BROMIUM MOBILIZES ARMY OF ENDPOINTS TO FIGHT THE CYBER DRUG WAR
Bromium supports enterprise innovation by giving users their freedom back, through launch of new virtualization-based security platform
CUPERTINO, Calif. — January 24, 2017 — Bromium®, Inc., the pioneer and leader in easy to deploy virtualization-based enterprise security that stops advanced malware attacks, today announced the launch of Bromium Secure Platform. By turning a traditional weakness – the endpoint – into a threat intelligence-gathering strength, Bromium Secure Platform offers a complete departure from traditional detect-to-protect solutions with rapid time to value for the enterprise.
“Einstein is famously quoted as saying the definition of insanity is doing the same thing and expecting different results; yet this is exactly what the security community is doing,” explains Ian Pratt, Co-Founder and President of Bromium. “We call this a ‘Cyber Drug War’, because the industry’s unwavering focus on punishing the user is much like failed global attempts at prohibition. This is why we need to forget next gen. We need to start again.”
Bromium’s unique virtualization-based security lets companies focus on strategic initiatives instead of constantly responding to threats. Using CPU-enforced micro-virtualization, which sits on endpoint devices without impacting their performance, users are able to search the web, click unknown links and download executables to their hearts’ content because every task is completed in a disposable, isolated micro-VM. As a result, organizations can let malware and ransomware run because hackers have nowhere to hide and nothing to steal; the task is isolated and the attack thwarted without any need for re-imaging or remediation.
Bromium Secure Platform strengthens defenses further by using threat intelligence gathered on the endpoint to defend the enterprise at large. An organization’s endpoints work like an army of connected informants, providing intelligence on real and imminent threats via the Bromium Sensor Network. This removes the guesswork associated with other threat intelligence solutions because the micro-VM produces high-fidelity alerts with full kill-chain analysis.
The platform also helps identify and stop persistent insider attacks. By monitoring all user tasks and processes on the host, Bromium Secure Monitoring quickly identifies malicious insider activity as well as file-less threats like Powershell attacks. Bromium supports one of the largest managed threat hunting services in the industry with over one hundred thousand users throughout the world. Within weeks of deployment, Bromium can quickly stop insider misuse and unauthorized software running on the network.
“Like the war on drugs, despite all the resources focused on user education and behavior modification, cybercrime continues to grow. That’s because trying to control user behavior is futile,” explains Simon Crosby, Co-founder and Bromium CTO. “We have to accept changing human behavior isn’t the answer. Outsmarting the bad guys is and virtualization-based security is where to start. It allows us to protect and enable – rather than blame – the biggest threat and greatest asset our companies have – people. Even polymorphic threats that are currently missed by detect-to-protect solutions, from traditional and next-generation AV through to the latest EDR, are isolated with our platform. It’s time to stop slowing innovation and let your end users work freely and productively without companies being afraid of getting owned.”
Bromium Secure Platform includes:
Secure Browsing, Applications and Downloads
Laptops, workstations, and hosts protected by Bromium can run apps, email, and browsers in lightweight, CPU-enforced micro-VMs. There’s no impact to the user experience or machine performance however malware seeking to enter the network is unable to escape these micro-VMs.
Bromium’s Sensor Network, powered by an army of endpoints, – makes it much easier to identify threats quickly and take action against them. The Sensor Network gathers intelligence on malicious activity as it executes via Bromium isolation and host monitoring. High fidelity alerts are instantly shared with the Bromium Threat Cloud, which automatically searches the rest of the enterprise to find additional malicious activity on servers or endpoints. This results in fewer false positives, which allows security teams to act on real-world data rather than guesswork.
Insider Threat Detection
Real time detection and forensics is available with Bromium Secure Monitoring to detect advanced attack techniques. Host monitoring for servers and desktops detects persistent attacker behavior and indirect process creation. Any lateral movement attempts are alerted on for service creation or execution.
Bromium protects against any credential theft. In addition to detection of Windows LSASS credential theft, Bromium Secure Monitoring also detects any attacks on credentials stored on disk. This results in full credential protection on Bromium Secure endpoints.
Blacklisting and Automated Blocking
Incident response teams can take advantage of automated enterprise-wide IOC detection to stop lateral movement via behavioural based rules and configurable blacklists. The new quarantine function provides a remote kill function for malicious tasks and collection of relevant files for further investigation without impacting the end user.
Deception technology allows enterprises to create ‘virtual honey-traps’ by leaving fake credentials and documents for hackers to ‘steal’. By doing so, IT can trick malware into fully executing in order to track the entire kill chain. It can also help businesses to lay a false trail of breadcrumbs for hackers to follow in order to gain a better understanding of their motives, or to even ‘leak’ false documents. As it’s all in an isolated environment there is nothing to steal and nowhere to go for the hacker.
“In addition to taking the blame away from users, we need to stop over-burdening our security teams too,” Pratt concludes. “They are drowning in data, using heuristics that at best detect known threats. Instead, arm your people with the tools needed to protect the enterprise at large while allowing your users more freedom to be productive and get their jobs done. That means being realistic about end users and lifting the restrictions, protecting the endpoint from intrusion using isolation, giving your SOC team high fidelity alerts and gathering meaningful intelligence to defend the enterprise at large. Ultimately, organizations need to mobilize their army of end points to fight back in the Cyber Drug War.”
Find out more about Bromium Secure Platform.