Bromium’s unique, patented micro-virtualization technology is a new way to secure the enterprise from cyber attacks while delivering a seamless user experience and streamlining security operations.
Bromium micro-virtualization technology uses the Bromium Microvisor, a purpose-built, Xen-based, security-focused hypervisor, in conjunction with the VT features built into Intel®, AMD® and other CPUs to create hardware-isolated micro-VMs for each task a user performs on information originating from unknown sources. These hardware-isolated micro-VMs provide a secure environment where user tasks are isolated from one another, the protected system and the network to which it is attached.
A task comprises all computation — both within an application and within the kernel — that is required to complete a particular user-initiated activity. For example, opening a single Web-browser tab or a PDF document is considered an individual task. Bromium applies the principle of least privilege to each task, granting access to only the specific resources — files, network services, the clipboard, interaction with the user, devices or network shares — that are needed to complete the particular task.
This task-based isolation protects the system from any attempted changes or theft of information made by an attacker. For example, it provides the granularity required to protect against modern attacks like man-in-the-browser. This type of attack can compromise the entire Web browser, gain access to system resources and steal information from unsuspecting users. The same attack if targeted against a Bromium user would only see the very limited set of resources necessary to perform the task on the specific Web-browser tab. Valuable data, networks and devices are not accessible. When the user closes the task, the micro-VM is simply discarded — with all malware it may have contained.
Task introspection provides a comprehensive view of tasks running within a micro-VM from the perspective of the Bromium Microvisor, from the outside in. This viewpoint provides a perfect view of the attacker’s every move and enables Bromium to detect attacks targeted below the operating system, such as rootkits and bootkits. Task introspection ensures that observation and recording of attacks is immune to avoidance by an attacker.
Bromium safely allows malware to fully execute within a hardware-isolated virtual container, enabling post-exploitation analysis of the complete attack cycle and establishing a full malware kill chain. Comprehensive information on the vector, target and methods used by the attacker and full details of the attack are preserved, including network traffic, file signatures and all changes that malware attempted to make to the operating system or file system. Memory exploits, execution of new tasks, attempts to download and save files, attempts by malware to connect to external command-and-control systems, and much more information are available in real time.
Advanced visualization and categorization automatically connects the dots of complex attacks and categorizes the malicious behavior detected, thereby freeing up security team resources and time needed for endeavors more strategic than routine security alert analysis. Armed with this information, enterprise security teams can respond to threats quickly and efficiently by updating existing security mechanisms, fortifying the defenses of specific attack targets and alerting the targets of the attack to be aware of the threat.