People have been waiting to find out more about what Xen virtualization veterans Simon Crosby and Ian Pratt have been up to with their latest startup, Bromium. And this was the week to find out! When Bromium news finally broke, the Web exploded.
To find out more, I went straight to the source and spoke with Simon Crosby, co-founder and CTO of the company. Who better to speak with and get the color commentary that is required to understand a new technology?
VMblog: For the three or four people reading VMblog who may not have heard of Bromium yet, can you provide a little bit of background on the company and the story behind its
Simon Crosby: Ian and I have worked with
Gaurav since 2008, when Phoenix first started to develop its BIOS integrated Xen
client hypervisor. We've had ongoing conversations as a result of our
XenClient work, and Gaurav's HyperSpace work, about the limitations of both
approaches, and about 18 months ago those coalesced around two imperatives:
First, a commitment to delivering the benefits of virtualization on the client,
without a change in the end user experience. Second, a commitment to doing so
without any new management skills or tools. We hit upon the idea of using
virtualization not for VMs, but for tasks in the OS, and thus Bromium was born.
VMblog: You've been in stealth mode
for a year or so now, what are you announcing at this time?
Crosby: Bromium is announcing that the
company is emerging from stealth mode by describing its proprietary
micro-virtualization technology, and that it has raised $26.5M Series B funding
from lead investor Highland Capital Partners, new investor Intel Capital, and
existing investors Andreessen Horowitz and Ignition
VMblog: One of the million dollar questions, when will you be shipping
Crosby: We're in beta now, but
micro-virtualization is more than a product. We're announcing a new trustworthy
computing architecture upon which we will be building products across platforms
VMblog: Tell us what separates Bromium from
other desktop security companies.
Crosby: Legacy security solutions
attempt to detect and block malware using signatures or behavioral analysis.
This black-listing approach can only detect known threats and fails to stop
sophisticated malware that is used for today's targeted attacks. White-listing -
allowing only trusted applications, such as a corporate browser or pdf reader -
is ineffective because attackers take advantage of the fact that enterprises are
slow to update their software, and use malicious content and documents to
exploit supposedly trustworthy applications.
The "whack a mole" approach to
creating a new signature or patch to detect and block the latest attack, or
developing a new security product for a new kind of vulnerability is
unsustainable. The security industry needs to address the fundamental
shortcomings of the current approach, and adopt a new architecture that
transforms computer systems into trustworthy endpoints that are secure by
offers a completely new approach to endpoint security that relies on isolation
rather than detection and blocking of threats. Malware isolated by
micro-virtualization is unable to steal data or access either the Windows system
or corporate network and is automatically discarded when the web session or
document is closed by the user.
Bromium micro-virtualization is
designed to defeat the foundations of malware. Each micro-VM is optimized and
provisioned for the specific task at hand and is hardened against the
installation of malicious code. Today's software presents millions of lines of
code and a seemingly infinite number of possible interactions and
vulnerabilities that hackers exploit to gain control of a system. Bromium
delivers significant attack-surface reduction as a direct result of
micro-virtualization which delivers an inherently more secure platform for
running risky tasks.
If unknown malware does manage
to exploit the application performing the protected task only that single
short-lived task will be compromised. Malware cannot gain access to other
applications or tasks, the OS itself, the protected file system, the corporate
network, or enterprise SaaS applications. Since each task is run in a
hardware-isolated, hardened and independent container within the OS environment,
threats can't propagate and compromised sessions can't be used for surveillance
or to launch attacks on other systems in the network. Malware is not allowed to
persist and is automatically removed on closing the web browser tab, document or
VMblog: Explain if you would why micro-virtualization is important for mobility and consumerization.
Crosby: Today's technology trends of
mobility, cloud computing, and the consumerization of IT mean that end users want more
freedom to choose where and how they access the data and applications needed to do
their jobs. As a result, it is much more difficult for IT to
do their job: protect enterprise
data and networks while empowering end users to be productive.
There is a mismatch between the
computing systems we rely on, and the way humans use them. Users access
applications and domains beyond IT's control, from systems that are vulnerable -
making it easy to compromise enterprise security. To address this, IT needs a
system architecture that is trustworthy by design.
utilizes hardware virtualization to automatically isolate untrustworthy tasks,
thereby protecting sensitive assets and data while seamlessly allowing end users
to access the information and resources they require. It is an unprecedented
implementation of trust-based computing that is practical for the administrator
and delightful for the end user.
VMblog: How does Bromium secure
endpoints? And who is the target audience for Bromium?
Crosby: Bromium's products are built on
the Bromium Microvisor - a second-generation virtualization technology that
applies the isolation and security principles of virtualization to tasks running
within the operating system - completely hidden from the user. The Microvisor
automatically identifies each vulnerable task and instantly isolates it within a
micro-VM, which is a lightweight, hardware- backed isolation container that
polices access to all OS services and resources. Micro-VMs run natively, with
full performance, but continuously protect the system - even from unknown
threats: A micro-VM can only access OS services or devices via simple
enlightenments which cause the virtualization hardware to pause execution of the
micro-VM and hand control to the Microvisor.
The Microvisor uses hardware
virtualization to guarantee that task-specific mandatory access control policies
will be executed, in a safe, trusted execution context. It imposes tight control
on access to sensitive data, networks and other resources. Bromium
micro-virtualization is the only technology that can safely enable trusted and
untrusted applications and data to coexist on a single system with guaranteed
VMblog: In your opinion, what is the
largest challenge that companies run into with securing the
Crosby: Simply said: Today's desktop
security solutions can't protect the enterprise from end-user mistakes, nor can
they defend the infrastructure from zero day threats and polymorphic
Anti-Virus systems detect
malware by using signatures that are developed from samples of attacks that have
successfully compromised other users. The addition of heuristics and cloud based
lookups has decreased the time needed for AV systems to detect known attacks,
but with over 3 billion unique pieces of malware discovered in 2011 alone,
today's attackers have little problem avoiding these systems. Anti-virus does
provide detection of most known forms of malware and provides protection against
those attacks that are targeted at the areas vSentry does not currently address
such as exploits of shared internal network servers.
Solutions restrict end users from using "non-approved" programs on their
systems. This approach typically has a large impact on user productivity which
often results in users finding "workarounds" such as performing critical tasks
on mobile or home products. Application whitelists provide no protection from
attacks targeted at the "approved" programs which remain vulnerable to zero day
or targeted attacks routinely delivered within the content the applications are
tasked with processing.
Once again, a special thanks to Simon Crosby for again taking time out to speak with VMblog and helping to educate its readers.