How to Use Bromium Application Isolation to Secure Microsoft Edge Downloads

Blog How to Use Bromium Application Isolation to Secure Microsoft Edge Downloads

Edge as Ingress Application for Bromium

February 5, 2018 Category: Innovation By: Michael Rosen Comments: 0

How to Use Bromium Application Isolation to Secure Microsoft Edge Downloads

  • Microsoft Edge browser does not isolate web file downloads
  • Learn how to use Bromium to isolate your Microsoft Edge web file downloads
  • Bromium works with all Microsoft virtualization-based security (VBS) technologies

Microsoft jumps on the application isolation bandwagon.

In December 2017, Bromium welcomed the arrival of the Windows Defender Application Guard (WDAG) for Microsoft Edge, Microsoft’s long-awaited entry into application isolation.

While acknowledging significant benefits for security-conscious Windows 10 Enterprise users, WDAG does not allow any file downloads during untrusted (isolated) browsing. Microsoft’s focus is to secure Edge against browser exploits and file-less malware, thus preventing any files from entering through the browser and coming down to the host PC.

However, most employees need access to web downloads to do their jobs, at least occasionally. And those downloads must be safe, both initially and on each subsequent file access, even when off the network.

Read: Browser Isolation with Microsoft Windows Defender Application Guard (WDAG): What It Does, How It Works and What It Means

Edge does allow file downloads during trusted (non-isolated) host browsing, even though those downloads might be malicious. Microsoft relies on detection for download security—typically a quick scan by Windows Defender on the desktop—before allowing the user to access the file or quarantining it.

We’ve even seen ransomware run to conclusion and encrypt all the victim’s files before Windows Defender “detects” the outbound communication with the remote command and control server and quarantines the file. Yes, the malware was detected—eventually—but the PC still got owned.

How to secure Microsoft Edge downloads with Bromium.

Bromium’s approach is fundamentally different, relying on application isolation instead of detection:

  • Designate Microsoft Edge as an “ingress application.”
  • Every file download originating through the Edge browser during trusted browsing will be marked as “untrusted” when it is saved onto the host.
  • Every time the user opens any of these file downloads, it opens inside an isolated, disposable micro-VMs run by Bromium Secure Files.
  • This protection also extends to files that are emailed between Bromium users.
Designate Microsoft Edge as Ingress Application for Bromium

Designating Microsoft Edge as a Bromium “Ingress Application” marks all files downloaded through the Edge browser as untrusted so they will open in isolated micro-VMs

 

Video: Easily Isolate Downloads and Executables So Threats Can’t Escape

Bromium hardware-isolates each supported file from the host operating system and from all other user tasks while it runs in its designated application—Word, Excel, PowerPoint, Adobe Reader, Media Player, Notepad, etc.

With a wide-ranging native support for the most common application attack vectors—plus legacy and custom application support through Bromium Secure App Extensions—Bromium isolation picks up directly where Edge browser isolation leaves off.

So, go ahead and let your users safely download, save, and use original files using Edge. Bromium’s got you covered, even if Microsoft doesn’t.

 

 

Subscribe

Enter your email address to receive notifications.

About the Author

Michael Rosen

Michael Rosen
Sr. Product Manager, Threat Intelligence and Technical Marketing

Recent Posts

Categories
2018-02-05T07:40:16+00:00February 5th, 2018|Innovation|

Leave a Reply

See Bromium in Action

Put an end to malware and attacks once and for all. Request a demo of the Bromium Secure Platform to learn how Bromium uses virtualization-based security to isolate applications and stop threats. Complete the form to request a demo.

Thank you! The information has been submitted successfully.
Share
Tweet
Share

By continuing to use the site, you agree to the use of cookies. More information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close