Breachless Threat Intelligence: A Pain-Free Approach to CyberSecurity

Blog Breachless Threat Intelligence: A Pain-Free Approach to CyberSecurity

Breachless reports reveal the unexpected.

July 17, 2017 Category: Innovation By: Michael Rosen Comments: 0

Breachless Threat Intelligence: A Pain-Free Approach to CyberSecurity

  • Enterprises need a steady stream of actionable, timely, and accurate threat intelligence on targeted malicious intrusions and attempts into their networks
  • They need this information without suffering breaches and cannot rely solely on post-compromise forensics or sandbox simulations to continuously tighten and adapt their defenses
  • Pre-breach targeted intelligence eludes most organizations today, even among security leaders

Breachless Reports Mean Actionable Threat Intelligence without the Pain

When striving for high-fidelity targeted threat intelligence, organizations traditionally have relied on two alternatives, both suboptimal: they take actual forensic evidence from previously compromised machines—which leaves them “playing from behind” and always cleaning up digital messes—or they use sandboxing technology with user emulation to approximate what threats might do on a generic representation of an actual user device. Neither approach utilizes real malware running on real production PCs with real users at the helm performing all of the daily acts of modern business. Bromium does all of this through micro-virtualization on the endpoint, and this is what makes the Bromium solution fundamentally different and unique to anything else in the security space today.

Read: Disposable Computing is the Essence of Bromium’s Micro-Virtualization

Sand in Your Gears?

Sandboxing promises threat intelligence on advanced and targeted attacks by exercising malware inside of artificial, instrumented environments. High-volume network sandboxes run dozens or hundreds of potentially malicious samples in parallel and then make risk-based analysis decisions on whether to alert and allow/block subsequent instances of the sample. Sandboxes are commodities today—nearly every detection-based security vendor has one—but the problem hasn’t gone away, it’s steadily gotten worse! With up to 97% of malware unique to a single endpoint, sandboxing is a can’t-win proposition.

Inherent problems with sandboxing include:

  • It emulates a desktop and simulates a user, rather than actual behavior on a real endpoint
  • Desktop sandboxing sits above the kernel and is vulnerable to kernel-level exploits and escapes
  • Many sandboxes do not prevent patient-zero infection by design, just block subsequent instances
  • Sandboxes typically run for a mere 60 seconds or so, not long enough to generate meaningful results

Got the Post-Breach Blues?

Until now, the most accurate and relevant enterprise threat intelligence came from direct forensic analysis of actual breaches suffered within the organization. Problems with this backward-looking approach include:

  • You got breached – this is painful!
  • You now have a mess to clean up – this costs time and money!
  • The infection may not be confined to a single machine – the problem may be much larger!

Why Not Go Breachless?

What if you could have the best of both worlds? Imagine a complete forensic trace of malicious activity run on an actual endpoint and exercised by a real user, combined with full kill-chain analysis, all with no breach to investigate, contain, or remediate. Breachless threat feeds have many benefits, including:

  • No guesswork – isolation does not rely on risk assessment, detection, or blocking
  • No breach – isolation contains the threat and eliminates it
  • No spread – isolation prevents lateral movement
  • No cleanup – malware is destroyed and gone forever every time their micro-VMs are closed

Breachless Response

Since Bromium-isolated devices self-remediate, there is nothing for security teams to do when malware is discovered running on these endpoints—it simply goes away by itself! Bromium intelligence from threat feeds, however, can also be used to help analysts and responders to identify pre-existing intrusions or remediate non-isolated devices such as older PCs, Macs, servers, and IoT devices, or to lessen their combined attack surfaces proactively as well.

Find out: Cybersecurity Alert – How to Close the 1% Gap that Costs You Millions!

Toward a Breachless Future

Detection will never be 100% effective—it’s mathematically impossible—and clever attackers will always find new ways around your defenses. Until all enterprise devices can isolate threats, analyze malicious activity, and self-remediate, why not take the first step and lock down the largest attack vector today, your Windows PCs? With all of the benefits and none of the pain, breachless threat intelligence is the wave of the future. Elevate your threat intelligence and go breachless today!


Enter your email address to receive notifications.

About the Author

Michael Rosen

Michael Rosen
Sr. Product Manager, Threat Intelligence and Technical Marketing

Recent Posts

2017-07-17T03:07:58+00:00July 17th, 2017|Innovation|

Leave a Reply

See Bromium in Action

Put an end to malware and attacks once and for all. Request a demo of the Bromium Secure Platform to learn how Bromium uses virtualization-based security to isolate applications and stop threats. Complete the form to request a demo.

Thank you! The information has been submitted successfully.

By continuing to use the site, you agree to the use of cookies. More information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.