Bromium, a startup led by the co-founders of the Xen open-source project, claims to have come up with a way to keep PCs secure outside the corporate firewall -- no matter how recklessly their users behave.
Bromium's first product is still in beta, but co-founder Simon Crosby, former data center and virtualization CTO at Citrix, ushered the startup out of stealth mode Wednesday at the GigaOm Structure conference in San Francisco. Crosby announced the launch of Bromium at the same event last year.
Through the use of Intel hardware assisted virtualization, Bromium's technology isolates operating system tasks before they're executed and hands them over to a piece of software called a "microvisor," which examines requests to ensure they're not malicious.
"At that point, we have an opportunity to insert new control to perfectly implement the principle of least privilege," Crosby said in an interview earlier this week. "The system is naturally trustworthy and naturally cleans itself of any malware. This happens through the application of virtualization as an isolation boundary."
Bromium's microvisor -- actually a specially designed hypervisor -- is late loading, which means it does not have to be provisioned on the hardware before the desktop OS, according to Crosby. This, he said, helps it function unobtrusively.
"We use virtualization technology behind the user's back. It works automatically, on the fly, whenever the user does anything risky or vulnerable," Crosby said. "With this, we can deliver a desktop that runs at native performance but is resilient to any attacks."
Native performance is a key selling point for Bromium, because this is usually what suffers when IT tries to balance the user experience of virtual desktops with the need to protect the enterprise. Instead of focusing on virtual machines and hypervisors, Bromium is all about end users and devices, Crosby said.
"We have developed something that is mind-blowingly cool. This is a complete inversion of the traditional approach to security, patching and lifecycle management, and desktop virtualization," said Crosby.
Another important point, Crosby said, is that desktops remain secure no matter what the user does in the virtual container that Bromium creates. "In the container, you only see the state of the network and devices we choose to show you," he said. "We don't trust the browser when accessing anything outside the enterprise -- we don’t trust attachments or any document in general."
Bromium has no timeframe for releasing its first product, and Crosby said plans are to only release it "when it's awesome."
Bromium on Wednesday announced a Series B round of VC funding, led by Highland Capital, of $26.5 million.
Bromium's other co-founders Ian Pratt, chairman of Xen.org and former vice president of advanced products in Citrix's Virtualization and Management Division; and Gaurav Banga, former CTO and senior vice president of engineering at Phoenix Technologies.