You are here

Live Attack Visualization and Analysis (LAVA)

Bromium LAVA is a centralized security application that works in conjunction with Bromium vSentry, which is installed on endpoints in the organization. LAVA visualization delivers immediate, actionable intelligence on attacks, enabling security teams to quickly analyze and respond to threats.

What is LAVA?


LAVA offers a precise and detailed view of malware behavior in real time. LAVA runs on the Bromium Management Server (BMS) and provides insight into an attack’s origins, techniques and targets. Every Bromium-enabled endpoint forwards alerts and detailed forensic evidence to LAVA. LAVA delivers post-exploitation analysis and categorization of the complete attack cycle. Full samples of malware are provided for in-depth analysis by the security team, and signatures of unknown malware are generated in real time for use throughout the enterprise. Intelligence can be shared via standardized STIX/MAEC reports with partners and vendors, extending the benefits of LAVA beyond the protected organization itself.

How it works

The Bromium Microvisor enables LAVA to observe each micro-VM at the virtualization layer. This introspection provides a perfect view of the attacker’s every move. It enables vSentry to detect attacks targeted at all vectors, including browsers, Java, Flash, and documents, including malware that operates below the operating system, such as rootkits and bootkits. Because it operates outside the isolated micro-VM, LAVA is immune to tampering or evasion by an attacker. Advanced visualization automatically “connects the dots” of complex attacks and categorizes malicious behavior, freeing up security team resources from routine security alert analysis tasks, so they can focus on more strategic projects. LAVA introspection uncovers the most dangerous and difficult-to-detect rootkits and bootkits by monitoring the system at the hardware level of execution.

Why you need it

Security organizations consume valuable time and resources reacting to routine attacks encountered in the course of doing business on the web. Because of limited resources dedicated to analysis, it is often the case that the same attack will continuously be used to penetrate an organization. LAVA automates a normally time-intensive process, enabling security teams to quickly identify previously unknown attacks from common malware and determine who within the organization is targeted. Armed with this information, enterprise security teams can respond to threats quickly and efficiently by updating existing security mechanisms, fortifying the defenses of specific attack targets and alerting the targets of the attack to be aware of the threat. This comprehensive, real-time view into all endpoint malware attacks is what separates LAVA from legacy products.