You are here

Endpoint Protection and Endpoint Security White Papers


Trusting Web Browsers: There is No Perimeter New

Web browsers are essential for everything from research to commerce. Add cloud computing into the picture and it looks like they could be critical for the foreseeable future. Unfortunately, browsers are also the most common vector of network attack 1.

Securing the Modern Endpoint New

It’s alarmingly and unambiguously clear: detection-based defense in-depth has utterly failed. Evidence of major breaches on a weekly basis continues to demonstrate that detection is a security strategy that has completely run its course and should now rightfully be discarded. This doesn’t have to be the case. Defending the Modern Endpoint with application isolation can turn things around. Our whitepaper explains how.

Bromium Enterprise Security

Bromium is the only solution that defeats cyber attacks that target the endpoint, where more than 70% of breaches originate. This white paper provides an overview of the Bromium platform, which is a comprehensive next-generation enterprise endpoint protection solution that integrates endpoint threat isolation, sensor network, threat analytics and continuous host monitoring to stop targeted attacks, zero-day threats and attempted breaches in real time.


Bromium Microsoft 1 Percent That Saves Millions

Global security spending was expected to reach $81.6 billion in 2016 and is growing at a compound annual growth rate (CAGR) of 8%i . But, ransomware is growing at 300% and will cost business over one billion dollars in 2016, according to Gartner.

Security By Design: Application Isolation & Containment New

Approximately 40% of breaches in the Public Sector can be traced back to privilege misuse and miscellaneous errors. In this paper we'll discuss how the end-user continues to be the weakest link in your cybersecurity chain.

Protecting the Mobile Workforce

The challenge of securing remote laptop or desktop users from compromise is one of the main things keeping security professionals awake at night. In this paper you will read how Bromium delivers the highest possible levels of security for endpoint systems, on or off the corporate network and addresses the mobile security challenge.

Data Breach Detection vs. Prevention

Conventional wisdom has been that prevention of data breaches is not possible, and that the best the industry can do is detect successful attacks after the fact. Bromium has an entirely new approach which isolates anything potentially malicious rather than trying to detect an attack in advance. In this paper we examine the technologies and products from FireEye and their post-breach approach to security to that from Bromium.

The C-Level Executive’s Guide to Transforming Endpoint Security

IT security is undergoing a major transformation. CIOs and CISOs are facing realities that are challenging traditional security concepts and methods. Given how vulnerable organizations are, how targeted and sophisticated cyber attacks are today, and how traditional security defenses are falling, there has to be a better way to defend endpoints and networks.

Bromium has a revolutionary approach that defeats cyber attacks with isolation technology. It far exceeds the capabilities of detection and blocking technologies like antivirus, whitelisting, Web gateways and sandboxes. It enables users to click on anything, anywhere without risk of compromise and it streamlines security.

Transforming Endpoint Security

Every day, enterprises are bombarded by modern threats, such as spear-phishing attacks, advanced persistent threats and zero-day attacks. Traditional aren’t capable of defeating these targeted attacks. The only surefire way to safeguard sensitive data on and off the network is to protect the endpoint itself. With Bromium’s revolutionary alternative to security as usual, you’re no longer fighting a losing battle.

Making Windows Secure by Design

Bromium and Microsoft have partnered to provide the world’s most secure endpoint. Details of the collaboration to ensure that Bromium products are compatible with Windows 10, and also complement and extend Windows 10’s in-box security are detailed in this paper.

Changing Role of the Board of Directors in Cybersecurity

The board of directors has a major responsibility to ensure that company assets are protected. This oversight responsibility extends to cybersecurity. Failure to ensure adequate and effective security can put a company at great risk and can expose directors to personal liability. Directors must be proactive in making sure their organizations deploy the right defenses to prevent data breaches.

The Psychology of (In)Security

Organizations will invest $75 billion in cyber-security solutions this year; inevitably, these solutions will fail. The most high-profile breaches of the past five years have all been at multi-billion dollar organizations, resulting in lost trust for these organizations, lost value for their shareholders and lost jobs for those held responsible. The problem is that organizations are investing in the status quo by continuing to purchase and deploy legacy security solutions that are incapable of addressing the reality of the threat.

New Model for Defeating Cyber Attacks and Reducing Costs

This paper highlights the issues with legacy defenses and explains how a revolutionary model of security can completely change the economics for your enterprise. You’ll find out how to drive an exceptionally strong ROI from an investment in Bromium and how the isolation approach enables enterprises to reduce costs across the traditional infection life cycle. This paper provides a compelling business case for Bromium micro-virtualization technology based on several customer case studies, detailing all of the ways that you can leverage Bromium to improve security, reduce operational costs and finally prevent data breaches.


Bromium & Microsoft Security Partnership New

Microsoft and Bromium are partnering on a series of joint security scenarios that use Virtualization Based Security (VBS) and micro-virtualization as a means to hardware isolate apps. Microsoft Edge uses Windows Defender Application Guard (WDAG) to protect the device, apps, data, and networks from attacks launched through the browser. Bromium ships a robust full featured solution to protect to protect the endpoint from malicious documents, executables, attachments, downloads, and sites.

Analysis of The Attack Surface of Windows 10 Virtualization-Based Security

Windows 10 comes with a lot of promises for enterprise customers, particularly around security. One of the major advances Win10 makes is in the area of enhancing OS security. Microsoft also notably added Virtualization-Based Security, or VBS, for advanced security built-in in the OS. Bromium Labs researcher Rafal Wojtczuk will dissect some of these new capabilities and provide guidance to large enterprises and federal agencies, which are planning to “standardize” on Win10 in the months ahead. Live attack demos will also be provided in our talk at Black Hat.

Transforming Infrastructure Security with Hardware Virtualization

This white paper describes micro-virtualization, the Bromium-developed technology that revolutionizes online security from software-centric to hardware-based protection. 

Application Sandbox Limitations

Application sandboxing has fundamental protection limitations. This paper explores the limitations through architectural analysis and practical experimentation. Key findings include: every sandbox can be compromised due to design or coding flaws in the sandbox or the operating system it aims to protect, Microsoft® Windows has many kernel flaws that cannot be protected using a sandbox, and there has been a rapid increase in attacks that can escape any sandbox.

Micro-virtualization vs. Software Sandboxing

This paper compares Bromium micro-virtualization with software sandboxes. Software sandboxes are one of the techniques used in the security industry, but they will always be vulnerable to attack. The Bromium architecture offers a quantum leap forward vs. software sandboxes in protection and detection, forensics, and live analysis of attacks.

Understanding Bromium Micro-virtualization for Security Architects

This paper describes micro-virtualization technology and how it works in terms that are familiar to a security architect. It takes a deep dive under the hood of Bromium vSentry to explain how it uses micro-virtualization to make endpoints inherently more secure by isolation tasks at a granular level. Valuable data, networks, and devices are not available in a micro-VM—so breaches are prevented.

Practical Threat Intelligence

Threat intelligence today is often costly and time consuming and does not always result in a reduction of successful attacks. Bromium has applied micro-virtualization technology to threat intelligence to solve these issues. With Bromium, organizations are provided with timely, accurate and actionable threat intelligence. The result is a reduction in the time and associated costs along with an increase in the effectiveness of the Security Operations Center by decreasing successful attacks.

Bromium Secures Client-side Java

Enterprises are heavily dependent on Java for both client and server applications. But Java’s many benefits and large attack surface make it a target for cybercriminals because of its ubiquity and platform independence. This paper details how Bromium makes Java more secure and protects the endpoint from untrustworthy content and applications while ensuring that users enjoy an unchanged user experience.


Application Isolation & Containment

IT security teams within federal government agencies and their contractors face a daunting series of challenges in securing their networks against modern malware intrusions, including advanced persistent threats (APTs), advanced targeted attacks (ATAs), polymorphic malware, and file-less intrusions. Their networks and infrastructures are prime targets for nation-states, political agitators, organized criminals, and other hackers eager for access to truly critical content, be it for espionage purposes, to cause political embarrassment, or to reap financial gain. Furthermore, they are subject to a myriad of regulations from oversight and standards-setting organizations, both U.S. and international.

How Energy Companies Can Fight Cyber Attacks

Energy companies are seeing their core systems attacked from vulnerable endpoints. Many of the attacks are targeted at a particular organization and are designed to have a particularly significant impact on that organization. These attacks are unique to the target and go right past traditional detection-based products such as antivirus. Read how Bromium isolates these threats and prevents data breaches in the energy industry.

Preventing Data Breaches at Financial Institutions

Cybercrime is big business and the financial services industry is one of the top three targets. Hundreds of millions of customer records and credentials are stolen from banks, insurance firms and other financial institutions each year, costing the industry millions of dollars. A revolutionary threat isolation approach from Bromium has been embraced by the world’s top financial services firms. Read how Bromium can prevent data breaches in the financial services industry.

Securing Healthcare Data Starts at the Endpoint

Security in the healthcare industry has been front and center in the headlines. The Washington Post estimates that breaches in the healthcare sector have affected more than 30 million patients to date—and the costs of such incidents can be exorbitant. The Ponemon Institute reports that data breaches cost the industry about $5.6 billion annually. Read how Bromium can prevent data breaches in the healthcare industry.

How High-Tech Companies Can Fight Cyber Attacks

The technology sector is renowned for its innovation but that is precisely why it attracts directed and tenacious cybercriminal attention. Intellectual property and proprietary technologies such as source code are key targets of attackers, making even the most tech-savvy high-tech companies at risk from cyber attacks. This paper delves into attacks in the high-tech industry and describes how Bromium can help technology companies prevent data breaches and protect their valuable data and IP.

How Retailers Can Fight Back Against Data Breaches

Retailers heavily leverage technology to attract and retain customers, making the retail industry a top target for cybercriminals. The recent spate of high-profile data breaches has netted cybercriminals sensitive customer information, such as email addresses and phone numbers, along with the credit and debit card data of millions of consumers. Retailers hit with data breaches have suffered significant damage to their brand and reputation, along with millions of dollars in lost sales, business disruption and more. Read how Bromium can prevent data breaches in the retail industry.