Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

6/20/2012
03:46 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Startup Wraps User Tasks In Virtual Containers

Bromium announces micro-VM technology that protects the OS, network, from users' security missteps

A security startup co-founded by executives from Citrix, Xen.org, and Phoenix Technologies emerged from stealth today and shed light on its new technology that employs small virtualized containers to isolate malware and prevent it from infecting the underlying operating system or other members of the enterprise network.

The goal of these so-called "micro-VMs," created by startup Bromium, is to stop attacks in their tracks at the endpoint, going on the assumption that you can't prevent users from mistakenly clicking a malicious link or opening an infected document -- and that the bad guys are bypassing perimeter defenses, so they are already inside the user endpoint, either via the browser or email inbox, for example. The idea is to make the move to BYOD, cloud, and mobility simpler for security.

Gaurav Banga, co-founder and CEO of Bromium and former CTO and senior vice president of engineering at Phoenix Technologies, says the new security firm is applying virtualization specifically for security, and in a different way.

"We are taking the latest and greatest capabilities available to us in hardware and the lessons learned in first-generation virtualization, and what we're able to do is isolate an individual task," Banga says. So visiting a Web page or opening an email attachment each would be sealed in its own micro-VM, a self-contained module that self-destructs, along with the malware, when the user goes to his or her next task, he says, and it's all invisible to the user.

[ It's more about containment now, not stopping the attacker. Relying solely on perimeter defenses is now passe -- and naively dangerous. See Damage Mitigation As The New Defense. ]

Security via virtualization isn't new. Invincea, for example, places the browser, email attachments, and PDF files in a virtual environment in order to protect the underlying system from infection: It separates the browser, attachment, and PDF from the desktop operating system in a sandbox-type setup.

Organizations increasingly are looking at virtualization as a security tool, aside from just a data center optimization strategy. Steve Durbin, global executive vice president of the U.K.-based Information Security Forum, a global nonprofit whose members include Procter & Gamble, IBM, Swisscom, and Nokia, says its members are interested in how to use virtualization technology for security purposes. "Virtualization is something our members have been looking at very keenly because it's about trying to maintain integrity in the access route. If you can virtualize, you come remove some of the user-related issues ... and access the data and protect it," Durbin says.

Bromium's Microvisor detects potentially vulnerable tasks and places them in hardware-isolated micro-VMs, which Banga describes as lightweight and invisible to the user. "The most common way to program Bromium is to say, 'Here are a bunch of applications that are safe to run because I built them and I know who the vendor is,'" Banga says. "Anything that's unknown, any piece of code, JavaScript, PDF," etc., is automatically placed into a micro-VM container while that task is under way.

"We effectively have cells that are micro-VMs based on Intel VT [technology]. You can have hundreds of micro-VMs to isolate individual vendor's tasks and the user would not see any of it" or experience any performance trade-offs, he says.

Unlike sandboxing, the technology protects the operating system as well. "A sandbox is trying to create a little Windows inside a big Windows, and the little Windows has to be compatible and more secure. That's an oxymoron ... sandboxing struggles with that," Banga says. "We do hardware isolation, and we don't care what's running in the OS."

Bromium's mantra is that its micro-virtualization approach makes PCs and mobile devices "trustworthy by design" because it automatically blocks and kills malware. Its products remain in beta for now, mostly among financial services, government agencies, and pharmaceutical companies.

Banga says Bromium focuses on allowing the user to do his or her work with a mobile device while also reducing the attack surface. "It ultimately comes down to how to build a robust system against human mistakes," he says.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
New 'Nanodegree' Program Provides Hands-On Cybersecurity Training
Nicole Ferraro, Contributing Writer,  8/3/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15820
PUBLISHED: 2020-08-08
In JetBrains YouTrack before 2020.2.6881, the markdown parser could disclose hidden file existence.
CVE-2020-15821
PUBLISHED: 2020-08-08
In JetBrains YouTrack before 2020.2.6881, a user without permission is able to create an article draft.
CVE-2020-15823
PUBLISHED: 2020-08-08
JetBrains YouTrack before 2020.2.8873 is vulnerable to SSRF in the Workflow component.
CVE-2020-15824
PUBLISHED: 2020-08-08
In JetBrains Kotlin before 1.4.0, there is a script-cache privilege escalation vulnerability due to kotlin-main-kts cached scripts in the system temp directory, which is shared by all users by default.
CVE-2020-15825
PUBLISHED: 2020-08-08
In JetBrains TeamCity before 2020.1, users with the Modify Group permission can elevate other users' privileges.