Protection First Strategy: Application Isolation as the Last Line of Defense
- Endpoint security is a top priority for enterprise organizations and government agencies, but despite gains in detection-based tools, cybercriminals continue to find ways to bypass layered defenses
- Relying on detection-based solutions alone will not protect your systems and infrastructure from attacks
- New approaches, such as virtualization, can provide the desperately needed last line of defense for cyber security
In the age of digital warfare and cyber espionage, strengthening endpoint security is among the top priorities for enterprise organizations and government agencies. Despite considerable gains in anti-virus and other detection-based tools, all types of cybercriminals – from highly organized nation-state terrorists to individual homegrown hacktivists – continue to find ways to bypass layered defenses using clever social engineering, constantly evolving polymorphic malware, and advanced unconventional tactics.
The fact is: relying on detection-based solutions alone will not protect your systems and infrastructure from attacks any longer. If we’ve learned anything from nearly three decades of playing catch-up with cybercriminals, it’s the fact that for detection to be effective, there always must be a “patient zero” – someone’s network has to get successfully penetrated, malware installed and detonated, and endpoints owned. Only after the malware has spread and begins to infect a large number of hosts, does the organization sound an alarm; and software and security vendors race to identify a vulnerability, dissect the new threat, and create an antidote.
Don’t get me wrong – I am not suggesting that we throw out all existing tools and begin to redesign the cybersecurity infrastructure from scratch. Detection has served organizations well for many years, but we need to realize that its effectiveness is limited, and it will never be able to catch 100% of threats that lurk in the dark corners of computer networks just waiting for their chance to attack.
Even the best trained and most cautions employees cannot tell if the file they are clicking on is in fact malware in disguise, or if a legitimate program that they use daily has been hijacked to deliver a malicious payload. And why should they? Just 1% of slipped malware could potentially mean catastrophic losses, hundreds of hours of rebuilding and remediation work, and devastating negative impact on the public’s confidence in the security of corporate and government IT networks. In fact, most organizations spend hundreds of thousands each year in an attempt to stop the 1% of threats that bypass existing layered defenses.
Related Resource: Closing the 1% Gap white paper
If detection alone is not enough, can anything really be done to fully secure IT systems against constantly changing and evolving cyber threats? Absolutely! Virtualization – the same technology that enabled the cloud and many other advances in modern computing – can provide the desperately needed last line of defense for cyber security.
Virtualization-based security works by protecting endpoints against common threat vectors, especially the ones that haven’t been seen before and therefore are nearly impossible to detect, by hardware isolating any risky activity – like opening an email attachment or clicking on a link from an unknown source. Even if malware slips passed detection, it can still be successfully neutralized by being isolated and contained using hardware enforced disposable computing.
Application isolation treats every untrusted task – every email, every link, and every browser window – as potentially risky behavior that could be dangerous, and contains each task inside a micro-VM. For the user, the experience is completely transparent, but if malware is present, it is fully confined inside the micro-VM, preventing the threat from spreading and infecting the host and other endpoints, and keeping systems secure.
At Bromium, we call it “protection first” strategy. Our solutions are designed to act as the last line of defense and to work in conjunction with your existing security stack. Even if your cloud, network, and host-based detection tools fail to recognize and stop a threat, your users and computer systems remain protected with application isolation.
Now it’s okay if malware slips through the net of detection – let it run, study it, learn how it behaves, share this information with your security team, and be better equipped to deal with it in the future. Bromium customers, for instance, have seen success in reducing the amount of security events for investigation by sharing Bromium forensics data with their EDR solutions.
“Protection first” is rapidly becoming the preferred strategy of organizations and government agencies. Hundreds of customers rely on Bromium to secure their networks and assets, millions of virtual machines have been created and discarded, and not a single piece of malware has ever broken away from isolation.Want to learn more about Bromium and how application isolation can help secure your IT systems? Learn more about Bromium Secure Platform or request a demo.