Risk
3/13/2013
12:02 PM
50%
50%

Bromium Founders Detail Life After Xen

Xen hypervisor team regroups to craft what they claim is a unique take on the problem of IT security.

The people who brought you Xen have, it seems, decided to look for another sort of virtualized enlightenment. This time, they claim to have invented a wholly new way of doing security based on the approach.

The Xen project was an open source hypervisor that originated at Cambridge University, with the first release of the system coming 10 years ago. XenSource, the company eventually spun out of the project, was acquired by Citrix in 2007 for £334 million ($500 million). The technology is a key component of cloud services like that of Rackspace and Amazon's EC2.

The good news for those worried that British software entrepreneurs are just interested in cashing out, not building long-term value, last year the XenSource team popped up with a new operation: Bromium, which claims to offer a unique virtual machine approach to endpoint IT security.

[ Want to know more about this approach to security? See Bromium Strengthens Desktop Security Using Virtualization. ]

Specifically, we are talking about Ian Pratt, one-time senior lecturer at Cambridge's Computer Laboratory, who is now senior VP of products at Bromium, CTO Simon Crosby, and Gaurav Banga, described as co-founder, president and CEO.

"After Xen, I got interested in the idea of looking at what virtualization could do at the desktop or client end, not the server," Pratt told Information Week.

But not virtual desktops; instead, fixing endpoint security. The idea: by using something called the Bromium Microvisor, which the team claims is "second-generation virtualization technology," the user's machine session effectively becomes its own virtual machine (VM), or rather set of such VMs, though allegedly the user enjoys an unchanged desktop user experience. Thus, claimed the company's VP of marketing, Franklyn Jones, "We never do detection; because everyone knows antivirus and network monitoring just doesn't work. Our approach does."

The company is twin-headquartered in Cupertino, Calif., and Cambridge, England, though it seems the bulk of the actual development work takes place in the latter site; Pratt says there are 35 developers in his lab there.

Bromium says the Microvisor automatically identifies each vulnerable task and instantly hardware-isolates it within a micro VM, which is a "lightweight, hardware-backed isolation container that polices access to all OS services and resources," running on Microsoft Windows 7 and 8, Windows Server, Windows XP, terminal services, Explorer and Office environments. Micro VMs run natively with full performance, but continually protect the desktop, even from unknown threats, claims the team, which markets the technology as vSentry.

Pratt and his colleagues seem to have accumulated enough credibility via the XenSource-Citrix move for their startup to get some actual money, too. In June last year, the company announced it had raised £17.8 million ($26.5 million) in Series B funding from lead investor Highland Capital Partners, new investor Intel Capital and existing investors Andreessen Horowitz and Ignition Ventures.

Though it's still early days, Bromium has landed a very prestigious customer: the New York Stock Exchange. Sunil Seshadri, SVP & chief information security officer at NYSE Euronext, said in a statement, "vSentry is an intriguing product because of its unique ability to isolate and analyze the potential impact of very real attacks on your network. It's almost like performing preventative forensics, which is a very innovative capability, and incredibly valuable in today's carefully guarded corporate networks."

A new report from information security research and advisory company NSS Labs backs up Bromium's claims. Its independent field testing found Bromium vSentry fended off 100% of attacks on a protected Windows 7 client. These attacks included 166 embedded exploits delivered via email to Microsoft Outlook, 153 drive-by attacks delivered via HTTP and HTTPS, and 15 advanced attacks using the Metasploit penetration testing toolset.

Jones said buyers and analysts have to be educated a bit more about what Bromium does. "When we talk about what we do, people say 'Oh, it's a sandbox' or 'Oh, you mean it's whitelisting,'" he said. "We don't do either of those, so it will take a bit of time for the traditional thinking to open up." Another clear marketing challenge is that because security is a notoriously close-mouthed area, it may be a struggle to get compelling case studies out there.

Nonetheless, this does seem like an interesting approach -- and security could do with more tools than constantly updating antivirus software databases.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading December Tech Digest
Experts weigh in on the pros and cons of end-user security training.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-5395
Published: 2014-11-21
Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei HiLink E3276 and E3236 TCPU before V200R002B470D13SP00C00 and WebUI before V100R007B100D03SP01C03, E5180s-22 before 21.270.21.00.00, and E586Bs-2 before 21.322.10.00.889 allow remote attackers to hijack the authentication of users ...

CVE-2014-7137
Published: 2014-11-21
Multiple SQL injection vulnerabilities in Dolibarr ERP/CRM before 3.6.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) contactid parameter in an addcontact action, (2) ligne parameter in a swapstatut action, or (3) project_ref parameter to projet/tasks/contact.php; (4...

CVE-2014-7871
Published: 2014-11-21
SQL injection vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev36 and 7.6.x before 7.6.0-rev23 allows remote authenticated users to execute arbitrary SQL commands via a crafted jslob API call.

CVE-2014-8090
Published: 2014-11-21
The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service (CPU and memory consumption) a crafted XML document containing an empty string in an entity that is used in a large number of nes...

CVE-2014-8469
Published: 2014-11-21
Cross-site scripting (XSS) vulnerability in Guests/Boots in AdminCP in Moxi9 PHPFox before 4 Beta allows remote attackers to inject arbitrary web script or HTML via the User-Agent header.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Now that the holiday season is about to begin both online and in stores, will this be yet another season of nonstop gifting to cybercriminals?