Executives at Bromium Inc., a startup founded by the lead developers of the Xen hypervisor, say they've developed a way to secure enterprise PCs that enables employee productivity while eliminating expensive remediation caused by users opening malicious email attachments or visiting malware-laced websites.
The Cupertino, Calif.-based company Wednesday announced general availability of the first product based on its Microvisor technology, Bromium vSentry for Windows PC security.
Today's enterprise security relies on keeping bad guys out and a constant race to keep systems patched, Gaurav Banga, co-founder and CEO of Bromium said in an interview. Traditional desktop virtualization doesn't solve the problem; it only moves it from the endpoint to the data center. Enterprises trying to tackle targeted threats and advanced malware face a losing battle, he said. Locking down systems can come at the cost of collaboration and productivity.
Bromium takes a different approach by using hardware virtualization to create a micro virtual machine (VM) that isolates each vulnerable Windows task, such as visiting a webpage or opening an email attachment. That way, any malware or exploit is isolated to the micro VM, which has no access to the rest of the Windows system. Hundreds of micro VMs can be created rapidly for each task.
"We're able to do this in a way that's transparent to the end user," Banga said.
Bromium's technology took the same capability that enables multitenancy, and implemented a next-generation version of it on the PC, he said. End users can freely click on emails and websites without worrying about their PCs getting infected, he said.
The Microvisor technology also features Live Attack Visualization and Analysis, giving security teams insight into malware and attack trends. This intelligence can help companies protect systems that don't have that vSentry or that need to justify securing spending, Banga said.
VSentry supports Windows 7 64-bit desktops. Banga said Bromium plans to expand its support beyond Windows PC security to additional operating systems and platforms, including tablets and servers.
Rich Mogull, founder of Phoenix-based Securosis LLC., an independent security consulting firm, said he's impressed by Bromium's technology. It could prove disruptive by moving the industry "into a new bubble of preventative security," he said in a phone interview.
The concept of using containment techniques for security isn't new, but Bromium takes it to a new level by relying on virtualization technologies, Mogull said. "It's pretty powerful."
VSentry has some limitations, however, due to its hardware requirements, he said. VSentry requires an Intel i3, i5 or i7 processor and 4 GB RAM.
The closest competitor Bromium has is Fairfax, Va.-based Invincea Inc., but Invincea's technology has clear architectural differences, Mogull said.
VSentry is licensed per user and priced according to volume, but additional details were not available.