Hardware-enforced Application Isolation
Bromium micro-virtualization technology uses a purpose-built Xen-based security-focused Hypervisor. We take advantage of the hardware features that are built into Intel®, AMD®, and other CPUs to run every task in a hardware-isolated container.
Isolate Each Task Within its Own Micro-VM
When a user visits a web page, opens a document, or downloads an email attachment, Bromium creates a new micro-VM. The user experience and application performance aren’t affected – from the user’s perspective, everything works exactly the same way as it would on a regular machine – but all tasks and processes are running inside the micro-VM, and are safely contained there. Every document the user opens, every website they visit, and every link they click prompts the creation of a new micro-VM – each task is running within its own secure container.
Everything in the Micro-VM is Contained
If a task turns out to be malicious, and malware is attempting to modify a kernel or change the master boot record, it is only making those changes within the micro-VM. There is no impact on the underlying system or other micro-VMs.
A ‘Black Box’ Flight Recorder for Malware
Bromium captures everything that happens inside the micro-VM. Each micro-VM is created to run a unique, single task. If it deviates, that’s a sign that malware might be present. All the information about what malware is doing is sent in real time to the SOC team via the management console.
- Collect the data on the entire kill chain of the attack
- Identify its command and control center
- Find out what connections the malware is making
- Determine the malware origin
- Capture the malware payloads and make it available to the analysts within the SOC.
Real-time Threat Intelligence
Bromium collects the attack information using a standard STIX format, which can be shared with other tools, such as the firewall at the edge of your network, so it will know to block particular IP addresses or specific file types.
As soon as the task finishes, Bromium discards that micro-VM. All the malware that may have been present is removed from the system, with no risk of cross-contamination and no need for cleanup or re-imaging of the PCs.
Bromium Uses Virtualization to Tackle Malware
The anti-malware security industry has tried everything: signatures, heuristics, sandboxing, artificial intelligence, predictive analytics, machine learning, and neural networks. Yet none of these solutions have solved the fundamental problems: detection relies on a patient zero.
Isolation provides numerous benefits that simply cannot be matched by traditional detect-to-protect solutions:
- Isolate every threat within its own micro-VM – if anything bad happens, it’s going to be contained
- Enable users to safely go anywhere on the Internet
- Empower IT by providing real-time threat intelligence, including exactly what kind of malware they are facing, what it’s connecting to, and where it has come from.