Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


03:46 PM
Connect Directly

Startup Wraps User Tasks In Virtual Containers

Bromium announces micro-VM technology that protects the OS, network, from users' security missteps

A security startup co-founded by executives from Citrix, Xen.org, and Phoenix Technologies emerged from stealth today and shed light on its new technology that employs small virtualized containers to isolate malware and prevent it from infecting the underlying operating system or other members of the enterprise network.

The goal of these so-called "micro-VMs," created by startup Bromium, is to stop attacks in their tracks at the endpoint, going on the assumption that you can't prevent users from mistakenly clicking a malicious link or opening an infected document -- and that the bad guys are bypassing perimeter defenses, so they are already inside the user endpoint, either via the browser or email inbox, for example. The idea is to make the move to BYOD, cloud, and mobility simpler for security.

Gaurav Banga, co-founder and CEO of Bromium and former CTO and senior vice president of engineering at Phoenix Technologies, says the new security firm is applying virtualization specifically for security, and in a different way.

"We are taking the latest and greatest capabilities available to us in hardware and the lessons learned in first-generation virtualization, and what we're able to do is isolate an individual task," Banga says. So visiting a Web page or opening an email attachment each would be sealed in its own micro-VM, a self-contained module that self-destructs, along with the malware, when the user goes to his or her next task, he says, and it's all invisible to the user.

[ It's more about containment now, not stopping the attacker. Relying solely on perimeter defenses is now passe -- and naively dangerous. See Damage Mitigation As The New Defense. ]

Security via virtualization isn't new. Invincea, for example, places the browser, email attachments, and PDF files in a virtual environment in order to protect the underlying system from infection: It separates the browser, attachment, and PDF from the desktop operating system in a sandbox-type setup.

Organizations increasingly are looking at virtualization as a security tool, aside from just a data center optimization strategy. Steve Durbin, global executive vice president of the U.K.-based Information Security Forum, a global nonprofit whose members include Procter & Gamble, IBM, Swisscom, and Nokia, says its members are interested in how to use virtualization technology for security purposes. "Virtualization is something our members have been looking at very keenly because it's about trying to maintain integrity in the access route. If you can virtualize, you come remove some of the user-related issues ... and access the data and protect it," Durbin says.

Bromium's Microvisor detects potentially vulnerable tasks and places them in hardware-isolated micro-VMs, which Banga describes as lightweight and invisible to the user. "The most common way to program Bromium is to say, 'Here are a bunch of applications that are safe to run because I built them and I know who the vendor is,'" Banga says. "Anything that's unknown, any piece of code, JavaScript, PDF," etc., is automatically placed into a micro-VM container while that task is under way.

"We effectively have cells that are micro-VMs based on Intel VT [technology]. You can have hundreds of micro-VMs to isolate individual vendor's tasks and the user would not see any of it" or experience any performance trade-offs, he says.

Unlike sandboxing, the technology protects the operating system as well. "A sandbox is trying to create a little Windows inside a big Windows, and the little Windows has to be compatible and more secure. That's an oxymoron ... sandboxing struggles with that," Banga says. "We do hardware isolation, and we don't care what's running in the OS."

Bromium's mantra is that its micro-virtualization approach makes PCs and mobile devices "trustworthy by design" because it automatically blocks and kills malware. Its products remain in beta for now, mostly among financial services, government agencies, and pharmaceutical companies.

Banga says Bromium focuses on allowing the user to do his or her work with a mobile device while also reducing the attack surface. "It ultimately comes down to how to build a robust system against human mistakes," he says.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Cybersecurity Industry: It's Time to Stop the Victim Blame Game
Jessica Smith, Senior Vice President, The Crypsis Group,  2/25/2020
Google Adds More Security Features Via Chronicle Division
Robert Lemos, Contributing Writer,  2/25/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-02-27
In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the LTE RRC dissector could leak memory. This was addressed in epan/dissectors/packet-lte-rrc.c by adjusting certain append operations.
PUBLISHED: 2020-02-27
openssl_x509_check_host in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values.
PUBLISHED: 2020-02-27
openssl_x509_check_email in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values.
PUBLISHED: 2020-02-27
openssl_x509_check_ip_asc in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values.
PUBLISHED: 2020-02-27
Type confusion in V8 in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.