vSentry

 

 

Re-Inventing Enterprise Endpoint Security

vSentry is innovative software that hardware-isolates and defeats advanced targeted attacks, protecting endpoints and empowering users to safely leverage the Internet regardless of where they are working.

What is vSentry?

Bromium vSentry is software that is transforming endpoint security with a revolutionary new architecture focusing on protection through hardware enforced isolation to defeat advanced attacks targeting the endpoint through web, email and documents. vSentry protects desktops without requiring signatures or updates, defeating and automatically discarding malware, and reducing the need for costly remediation. vSentry empowers users to access whatever information they need from any network, application or website, without risk to the enterprise and is completely transparent to the end user, preserving their productivity, mobility and user experience.

How does it work?

vSentry is built on the Bromium Microvisor – a Xen-based, security-focused hypervisor designed to automatically and invisibly hardware-isolate each vulnerable or untrusted user task.  This includes browsing to a web site, opening a document, or viewing media in a micro-VM. Malware entering a micro-VM cannot modify the operating system or gain access to enterprise data or network infrastructure. Whenever a vSentry-isolated task attempts to access files, networks, devices, the clipboard, or interact with the user, the hardware interrupts execution and passes control to the Microvisor, which applies task-specific policies on a strictly “need-to-know” basis.

Why is it better?

Traditional security solutions rely on detection and often fail to block targeted attacks that use unknown “zero day” exploits or other APT strategies. Bromium uses hardware-enforced isolation (leveraging Intel VT technology) to stop previously undetectable attacks without disrupting the user experience. Now organizations can confidently embrace today’s computing trends - such as workforce mobility, personal use of enterprise devices, cloud-based applications, and desktop virtualization - while remaining compliant and secure. vSentry also makes it safe to use Java and Adobe, the most frequently attacked software. The value of vSentry was validated in test results from NSS Labs, which showed that vSentry successfully protected against all advanced targeted attacks.

The Bromium Management Server collects events from all vSentry enabled systems

A powerful new approach to security

Bromium vSentry transforms enterprise protection with a revolutionary new architecture that isolates and defeats advanced threats targeting the endpoint through the web, email, documents and other key attack vectors. 

vSentry protects desktops without requiring signatures or updates, defeating and automatically discarding all known and unknown malware, and reducing the need for costly remediation.

vSentry empowers users to access whatever information they need from any network, application or website, without risk to the enterprise and is completely transparent to the end user, preserving their productivity, mobility and user experience.

Secure by design

Traditional security solutions rely on detection and often fail to block targeted attacks and zero-day exploits. Bromium vSentry uses hardware enforced isolation to stop new, previously unknown attacks originating from untrusted sources without disrupting the user.

vSentry is built on the Bromium Microvisor – a security-focused hypervisor based on Xen that automatically hardware-isolates each vulnerable user task in a micro-VM. Malware entering the micro-VM cannot modify the operating system or gain access to enterprise data or network infrastructure.

Whenever a task isolated with vSentry attempts to access files, networks, devices, the clipboard, or interact with the user, the hardware interrupts execution and passes control to the Microvisor, which enforces task specific policies on a strictly “need-to-know” basis.

Empower users to adopt the latest computing trends

Now organizations can confidently embrace today’s computing trends, such as workforce mobility, personal use of enterprise devices, cloud-based applications, or desktop virtualization, all while remaining compliant and secure. It also enables the safe use of JAVA and Adobe, the most frequently attacked software.

Protects against zero day attacks and APTs

  • Hardware enforced isolation protects against known and unknown attacks without the need for signatures or updates.

Enables the safe use of Java

  • Legacy versions of Java can be used without risk of compromise to the protected system.

Enables safe document collaboration

  • Unknown of untrusted documents can be edited and exchanged with external or internal collaborators without risk of compromise.

Protects key attack vectors

  • Protects against attacks originating from the web, e-mail attachments, USB drives and network shares.

Protects mobile and roaming Users

  • Installation on the endpoint delivers protection at the point of attack, on or off the corporate network or when offline entirely.

Protects unpatched endpoints

  • Defeats attacks against unpatched or vulnerable software eliminating the need for emergency security patching which maximizes productivity and minimizes support costs.

Reduces malware remediation costs

  • Automatically discards malware without intervention by the user or IT saving time and money.

Protects legacy and virtual desktops

  •  vSentry protects physical and virtual VDI infrastructure by leveraging hardware isolation. 

Protects high value cloud applications

  • Ensures valuable cloud based applications are isolated from attacks by compromised endpoints.

  High Performance with today’s industry standard hardware

  • Supports hundreds of concurrent user tasks on standard hardware platforms. MicroVMs are created and destroyed with the click of a mouse and are not perceptible to the end user.
  • Installs on existing desktops and laptops enabling you to avoid purchasing new hardware. vSentry works seamlessly with existing patching, monitoring and backup products.

Simple management

  • vSentry can be deployed and maintained with existing software distribution systems including Microsoft SCCM.
  • Supports Microsoft Group Policy Preferences to centrally manage Bromium software deployed across the enterprise. Policy settings can be enforced centrally.
  • The included Bromium Management Server (BMS) enables centralized policy management and control for organizations desiring an alternative to Microsoft Active Directory management.  BMS runs on Windows Server 2008 R2 and supports physical or virtual deployments.

Hardware requirements

  • Intel i3, i5, i7 processor
  • 4 GB RAM