Virtualization-Based Security…Bromium 4.0 Takes Isolation Mainstream
- We’ve been working hard to get ready for the long anticipated launch of Bromium Secure Platform 4.0.
- Many of our customers, 35 to be exact, have already had the opportunity to test the release candidates and give feedback.
- Watch this webinar to learn more about what’s in the new release of Bromium Secure Platform.
Virtualization-based security is a game-changer.
Virtualization is transformative. It has played a substantial role in shaping the way we do business today. AS an industry, we are still in the virtualization journey. When first introduced, virtualization helped reduce costs in the data center. Virtualization also gave birth to cloud computing resulting in new markets faster time to market. Virtualization provides organizations with the ability to be agile and adapt quickly to customer needs.
In the same way virtualization transformed infrastructure, it’s helping shape security as you know it. Virtualization-based security using hardware-enforced isolation transforms the business from traditional detection-based solutions to one that is resilient to current threats. With Bromium 4.0, VBS goes mainstream.
New Features: Optimized Resources
Let’s face it, impact to end user productivity has negative repercussions on the company bottom line. Bromium Secure Platform has made significant strides in optimization of performance. Even 4GB machines that were an issue of the past are no problem anymore. New optimization and user workflow features for easy deployment and configuration include the following.
- Office Protected View: files opened in Office Protected View are still opened in a micro-VM invisible to the end user. Any embedded malicious binaries will still be identified and a full malware manifest collected via our behavioral analysis. If the document is found to be malicious it will not be allowed to leave protected view.
- Unified installer: is a single agent that includes Bromium isolation and monitoring functionality. The agent intelligently detects the environment variables during the installation to determine whether or not the respective host supports Intel Virtualization Technology (VT) or AMD Rapid Virtualization Indexing (RVI) to install Secure Browsing, Secure Files, Secure Monitoring, or all, based on the deployment configuration settings.
- Win 10 Secure Boot & VBS support: Support for Bromium isolation and monitoring on Windows 10 secure boot systems with VBS enabled.
- Fast User Switching: Isolation profiles are supported between user profiles switching without rebooting.
New Features: Threat Triages
The challenge for many SOC teams is that they are overloaded with security alerts that need to be investigated and too many of those are false positives. These alerts can go uninvestigated resulting in an expensive breach, or the attacker simply goes undiscovered until it’s irreparable damage is done.
- IOC Hunting: when a new threat is identified, via isolation or host monitoring, the information is shared with every Bromium protected endpoint as part of the Sensor Network for immediate automated hunting.
- Detailed Threat Analysis: when reviewing a security alert, it’s important to be able to quickly get a snapshot of the overall impact for executive reporting, it’s also critical to be able to drill into the detailed of threat to understand the exact impact. Using the updated behavioral threat graph via the dashboard SOC teams can reduce the time it takes to investigate security alerts.
New Features: Incident Response
It’s a well-known fact that organizations are struggling to keep up with the constantly changing threatscape. There is also a significant skill set gap for security personnel that can effectively hunt and respond to incidents. Bromium allows organizations to address these gaps by using technology to automate discovery of security incidents like persistent attackers and reduce the false positives ratio.
- Blacklisting and Automatic Blocking: automated enterprise-wide IOC detection to stop lateral movement via behavioral based rules and configurable blacklists.
- File Quarantine: file-based quarantine to remove binaries from infected machines without disrupting the user.
- Custom Monitoring Rules: to monitor and protect the assets important to you across your whole enterprise including legacy hardware and servers.
- Additional Attack Techniques: new detection techniques include detection of file-less malware, privileged escalation attempts, persistence, indirect process creation, defensive evasion, and unauthorized credential access or use.
There are additional enhancements to Bromium Secure Platform. Isn’t time you found out how virtualization-based security can change your security strategy?