LAVA

 

 

Live Attack Visualization & Analysis

LAVA is a centralized security application that works in conjunction with Bromium’s vSentry software installed at endpoints throughout the organization. LAVA gathers information from each vSentry endpoint - even mobile laptops not connected to the corporate network - then provides real-time analysis of each complete, hardware-isolated malware attack cycle that occurs. The graphical representation delivers immediate, actionable security intelligence on every corporate endpoint, enabling enterprise security teams to safely analyze threats.

What is LAVA?

Bromium LAVA offers an unrivaled, precise and detailed view of malware behavior in real-time. The Live Attack Visualization and Analysis (LAVA) engine provides insight into an attack’s origin, techniques and targets. Every Bromium-enabled endpoint uses micro-virtualization to contain each individual threat vector (website or document). This granular isolation makes it easy for LAVA to notify SOC teams of any abnormal behavior without false alarms. Bromium safely allows malware to fully execute within a hardware-isolated virtual container. This enables LAVA post-exploitation analysis of the complete attack cycle, establishing a full malware attack chain.

How does it work?

The Bromium Microvisor enables LAVA to observe each micro-VM at the virtualization layer, from the outside-in. This introspection provides a perfect view of the attacker’s every move. It enables vSentry to detect attacks targeted at all vectors, including browsers, Java, Flash, and documents, including malware that operates below the operating system, such as rootkits and bootkits. Because it operates outside the isolated micro-VM, LAVA is immune to tampering or avoidance by an attacker. Advanced visualization automatically “connects the dots” of complex attacks, thereby freeing up security team resources and time needed for more strategic projects than routine security alert analysis. LAVA introspection exposes the most dangerous and hard to detect rootkits and bootkits by monitoring the system at the hardware level of execution.

LAVA trace

Why is it better?

Security organizations consume valuable time and resources reacting to routine attacks encountered in the course of doing business on the web. Because of limited resources dedicated to analysis, it is often the case that the same attack will continuously be used to penetrate an organization. LAVA automates a normally time-intensive process, enabling security teams to quickly identify previously unknown attacks from common malware and determine who within the organization is being targeted. Armed with this information, enterprise security teams can respond to threats quickly and efficiently by updating existing security mechanisms, fortifying the defenses of specific attack targets and alerting the targets of the attack to be aware of the threat. This comprehensive, real-time view into all endpoint malware attacks is what separates LAVA from other legacy products.

Live Attack Visualization and Analysis

Bromium LAVA offers an unrivaled, precise and detailed view of an attacker’s behavior in real-time. The Live Attack Visualization and Analysis (LAVA) engine provides actionable strategic intelligence on an attack’s origin, techniques and targets.

Every Bromium enabled endpoint uses microvirtualization to contain each individual threat vector (website or document). This granular isolation makes it easy for the LAVA analysis engine to identify any abnormal behavior without false alarms.

Bromium safely allows malware to fully execute within a hardware isolated virtual container enabling LAVA post exploitation analysis of the complete attack cycle and establishing a full malware kill-chain.

The Bromium Microvisor enables LAVA to observe each micro-VM at the virtualization layer, from the outside-in. This introspection provides a perfect view of the attacker’s every move, and enables vSentry to detect attacks targeted below the operating system, such as rootkits and bootkits and is immune to tampering or avoidance by an attacker.

Advanced visualization automatically “connects the dots” of complex attacks thereby freeing up security team resources and time needed for endeavors more strategic than routine security alert analysis.

Armed with this information, enterprise security teams can respond to threats quickly and efficiently by updating existing security mechanisms, fortifying the defenses of specific attack targets and alerting the targets of the attack to be aware of the threat.

Deliver Strategic Intelligence to Transform your Security Operations

  • Security organizations spend most of their time reacting to routine, tactical “background” attacks encountered in the normal course of doing business on the web.
  • LAVA enables you to quickly identify “unknown” attacks from common malware and determine who within the organization is being targeted.
  • This level of strategic insight allows the organization to immediately implement broader policies to counter malicious activity even if it moves outside of the purely technical arena

Enhance your existing security infrastructure

  • LAVA delivers accurate and timely information on attacks in forms that can be used by existing infrastructure components to raise the overall effectiveness of an organizations “defense in depth”.
  • Automatically export security incidents to the most popular SIEM systems to deliver a new level of visibility.

Empower your security staff

  • Advanced visualization techniques enable security personnel to understand complex attacks in minutes rather than the hours or days required with traditional forensic tools.
  • Pinpoint and document malware designed specifically to evade automated or virtualized honeypots and detection appliances.

Gain a holistic view of malware behavior

  • LAVA introspection exposes the most dangerous and hard to detect rootkits and bootkits by monitoring the system at the hardware level of execution.
  • Security analytics deployed within and controlled by the Bromium microvisor ensure that malware can’t disable or evade detection as is common with other forms of detection.

Extend LAVA value across the enterprise wide with Bromium Management Server (BMS)

  • The included Bromium Management Server (BMS) provides centralized alert aggregation and correlation.
  • Centralized web based analysis portal for all events generated throughout the enterprise.

Ensure high Performance with industry standard hardware

  • BMS runs on a physical or virtual Windows Server 2008R2 with support for up to 10,000 endpoints.
  • Bromium vSentry and LAVA agents install on existing desktops and laptops enabling you to avoid purchasing new hardware.