Enterprises today are experiencing a crisis of confidence in their traditional security technologies and strategies. Rapid adoption of business-enabling trends like mobility, the cloud, and consumerization of applications coupled with the unceasing onslaught of advanced, evasive cyber attacks are pushing the limits of current antivirus and detection-based solutions.
The old-school method of spending and layering increasing detection-based solutions has resulted in IT allocating resources to monitoring false positives while simultaneously remediating machines infected by unknown threats.
Bromium micro-virtualization technology uses the Bromium Microvisor, a purpose-built, Xen-based, security-focused hypervisor, in conjunction with the VT features built into Intel®, AMD® and other CPUs to create hardware-isolated micro-VMs for each task a user performs on information originating from unknown sources. These hardware-isolated micro-VMs provide a secure environment where user tasks are isolated from one another, the protected system and the network to which it is attached.
A task comprises all computation — both within an application and within the kernel — that is required to complete a particular user-initiated activity. For example, opening a single Web-browser tab or a PDF document is considered an individual task. Bromium applies the principle of least privilege to each task, granting access to only the specific resources — files, network services, the clipboard, interaction with the user, devices or network shares — that are needed to complete the particular task.
This task-based isolation protects the system from any attempted changes or theft of information made by an attacker. For example, it provides the granularity required to protect against modern attacks like man-in-the-browser. This type of attack can compromise the entire Web browser, gain access to system resources and steal information from unsuspecting users. The same attack if targeted against a Bromium user would only see the very limited set of resources necessary to perform the task on the specific Web-browser tab. Valuable data, networks and devices are not accessible. When the user closes the task, the micro-VM is simply discarded — with all malware it may have contained.
Task introspection provides a comprehensive view of tasks running within a micro-VM from the perspective of the Bromium Microvisor, from the outside in. This viewpoint provides a perfect view of the attacker’s every move and enables Bromium to detect attacks targeted below the operating system, such as rootkits and bootkits. Task introspection ensures that observation and recording of attacks is immune to avoidance by an attacker.
Bromium safely allows malware to fully execute within a hardware-isolated virtual container, enabling post-exploitation analysis of the complete attack cycle and establishing a full malware kill chain. Comprehensive information on the vector, target and methods used by the attacker and full details of the attack are preserved, including network traffic, file signatures and all changes that malware attempted to make to the operating system or file system. Memory exploits, execution of new tasks, attempts to download and save files, attempts by malware to connect to external command-and-control systems, and much more information are available in real time.
Advanced visualization and categorization automatically connects the dots of complex attacks and categorizes the malicious behavior detected, thereby freeing up security team resources and time needed for endeavors more strategic than routine security alert analysis. Armed with this information, enterprise security teams can respond to threats quickly and efficiently by updating existing security mechanisms, fortifying the defenses of specific attack targets and alerting the targets of the attack to be aware of the threat.
Why business choose Bromium
We protect your data, your people and your brand.
No malware escape has ever been reported by Bromium customers.
Unlike most security technologies that rely on detect-to-protect methods, Bromium stops threats with virtualization-based security.
Our Sensor Network, for Endpoint Detection and Response (EDR), and patented isolation technology, work together to deliver high-fidelity alerts based on full kill chain analysis.
Information is correlated with all hosts to accelerate a network-wide response.
amper-proof introspection of protected hosts included.
Defeat Cyber Attacks
We isolate and remediate new threats as soon as the micro-VM is closed.
Unauthorized file transfer
Streamline IT and Reduce Cost
We incorporate threat intel machine learning into each endpoint resulting in a low volume of high fidelity alerts and no infrastructure requirements for alert processing and storage.
High volume of alerts
We isolate all threat vectors so that users are protected so vulnerabilities cannot infect the host.
Real-Time Intelligent and Remediation
Our adaptive intelligence identifies and stops evasive attacks with real-time threat sharing across the network and full kill chain analysis and remote kill.