Bromium, a startup that secures desktops and devices through hardware-assisted virtualization, is beefing up its flagship vSentry offering to make it ready for use in enterprise environments.
In vSentry 1.1, unveiled Tuesday, Bromium is adding a new feature called LAVA (Live Attack Visualization and Analysis), which tracks malicious activity taking place on networks and responds to it in realtime.
LAVA, which has been in beta since Bromium came out of stealth mode in June, can automatically conduct malware forensics during an attack and generate signatures on the fly, making it ideal for use in networks with large numbers of endpoints, Bromium co-founder Simon Crosby, former data center and virtualization CTO at Citrix Systems, said in an interview.
Here's how it works: Bromium's architecture relies on Intel VT hardware virtualization to isolate every single system task prior to executing it -- such as clicking on a URL to open a new document -- to ensure that it's not infected with malware.
Through this "extremely granular isolation," and an implementation adhering to the concept of least privilege, Bromium can ensure that users won't get infected even if they're careless or fall prey to social engineering tactics, Crosby said.
With LAVA, Bromium is taking this a step further by preventing malware without needing to detect it first, which is different from the way typical antimalware software works. LAVA handles this through sophisticated analytics, and the data it gathers can be funneled into security incident and event management systems (SIEMS) as well as products like McAfee ePolicy Orchestrator and Symantec Endpoint Protection.
Another new addition is the Bromium Management Server (BMS), a web-based dashboard for policy management and correlation of attack data.
"LAVA gives us all the insight that would usually be achieved through painful reconstruction by security experts, over a period of days, to understand what the malware is doing," Crosby told CRN, adding that LAVA so far has not generated a single false positive.
Simon Bramfitt, founder and research director at Entelechy Associates, a Concord, Calif.-based virtualization consultancy, says Bromium's entry to the antimalware market could be "truly game-changing" because it provides a much higher degree of protection than previous products.
"Bromium effectively eliminates the threat posed by zero-day exploits while greatly simplifying the process of analysing malware in situ," Bramfitt said in an email.
In vSentry 1.1, Bromium is extending its security to virtual desktops for the first time, as well as to legacy PCs that do not have Intel hardware-assisted virtualization, according to Crosby. In the first quarter of next year, Bromium expects to roll out an alpha version of vSentry for Macs, he said.
Crosby said Bromium currently has customers deploying the technology but acknowledges it may take some time for organizations to grasp the benefits vSentry offers. He also wants to steer clear of selling products based on fear, an issue he believes is problematic in the security industry because it confuses customers.
"I don't think we'll get to the point where customers will say this thing saved us for a very long time," Crosby said.
PUBLISHED DEC. 11, 2012