Bromium expands its virtualization based security isolation and detection approach into a platform play that correlates threats across a distributed network of endpoint sensors.
Security vendor Bromium announced its new Secure Platform technology on Jan. 24, providing organizations with new capabilities to correlate threat information from endpoint sensors, in an effort to defend against attacks.According to Simon Crosby, co-founder and CTO of Bromium, the Bromium Secure Platform technology marks the completion of the vision that the company first set out to achieve when it was founded in 2011. Bromium was founded on the promise of enabling a Byzantine Fault Tolerant system, which is a Computer Science concept defining a system that is able to sustain arbitrary attacks or failures.In a 2016 video with eWEEK, Crosby detailed how Bromium has evolved since its founding to help secure organizations with its secure isolation approach. The Bromium technology makes use of a micro virtual machine (MicroVM), which is a Xen hypervisor virtualization-based approach that provides a high degree of isolation on endpoint devices.With the new Bromium Secure Platform, data from multiple endpoint sensors is collected to provide an enterprise view of attacks.
“We’re using the endpoints as an army of sensors to immediately share information so we can protect the enterprise as a whole,” Crosby told eWEEK. “We do distributed learning across the network and we respond by circulating highly detailed threat information to every endpoint so it can better protect itself.”
Crosby explained that with Bromium Secure Platform there is now also a hunting capability that will enable enterprises to search for indicators of compromise, that have been discovered by malware attacking other endpoints on a network.A common challenge with correlating security events is often that the data volume over time becomes unmanageable. Crosby emphasized that the information coming from the Bromium endpoint sensors is highly-accurate, which reduces the data volume.”For example, one of our federal customers has 150,000 endpoints and we generate under 1 Megabit per second of data,” Crosby said. “So the business of correlating and searching is relatively simple.”Crosby explained then when an attack takes place in a Bromium Micro-VM, full forensic information is made available to the Bromium Secure Platform. That means the system is aware of the specific registry entry that was changed and what the malware attempted to do. The Secure Platform’s database is then queried in real-time to see if any other sensor has ever seen anything similar.Bromium Secure Platform is also able to help defend Windows Server infrastructure as well. Crosby said that the plan is to add Linux server support in the future. On servers, privilege escalation and memory based malware are increasingly common. Bromium sensors will define external processes that might process data, that comes from an un-trusted source. Those processes are then tracked, with Bromium’s platform looking for potential risky behaviors.Looking forward, the Bromium technology is set to expand further and bring its approach to more companies.”To date, we’ve been selling to the Global Fortune 2000 companies,” Crosby said. “We’re going to make our products more broadly available to enterprises and come as far down-market as we can.”Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.