You are here

LAVA Overview

 

 

Live Attack Visualization & Analysis

LAVA is a centralized security application that works in conjunction with Bromium’s vSentry software installed at endpoints throughout the organization. LAVA gathers information from each vSentry endpoint - even mobile laptops not connected to the corporate network - then provides real-time analysis of each complete, hardware-isolated malware attack cycle that occurs. The graphical representation delivers immediate, actionable security intelligence on every corporate endpoint, enabling enterprise security teams to safely analyze threats.

What is LAVA?

Bromium LAVA offers an unrivaled, precise and detailed view of malware behavior in real-time. The Live Attack Visualization and Analysis (LAVA) engine provides insight into an attack’s origin, techniques and targets. Every Bromium-enabled endpoint uses micro-virtualization to contain each individual threat vector (website or document). This granular isolation makes it easy for LAVA to notify SOC teams of any abnormal behavior without false alarms. Bromium safely allows malware to fully execute within a hardware-isolated virtual container. This enables LAVA post-exploitation analysis of the complete attack cycle, establishing a full malware attack chain.

How does it work?

The Bromium Microvisor enables LAVA to observe each micro-VM at the virtualization layer, from the outside-in. This introspection provides a perfect view of the attacker’s every move. It enables vSentry to detect attacks targeted at all vectors, including browsers, Java, Flash, and documents, including malware that operates below the operating system, such as rootkits and bootkits. Because it operates outside the isolated micro-VM, LAVA is immune to tampering or avoidance by an attacker. Advanced visualization automatically “connects the dots” of complex attacks, thereby freeing up security team resources and time needed for more strategic projects than routine security alert analysis. LAVA introspection exposes the most dangerous and hard to detect rootkits and bootkits by monitoring the system at the hardware level of execution.

LAVA trace

Why is it better?

Security organizations consume valuable time and resources reacting to routine attacks encountered in the course of doing business on the web. Because of limited resources dedicated to analysis, it is often the case that the same attack will continuously be used to penetrate an organization. LAVA automates a normally time-intensive process, enabling security teams to quickly identify previously unknown attacks from common malware and determine who within the organization is being targeted. Armed with this information, enterprise security teams can respond to threats quickly and efficiently by updating existing security mechanisms, fortifying the defenses of specific attack targets and alerting the targets of the attack to be aware of the threat. This comprehensive, real-time view into all endpoint malware attacks is what separates LAVA from other legacy products.