VIRTUALIZATION-BASED SECURITY LEADER BROMIUM PUBLISHES NIST-MODELED SECURITY CONFIGURATION CHECKLIST
Pioneer in application isolation releases NIST-standard configuration guide to fortify systems used by DoD, civilian and state governments
Bromium®, Inc., the leader in application isolation using virtualization-based security, has released a Secure Configuration Checklist for its customers, in compliance with the National Checklist Program (NCP) set forth by the National Institute of Standards and Technology (NIST) in an effort to further bolster the security of federal operating systems and better protect end users.
The NCP is the U.S. government repository of publicly available security benchmarks that provide detailed, low-level guidance on setting the security configurations of operating systems and applications. The creation of the Bromium Secure Configuration Checklist comes on the heels of recent warnings from Pentagon officials including Deputy Defense Secretary Patrick Shanahan that CEOs must either secure their networks or risk losing government contracts.
“Both our civilian and defense customers are moving away from detection-based solutions that require a patient-zero to identify a threat,” explained Robert Wiggenhorn, Sr. Director of Professional Services at Bromium. “Today’s best practice is to use hardware-enforced virtualization to isolate and contain the threat so it doesn’t get to the endpoint or the network. This drastically reduces the threat surface and stops polymorphic, nation-state and zero-day threats.”
As more agencies choose application isolation and containment – as outlined by the NSA – to get true protection against targeted and ransomware attacks, Bromium has created a security configuration checklist with step-by-step instructions on how to confidently configure Bromium Secure Platform to customers’ operational environments in compliance with NIST.
“A security configuration checklist – also called a lockdown, hardening guide, or benchmark – is a series of instructions or procedures for configuring an IT product to a particular operational environment, for verifying that the product has been configured properly, and/or for identifying unauthorized changes to the product”, said Murugiah Souppaya, Computer Scientist at NIST.
“Using checklists that emphasize both hardening of systems against software flaws by applying patches and eliminating unnecessary functionality, for example, and configuring systems securely will typically reduce the number of ways in which the systems can be attacked, resulting in greater levels of product security and protection from future threats.”
The Bromium Secure Platform provides endpoint malware protection by creating hardware-isolated micro-VMs that secure every user task, from surfing the web to opening emails and downloading attachments. Tasks are separated from each other and the rest of the system inside the micro-VMs to keep threats contained. When a task is closed, the task micro-VM and any threat it contained, is disposed of without any breach. Through isolation, Bromium safeguards systems against spear phishing attacks, ransomware, kernel and zero-day exploits, and APTs, and is then able to run Breachless Threat Reports™ with forensics on these threats for real-time responses and preventative action.