You are here

Endpoint Protection and Endpoint Security White Papers

Products

Bromium Enterprise Security

Bromium is the only solution that defeats cyber attacks that target the endpoint, where more than 70% of breaches originate. This white paper provides an overview of the Bromium platform, which is a comprehensive next-generation enterprise endpoint protection solution that integrates endpoint threat isolation, sensor network, threat analytics and continuous host monitoring to stop targeted attacks, zero-day threats and attempted breaches in real time.

Bromium Endpoint Protection

Bromium Endpoint Protection is a module of Bromium Advanced Endpoint Security built on the Bromium Microvisor. This white paper discusses how the module prevents enterprises from being breached by both known and unknown threats.

Bromium Endpoint Monitoring

Bromium Endpoint Monitoring is a module of Bromium Advanced Endpoint Security that automates breach detection and response. This white paper discusses how the module enables security teams to quickly detect and respond to an attack or attempted breach in process.

Bromium Threat Analysis

Bromium Threat Analysis is a module of Bromium Advanced Endpoint Security that enables you to analyze targeted attacks in real time and search for IOCs across your endpoint base—without false alarms. This white paper discusses how Bromium Threat Analysis leverages real-time events on all enterprise endpoints, delivering unparalleled real-time forensic detail for attacks.

Bromium Advanced Endpoint Security for Windows 10

Microsoft and Bromium have partnered to secure Windows 10, protecting the endpoint from compromise. This white paper discusses how Bromium Advanced Endpoint Security uses CPU-enforced micro-virtualization to protect key Windows 10 system services, isolating user tasks and dramatically reducing the endpoint attack surface.

Business

Protecting the Mobile Workforce

The challenge of securing remote laptop or desktop users from compromise is one of the main things keeping security professionals awake at night. In this paper you will read how Bromium delivers the highest possible levels of security for endpoint systems, on or off the corporate network and addresses the mobile security challenge.

Data Breach Detection vs. Prevention

Conventional wisdom has been that prevention of data breaches is not possible, and that the best the industry can do is detect successful attacks after the fact. Bromium has an entirely new approach which isolates anything potentially malicious rather than trying to detect an attack in advance. In this paper we examine the technologies and products from FireEye and their post-breach approach to security to that from Bromium.

The C-Level Executive’s Guide to Transforming Endpoint Security

IT security is undergoing a major transformation. CIOs and CISOs are facing realities that are challenging traditional security concepts and methods. Given how vulnerable organizations are, how targeted and sophisticated cyber attacks are today, and how traditional security defenses are falling, there has to be a better way to defend endpoints and networks.

Bromium has a revolutionary approach that defeats cyber attacks with isolation technology. It far exceeds the capabilities of detection and blocking technologies like antivirus, whitelisting, Web gateways and sandboxes. It enables users to click on anything, anywhere without risk of compromise and it streamlines security.

Transforming Endpoint Security

Every day, enterprises are bombarded by modern threats, such as spear-phishing attacks, advanced persistent threats and zero-day attacks. Traditional aren’t capable of defeating these targeted attacks. The only surefire way to safeguard sensitive data on and off the network is to protect the endpoint itself. With Bromium’s revolutionary alternative to security as usual, you’re no longer fighting a losing battle.

Making Windows Secure by Design

Bromium and Microsoft have partnered to provide the world’s most secure endpoint. Details of the collaboration to ensure that Bromium products are compatible with Windows 10, and also complement and extend Windows 10’s in-box security are detailed in this paper.

Changing Role of the Board of Directors in Cybersecurity

The board of directors has a major responsibility to ensure that company assets are protected. This oversight responsibility extends to cybersecurity. Failure to ensure adequate and effective security can put a company at great risk and can expose directors to personal liability. Directors must be proactive in making sure their organizations deploy the right defenses to prevent data breaches.

The Psychology of (In)Security

Organizations will invest $75 billion in cyber-security solutions this year; inevitably, these solutions will fail. The most high-profile breaches of the past five years have all been at multi-billion dollar organizations, resulting in lost trust for these organizations, lost value for their shareholders and lost jobs for those held responsible. The problem is that organizations are investing in the status quo by continuing to purchase and deploy legacy security solutions that are incapable of addressing the reality of the threat.

New Model for Defeating Cyber Attacks and Reducing Costs

This paper highlights the issues with legacy defenses and explains how a revolutionary model of security can completely change the economics for your enterprise. You’ll find out how to drive an exceptionally strong ROI from an investment in Bromium and how the isolation approach enables enterprises to reduce costs across the traditional infection life cycle. This paper provides a compelling business case for Bromium micro-virtualization technology based on several customer case studies, detailing all of the ways that you can leverage Bromium to improve security, reduce operational costs and finally prevent data breaches.

Technical

Bromium & Microsoft Security Partnership New

Microsoft and Bromium are partnering on a series of joint security scenarios that use Virtualization Based Security (VBS) and micro-virtualization as a means to hardware isolate apps. Microsoft Edge uses Windows Defender Application Guard (WDAG) to protect the device, apps, data, and networks from attacks launched through the browser. Bromium ships a robust full featured solution to protect to protect the endpoint from malicious documents, executables, attachments, downloads, and sites.

Bromium Microsoft 1 Percent That Saves Millions New

Global security spending was expected to reach $81.6 billion in 2016 and is growing at a compound annual growth rate (CAGR) of 8%i . But, ransomware is growing at 300% and will cost business over one billion dollars in 2016, according to Gartner.

Securing the Path to Windows 10 New

Upgrading to Windows 10 offers enterprises improved security, but the critical enhancements that rely on hardware protection are difficult to adopt without purchasing new PCs. Bromium, a Microsoft partner, delivers hardware-enforced security to today’s deployed Windows endpoints, enabling IT organizations to easily upgrade existing PCs to Windows 10 without a hardware refresh.

Analysis of The Attack Surface of Windows 10 Virtualization-Based Security

Windows 10 comes with a lot of promises for enterprise customers, particularly around security. One of the major advances Win10 makes is in the area of enhancing OS security. Microsoft also notably added Virtualization-Based Security, or VBS, for advanced security built-in in the OS. Bromium Labs researcher Rafal Wojtczuk will dissect some of these new capabilities and provide guidance to large enterprises and federal agencies, which are planning to “standardize” on Win10 in the months ahead. Live attack demos will also be provided in our talk at Black Hat.

Transforming Infrastructure Security with Hardware Virtualization

This white paper describes micro-virtualization, the Bromium-developed technology that revolutionizes online security from software-centric to hardware-based protection. 

Application Sandbox Limitations

Application sandboxing has fundamental protection limitations. This paper explores the limitations through architectural analysis and practical experimentation. Key findings include: every sandbox can be compromised due to design or coding flaws in the sandbox or the operating system it aims to protect, Microsoft® Windows has many kernel flaws that cannot be protected using a sandbox, and there has been a rapid increase in attacks that can escape any sandbox.

Micro-virtualization vs. Software Sandboxing

This paper compares Bromium micro-virtualization with software sandboxes. Software sandboxes are one of the techniques used in the security industry, but they will always be vulnerable to attack. The Bromium architecture offers a quantum leap forward vs. software sandboxes in protection and detection, forensics, and live analysis of attacks.

Understanding Bromium Micro-virtualization for Security Architects

This paper describes micro-virtualization technology and how it works in terms that are familiar to a security architect. It takes a deep dive under the hood of Bromium vSentry to explain how it uses micro-virtualization to make endpoints inherently more secure by isolation tasks at a granular level. Valuable data, networks, and devices are not available in a micro-VM—so breaches are prevented.

Practical Threat Intelligence

Threat intelligence today is often costly and time consuming and does not always result in a reduction of successful attacks. Bromium has applied micro-virtualization technology to threat intelligence to solve these issues. With Bromium, organizations are provided with timely, accurate and actionable threat intelligence. The result is a reduction in the time and associated costs along with an increase in the effectiveness of the Security Operations Center by decreasing successful attacks.

Bromium Secures Client-side Java

Enterprises are heavily dependent on Java for both client and server applications. But Java’s many benefits and large attack surface make it a target for cybercriminals because of its ubiquity and platform independence. This paper details how Bromium makes Java more secure and protects the endpoint from untrustworthy content and applications while ensuring that users enjoy an unchanged user experience.

Verticals

How Energy Companies Can Fight Cyber Attacks

Energy companies are seeing their core systems attacked from vulnerable endpoints. Many of the attacks are targeted at a particular organization and are designed to have a particularly significant impact on that organization. These attacks are unique to the target and go right past traditional detection-based products such as antivirus. Read how Bromium isolates these threats and prevents data breaches in the energy industry.

Preventing Data Breaches at Financial Institutions

Cybercrime is big business and the financial services industry is one of the top three targets. Hundreds of millions of customer records and credentials are stolen from banks, insurance firms and other financial institutions each year, costing the industry millions of dollars. A revolutionary threat isolation approach from Bromium has been embraced by the world’s top financial services firms. Read how Bromium can prevent data breaches in the financial services industry.

Securing Healthcare Data Starts at the Endpoint

Security in the healthcare industry has been front and center in the headlines. The Washington Post estimates that breaches in the healthcare sector have affected more than 30 million patients to date—and the costs of such incidents can be exorbitant. The Ponemon Institute reports that data breaches cost the industry about $5.6 billion annually. Read how Bromium can prevent data breaches in the healthcare industry.

How High-Tech Companies Can Fight Cyber Attacks

The technology sector is renowned for its innovation but that is precisely why it attracts directed and tenacious cybercriminal attention. Intellectual property and proprietary technologies such as source code are key targets of attackers, making even the most tech-savvy high-tech companies at risk from cyber attacks. This paper delves into attacks in the high-tech industry and describes how Bromium can help technology companies prevent data breaches and protect their valuable data and IP.

How Retailers Can Fight Back Against Data Breaches

Retailers heavily leverage technology to attract and retain customers, making the retail industry a top target for cybercriminals. The recent spate of high-profile data breaches has netted cybercriminals sensitive customer information, such as email addresses and phone numbers, along with the credit and debit card data of millions of consumers. Retailers hit with data breaches have suffered significant damage to their brand and reputation, along with millions of dollars in lost sales, business disruption and more. Read how Bromium can prevent data breaches in the retail industry.

Don’t be Patient Zero - Bromium for US Federal Government Agencies

US federal government agencies have cyber security top of mind because of the ease with which adversaries are bypassing traditional security systems. There is broad recognition of the need for a different approach to security. Bromium Advanced Endpoint Security enables agencies to empower their users to perform their mission and program work while hardware isolating the unknown attack. Bromium solves the patient-zero problem.