Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


03:46 PM
Connect Directly

Startup Wraps User Tasks In Virtual Containers

Bromium announces micro-VM technology that protects the OS, network, from users' security missteps

A security startup co-founded by executives from Citrix, Xen.org, and Phoenix Technologies emerged from stealth today and shed light on its new technology that employs small virtualized containers to isolate malware and prevent it from infecting the underlying operating system or other members of the enterprise network.

The goal of these so-called "micro-VMs," created by startup Bromium, is to stop attacks in their tracks at the endpoint, going on the assumption that you can't prevent users from mistakenly clicking a malicious link or opening an infected document -- and that the bad guys are bypassing perimeter defenses, so they are already inside the user endpoint, either via the browser or email inbox, for example. The idea is to make the move to BYOD, cloud, and mobility simpler for security.

Gaurav Banga, co-founder and CEO of Bromium and former CTO and senior vice president of engineering at Phoenix Technologies, says the new security firm is applying virtualization specifically for security, and in a different way.

"We are taking the latest and greatest capabilities available to us in hardware and the lessons learned in first-generation virtualization, and what we're able to do is isolate an individual task," Banga says. So visiting a Web page or opening an email attachment each would be sealed in its own micro-VM, a self-contained module that self-destructs, along with the malware, when the user goes to his or her next task, he says, and it's all invisible to the user.

[ It's more about containment now, not stopping the attacker. Relying solely on perimeter defenses is now passe -- and naively dangerous. See Damage Mitigation As The New Defense. ]

Security via virtualization isn't new. Invincea, for example, places the browser, email attachments, and PDF files in a virtual environment in order to protect the underlying system from infection: It separates the browser, attachment, and PDF from the desktop operating system in a sandbox-type setup.

Organizations increasingly are looking at virtualization as a security tool, aside from just a data center optimization strategy. Steve Durbin, global executive vice president of the U.K.-based Information Security Forum, a global nonprofit whose members include Procter & Gamble, IBM, Swisscom, and Nokia, says its members are interested in how to use virtualization technology for security purposes. "Virtualization is something our members have been looking at very keenly because it's about trying to maintain integrity in the access route. If you can virtualize, you come remove some of the user-related issues ... and access the data and protect it," Durbin says.

Bromium's Microvisor detects potentially vulnerable tasks and places them in hardware-isolated micro-VMs, which Banga describes as lightweight and invisible to the user. "The most common way to program Bromium is to say, 'Here are a bunch of applications that are safe to run because I built them and I know who the vendor is,'" Banga says. "Anything that's unknown, any piece of code, JavaScript, PDF," etc., is automatically placed into a micro-VM container while that task is under way.

"We effectively have cells that are micro-VMs based on Intel VT [technology]. You can have hundreds of micro-VMs to isolate individual vendor's tasks and the user would not see any of it" or experience any performance trade-offs, he says.

Unlike sandboxing, the technology protects the operating system as well. "A sandbox is trying to create a little Windows inside a big Windows, and the little Windows has to be compatible and more secure. That's an oxymoron ... sandboxing struggles with that," Banga says. "We do hardware isolation, and we don't care what's running in the OS."

Bromium's mantra is that its micro-virtualization approach makes PCs and mobile devices "trustworthy by design" because it automatically blocks and kills malware. Its products remain in beta for now, mostly among financial services, government agencies, and pharmaceutical companies.

Banga says Bromium focuses on allowing the user to do his or her work with a mobile device while also reducing the attack surface. "It ultimately comes down to how to build a robust system against human mistakes," he says.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-04-15
Exposure of Sensitive Information in the web interface in McAfee Advanced Threat Defense (ATD) prior to 4.12.2 allows remote authenticated users to view sensitive unencrypted information via a carefully crafted HTTP request parameter. The risk is partially mitigated if your ATD instances are deploye...
PUBLISHED: 2021-04-15
Cleartext Transmission of Sensitive Information between McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update and McAfee Global Threat Intelligence (GTI) servers using DNS allows a remote attacker to view the requests from ENS and responses from GTI over DNS. By gaining con...
PUBLISHED: 2021-04-15
Cleartext Transmission of Sensitive Information vulnerability in the ePO Extension of McAfee Content Security Reporter (CSR) prior to 2.8.0 allows an ePO administrator to view the unencrypted password of the McAfee Web Gateway (MWG) or the password of the McAfee Web Gateway Cloud Server (MWGCS) read...
PUBLISHED: 2021-04-15
Denial of Service vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.100 allows a local, low privileged, attacker to cause a BSoD through suspending a process, modifying the processes memory and restarting it. This is triggered by the hdlphook driver reading invali...
PUBLISHED: 2021-04-15
Privilege Escalation vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.100 allows a local, low privileged, attacker to write to arbitrary controlled kernel addresses. This is achieved by launching applications, suspending them, modifying the memory and restarting ...