Invincea Lands Container Deal On Dell Commercial Laptops

A security technology company with roots in the Department of Defense is about to find its secure container approach widely available on millions of commercial Dell laptops this week.

Invincea announced that it will ship a customized version of its secure virtual containers software, using technology designed to make it difficult for attackers to gain access to the critical processes and data on an employee's PC, on Dell Data Protection Protected Workspace brand PCs. Through an OEM agreement with Dell, Invincea's software will be part of the standard image on Dell's entire line of PCs, including its Latitude and OptiPlex, as well as on the Dell Precision tablets and PCs.

The software will be available for a one-year free trial.

[Related: 15 Scenes From Dell Enterprise Forum ]

Invincea has roots with the Defense Advanced Research Projects Agency (DARPA). The company recently celebrated a review conducted by the National Security Agency as part of its pre-acquisition program for the Joint Chiefs of Staff.

The Fairfax, Va.-based company's technology wraps the browser and some popular applications in a secure container and is designed to make attacks such as Java-based exploits, banking Trojans and targeted attacks more difficult to break out onto a victim's PC and into the corporate network.

The OEM agreement marks the first large-scale deployment by an end-user OEM of Invincea's endpoint security technology. Invincea said the deal will ensure that its software is available on 20 million devices in the first 12 months and tens of millions more in subsequent years. The approach, which is being used by defense contractors, government agencies and companies in the financial industry, could not be more broadly adopted, said Anup Ghosh, founder and CEO at Invincea. The deal is important because all businesses large and small are being targeted by nation-state sponsored cybercriminals and attackers going after account credentials and other sensitive data, Ghosh said.

"We monitor all interaction between the application and the kernel, and if we see something abnormal, we basically flush the virtual container, collect all artifacts and bring back a clean environment, and meanwhile we've collected intelligence on who the adversary is," Ghosh said.

Invincea's security technology has caught the eye of industry observers because of its ability to encapsulate browsers and applications in a virtual container. Rather than detecting and defending, these technologies are blocking and sometimes tackling threats to help security teams determine their significance. But, industry analysts point out that no security is a panacea. A determined attacker could find a way to bypass the secure container, said Ken Baylor a research vice president at NSS Labs.

NEXT: Sandboxing And The Dell-Invincea Partnership

Network appliance vendors and software makers are employing the virtual application containers technology, called sandboxing, in various ways. Some use virtualization technology and hook into the microchip of PCs, such as security startup Bromium, others like Invincea hook into the OS layer to provide a layer of protection. NSS Labs' Baylor said the technology could help protect against zero-day exploits and more advanced malware used by nation-state driven, targeted attacks called advanced persistent threats (APTs).

"Even if this was the perfect thing you've ever wanted, the standard organization wouldn't use isolation technology alone," Baylor said. "This technology is potentially huge for large entities that would be targeted for an APT; they're definitely not at the point nor are most enterprise environments ready for deployment on a wide scale."

Invincea detects malicious activity by monitoring behavioral characteristics and actions during a session. All activity takes place in a segregated virtual environment. When malicious behavior is identified, Invincea halts the process, at which time an alert is provided to the user, and the session is restored in about 20 seconds.

Invincea is part of a strategy at Dell to make significant security improvements at the endpoint, said Brett Hansen, executive director of end user computing at Dell. The Invincea partnership is part of a broader announcement on encryption, authentication and malware prevention on Dell devices. Dell calls the Invincea software "Protected Workspace," and it will be part of the company's data protection solutions package.

"Dell believes that this is a more aggressive approach to the new malware threat," Hansen said. "We're giving it away for one year on all of our commercial devices, pre-bundled on all of our commercial devices."

While the Dell-Invincea partnership is seen as an improvement for endpoint protection, most businesses won't buy laptops based on security alone, said Jim Atherton, technician engineer, at Pittston, Pa.-based Computer Visionaries Inc., a Dell partner.

"Unfortunately security decisions typically come well after a laptop purchase is made for employees," Atherton said. "We'll try to talk about security and the consequences of [a customer's] decisions, but it's far too often that we see that deer-in-the-headlights look."

Simon Crosby, co-founder and chief technology officer of Bromium, said he believes the technology could potentially be a game changer, eliminating the need for signature-based antivirus technology, which has long been strained by the steady increase in malware and advanced techniques to bypass detection created by malware authors.

Like Invincea, which underwent almost a complete redesign to reduce its footprint and performance strain, Bromium is currently refining its container technology, Crosby said.

"Our approach is about hardware-enforced isolation," Crosby said. "We kill the malware when it runs, and to break through our container, you would also need to execute a single shot exploit that breaks through any vulnerability in our container and exploit the kernel all in one bullet."

PUBLISHED JUNE 25, 2013