21. June 2012 · Comments Off on Bromium Micro-Virtualization: New Approach to endpoint security · Categories: blog · Tags: , , ,

Bromium is emerging from stealth mode with their announcement of a $26.5 million B venture capital round, participation in GigaOm Structure, and a lengthy blog post from CTO Simon Crosby explaining what Bromium is doing. Cymbel has been working with Bromium for close to six months and we are very excited about its unique approach to endpoint security.

Bromium has built what they are calling a “micro-hypervisor” that leverages Intel’s Virtualization Technology hardware to isolate each task and each browser tab (Internet Explorer, Firefox, and Chrome) within  a version of Windows running on an endpoint.

The result is to greatly reduce the likelihood that malware infecting a document or a browser tab can cross to another browser tab or task, to the base operating system, or to the network.  One way of measuring the risk reduction Bromium achieves is by looking at the reduction in attack surface. This can be approximated by the number of lines of code of Windows vs. Bromium’s micro-hypervisor  – 10 million vs. 10,000.

Furthermore, if a browser tab or a downloaded document is infected not only won’t the malware spread, but when you close the tab or document, the malware is erased from memory. Even if you save a malware-laden document, as long as you open it on a Bromium-installed endpoint, the malware will not infect the underlying machine or spread via the network.

In addition, the user experience is not altered at all, i.e. the user does not realize Bromium is even there unless she opens the Task Manager and sees only the current task on which she is working.

If you are interested in learning more, please contact me and I will send a white paper which goes into a lot more detail.