Virtualization Technology News and Information
Q&A: Interview with Bromium Talking About vSentry 1.1

Bromium is one of those new startup companies that burst on the scene with instant credibility because of its founders and executive team members.  Everyone stood by waiting to see what this stealth company would be once announced, and we weren't disappointed when they did.  Bromium has taken a very interesting and intelligent approach to security.  I've had the pleasure of being able to speak with these guys on more than one occasion.  Check out this recent Q&A with Bromium CEO, Gaurav Banga, and make sure to check out Bromium's 2013 prediction while you are at it.

Back in September, Bromium introduced us to vSentry, the company's first product based on their Bromium Microvisor.  Now, they are back, and announcing an updated version, Bromium vSentry 1.1.

VMblog:  Tell me about the new release of Bromium vSentry 1.1.

Tal Klein:  Our vision is to enable enterprises to protect all desktops by design, whether native or virtual. With this in mind, the new version of vSentry now secures and protects virtual desktops. In this version, we use CPU features for hardware virtualization to isolate untrustworthy tasks, without changing the end user experience.

The new release of vSentry extends the benefits of micro-virtualization and hardware based security to all enterprise desktops, reducing the enterprise attack surface for all users without the need for new management tools or skillsets. Specifically, vSentry 1.1 helps enterprises to secure Windows® XP, both 32 and 64 bit versions of Windows 7, and virtual desktops delivered with Microsoft Remote Desktop Services, Citrix XenDesktop, or VMware View.

VMblog:  What feature were you most looking forward to seeing in version 1.1?

Klein:  One of the newest features to vSentry 1.1 includes the first version of the Bromium Management Server (BMS). This includes a centralized web service for vSentry policy management, a collection of LAVA (Live Attack Visualization and Analysis) events from all desktops in the enterprise, and a correlation data about attacks. It also provides a centralized console for visualization and analysis of malware forensics. It can also be used to input data into other security analysis systems such as Splunk, SIEMs and third party consoles.

VMblog:  Can this solution be used across any cloud and virtualization management platform?

Klein:  vSentry 1.1 can be used in conjunction with Windows XP, Windows 7 and VDI or RDS delivered desktops and applications.

Legacy signature-based protection doesn't scale in virtual desktop environments so the vast majority of VDI desktops today have no endpoint protection at all - relying solely on perimeter protection mechanisms. I have yet to see any VDI deployment where the desktop image is regularly refreshed, so a successful attack on a VDI desktop is just as likely to persist on a virtual desktop as on a traditional PC running AV. When all is said and done, VDI helps compliance with centralized data, but it doesn't solve the problem of desktop security.

We address this exact situation with vSentry 1.1 by covering all the bases concerned with cloud and virtualized security.

VMblog:  What makes Bromium vSentry 1.1 stand apart from existing enterprise security solutions?

Klein:  Today, IT security practices are out of step with users and attackers. The problem is a comprehensive failure of the "detect to protect" paradigm that evolved from traditional anti-virus design. Unlike traditional IT security solutions, vSentry defeats attacks by design, and that same design also enables it to offer unparalleled live analysis and visualization (LAVA) for otherwise undetectable malware, before signatures are available. vSentry 1.1 continues this protection by branching out to VDI, targeting an area within the enterprise that is becoming crucial to protect.

VMblog:  How will Bromium continue to deliver security solutions that protect desktops from attacks?

Klein:  Bromium has taken a vastly different approach to advanced persistent threats than existing security technologies. Traditional security solutions rely on malware detection in order to prevent attackers from penetrating the enterprise, hence fail to block targeted attacks.

Bromium uses hardware-enforced isolation to contain and discard threats, to stop even "undetectable" attacks, without disrupting the user. Bromium vSentry is built on its security-focused Microvisor that automatically, instantly and invisibly hardware-isolates each vulnerable Windows task in a micro-VM. This stops all attacks from gaining access to the endpoint, enterprise data or network infrastructure. vSentry 1.1 continues this methodology, branching out to secure the virtual enterprise, which allows us to extend the protection of micro-virtualization to all enterprise desktops.


Once again, I'd like to thank Tal Klein, senior director of products at Bromium, for taking time out to speak with VMblog.

Published Tuesday, December 11, 2012 10:12 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<December 2012>