Network appliance vendors and software makers are employing the virtual application containers technology, called sandboxing, in various ways. Some use virtualization technology and hook into the microchip of PCs, such as security startup Bromium, others like Invincea hook into the OS layer to provide a layer of protection. NSS Labs' Baylor said the technology could help protect against zero-day exploits and more advanced malware used by nation-state driven, targeted attacks called advanced persistent threats (APTs).
"Even if this was the perfect thing you've ever wanted, the standard organization wouldn't use isolation technology alone," Baylor said. "This technology is potentially huge for large entities that would be targeted for an APT; they're definitely not at the point nor are most enterprise environments ready for deployment on a wide scale."
Invincea detects malicious activity by monitoring behavioral characteristics and actions during a session. All activity takes place in a segregated virtual environment. When malicious behavior is identified, Invincea halts the process, at which time an alert is provided to the user, and the session is restored in about 20 seconds.
Invincea is part of a strategy at Dell to make significant security improvements at the endpoint, said Brett Hansen, executive director of end user computing at Dell. The Invincea partnership is part of a broader announcement on encryption, authentication and malware prevention on Dell devices. Dell calls the Invincea software "Protected Workspace," and it will be part of the company's data protection solutions package.
"Dell believes that this is a more aggressive approach to the new malware threat," Hansen said. "We're giving it away for one year on all of our commercial devices, pre-bundled on all of our commercial devices."
While the Dell-Invincea partnership is seen as an improvement for endpoint protection, most businesses won't buy laptops based on security alone, said Jim Atherton, technician engineer, at Pittston, Pa.-based Computer Visionaries Inc., a Dell partner.
"Unfortunately security decisions typically come well after a laptop purchase is made for employees," Atherton said. "We'll try to talk about security and the consequences of [a customer's] decisions, but it's far too often that we see that deer-in-the-headlights look."
Simon Crosby, co-founder and chief technology officer of Bromium, said he believes the technology could potentially be a game changer, eliminating the need for signature-based antivirus technology, which has long been strained by the steady increase in malware and advanced techniques to bypass detection created by malware authors.
Like Invincea, which underwent almost a complete redesign to reduce its footprint and performance strain, Bromium is currently refining its container technology, Crosby said.
"Our approach is about hardware-enforced isolation," Crosby said. "We kill the malware when it runs, and to break through our container, you would also need to execute a single shot exploit that breaks through any vulnerability in our container and exploit the kernel all in one bullet."
PUBLISHED JUNE 25, 2013