What is Bromium Threat Analysis?
Bromium Threat Analysis is a centralized security application that works in conjunction with the protection and monitoring in Bromium Advanced Endpoint Security. Every Bromium-enabled endpoint forwards alerts and detailed forensic evidence to Bromium Threat Analysis, which then offers a precise and detailed view of malware behavior in real time, providing insight into an attack’s origins, techniques and targets. Bromium Threat Analysis delivers post-exploitation analysis and categorization of the complete attack cycle. Full samples of malware are provided for in-depth analysis by the security team, and signatures of unknown malware are generated in real time for use throughout the enterprise. Intelligence can be shared via standardized STIX/MAEC reports with partners and vendors, extending the benefits beyond the protected organization itself.
How It Works
Bromium Threat Analysis leverages Bromium’s unique ability to observe each micro-VM at the virtualization layer, in addition to activities on the host operating system. This introspection provides a perfect view of the attacker’s every move. It enables Bromium to detect attacks targeted at all vectors, including browsers, Java, Flash and documents, as well as malware that operates below the operating system, such as rootkits and bootkits. Because it operates outside the isolated micro-VM, Bromium Threat Analysis is immune to tampering or evasion by an attacker. Advanced visualization automatically connects the dots of complex attacks and categorizes malicious behavior, freeing up security team resources from routine security alert analysis tasks, so they can focus on more strategic projects. Bromium Threat Analysis’ introspection uncovers the most dangerous and difficult-to-detect rootkits and bootkits by monitoring the system at the hardware level of execution.
Why You Need It
Security organizations consume valuable time and resources reacting to routine attacks encountered in the course of doing business on the Web. Because of limited resources dedicated to analysis, it is often the case that the same attack will continuously be used to penetrate an organization. Bromium Threat Analysis automates a normally time-intensive process, enabling security teams to quickly identify previously unknown attacks from common malware and determine who within the organization is targeted. Armed with this information, enterprise security teams can respond to threats quickly and efficiently by updating existing security mechanisms, fortifying the defenses of specific attack targets and alerting the targets of the attack to be aware of the threat. This comprehensive, real-time view into all endpoint malware attacks is what separates Bromium from legacy products.