Bromium launches security-through-virtualisation tech in the UK
Xen dads' spookware uses VM swarms to isolate foulness
Bromium has arrived as a sales force in the UK market with its strategy for making desktop computers secure using virtualisation technology.
The firm, which already employs a R&D/engineering team in Cambridge, has now added sales and support operations for the UK and wider European market. It's also looking to recruit channel partners in a bid to ramp up sales.
Rather than attempting to detect malware or hacker attacks, Bromium is focusing on providing strong isolation on virtual machines, based on its vSentry software. vSentry is built on the Bromium Microvisor, a security-focused hypervisor designed to automatically isolate each vulnerable Microsoft Windows task in a micro-VM that is prevented from modifying Windows. The same technology restricts a micro-VM instance from accessing intranet resources or databases.
Whenever a task isolated within vSentry attempts to access files or interact with the user, the hardware interrupts execution and passes control to the Microvisor, which enforces task-specific policies. The same bouncer-style approach is applied when attempts are made to access networks, devices or the clipboard on a user's PC.
The whole approach is designed to tackle the problem of end-point security, according to Ian Pratt, co-founder and SVP of products at Bromium. Pratt contends that the "protection through isolation" approach allows scores of micro-VM instances to be run on a PC without causing a performance hit. A user's experience is the same even though every time a user opens a file or clicks on an email they start a new virtual machine. This virtual machine is thrown away as soon as an task is finished, so if a user opens a booby-trapped email or visits a dodgy website it doesn't matter.
"There's no persistent effect," Pratt told the Reg during a run-through of the technology.
This type of software seemingly defies comparison with anti-virus products, firewalls, intrusion detection and all the more common techniques of thwarting hacking and malware attacks. It's loosely comparable to thin-client computing, married to the greater flexibility of a fat client experience, tied together with management and some forensic capabilities.
All this is far more secure than ‘sandboxing’, according to Bromium.
vSentry from Bromium is currently available for Windows 7, Explorer and MS Office environments with other platforms in development. In addition, vSentry incorporates Live Attack Visualization and Analysis (LAVA), an analytics engine that allows Bromium to monitor and record attempted attacks within the quarantine offered by an isolated Micro-VM. Both vSentry and LAVA can be configured and managed through the Bromium Management Server.
A more detailed run-down of the virtualisation technology pulling the strings behind Bromium's technology can be found in an earlier report by Reg enterprise systems editor Timothy Prickett Morgan.
In independent tests ran by NSS Labs, Bromium vSentry isolated all attacks against desktop applications thrown against it, preventing them from compromising or altering the system, while incurring a total performance overhead of 9 per cent. The test includes drive-by exploits and embedded exploits in a PDF and custom malware.
This is impressive but it'd be both complacent and dangerous for Bromium developers to kick back and spark up a large cigar just yet. Any security depends on a machine being clean of rookits or other deep lying malware in the first place.
The technology, initially targeted at security-conscious enterprises, was originally developed for the intelligence community before the founders of Bromium decided to develop the technology commercially.
"We see this as a broad market," Pratt said, adding that the technology can run on any modern PC.
Bromium launched the products in North America last October. This week's launch in the UK will allow it to address the local market as well as branching out into continental Europe. The firm was founded by the techies who brought us the Xen open-source hypervisor at Cambridge University. They commercialized it as XenSource, and sold it for $500m to Citrix Systems in September 2007. ®
Sponsored: Today’s most dangerous security threats