anything else that malware writers might hope to infiltrate or compromise.

"When malware shows up in the context of the task, it cannot break into the CPU," Crosby told me. He added that "we don't care about zero-days at all. They have nowhere to go. They can kill their own little slice of the system, talk to their botnet, do whatever they want—we don't care."

And vSentry's protection feels seamless. Crosby demonstrated vSentry to me by opening the console to show micro-VM creation and then clicking through links in an online list of known malware, looking for something to infect his laptop. The micro-VMs appeared nearly instantaneously—under 10 milliseconds, according to Bromium—and vanished, discarded by the system, just as quickly once each tab was closed and each task complete. I saw no compromise to end user experience.

This self-remediating, isolate-and-discard security model "empowers the user far more. The user can be on an untrusted network and the device will protect itself. Users don't always have to be on the VPN. The perimeter problem goes away when each device out in the world can protect itself," Crosby said. This may make make vSentry an attractive proposition to companies in the throes of adjusting to employees' new mobility expectations.

Threat intelligence for additional security

Those micro-VMs also serve another purpose: the collection of threat intelligence. "The moment you close that task, because we have the entire execution history of that task, we can produce an entire forensic log of exactly what happened," Crosby told me. With LAVA (Live Attack Visualization and Analysis), the company's behavioral inspection and analysis engine, security teams can look into threats, find new signatures, and fire the new intelligence "into other defensive mechanisms in the enterprise, making every endpoint device into a sensor," he said.

What vSentry costs, and who's using it

As one might expect, Bromium's solution doesn't come cheap, especially compared to traditional AV software. Crosby calls AV "a horribly commoditized business. If you look at McAfee for enterprise, they cost something like $5 per end user." In contrast, vSentry lists at $150 per end user.

"And people pay it, because we do the job," Crosby said.

Currently, Bromium's customers use vSentry and LAVA to protect high-value targets in industries like financial services (including the NYSE), government, and oil and gas. Future uses of vSentry need not be limited to the perimeter, however. Bromium focused on endpoints to avoid overlap or competition with existing hypervisor use cases, but while "this initial first use case on end user devices delivers great secure devices, you could use it anywhere," including further inside the network or cloud stack, he pointed out.

Will vSentry take the security space by storm? Named a 2013 Gartner Cool Vendor and backed by investors like Andreessen Horowitz and Intel Capital, the company doubled its customer base in the second quarter of this year. vSentry's price point might appear prohibitive for many organizations, but if Bromium can demonstrate superior protection in the face of the modern threat landscape, enterprises may find themselves ready to shell out for the benefits of microvirtualization.

ENP editor Jude Chao Jude Chao is executive editor of Enterprise Networking Planet. Follow her on Twitter @judechao.

This article was originally published on Sep 5, 2013
Get the Latest Scoop with Networking Update Newsletter