Startup Taps Virtualization To Stop Security Threats - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

03:29 AM
Connect Directly

Startup Taps Virtualization To Stop Security Threats

Bromium takes the "trust no one" tactic, uses micro-virtualization to secure the network against potential threats introduced by users.

As end users come to rely on outside services and downloaded code, it gets difficult for IT to know who to trust and how each desktop should be allowed to operate. The answer, says Bromium's CTO and co-founder Simon Crosby, is trust no one.

Startup Bromium uses virtualization to address what so far has been a difficult problem: secure end-user computing when the end user is constantly interacting with and importing files from untrusted sources on the Internet and outside the company's firewall.

Firewalls are set up, policies put in place, and watchdogs put on guard against intruders. But programmers "leave holes in software. Humans are gullible. They click on the link. This is not changeable and we can't solve the problem" with the already-tried approaches, Crosby said in an interview prior to his appearance at GigaOm's Structure 2012 event Wednesday in San Francisco.

Bromium assumes "the bad guys are going to get in. The detection systems have their limits, and in some cases, won't detect the intruder," Crosby said.

Instead, IT needs to not simply virtualize the Windows desktop--that is, put the operating system and its applications in a virtual machine--but to virtualize all potentially vulnerable tasks executed on the desktop. If a new application makes a call to the system hard drive, that task needs to be isolated in a micro virtual machine, with its hypervisor making a decision on whether the access should be allowed. Bromium calls its hypervisor a Microvisor and says it will be able to assess whether an interaction is going on between trusted or untrusted parties. If the code involved was just downloaded from the Internet, the Microvisor knows to refuse the access.

[ Learn how tech giants are partnering to stop malicious advertising. See Google, Facebook, Twitter, AOL Fight Badware. ]

Bromium was launched a year ago by Crosby, University of Cambridge professor Ian Pratt (the second person to virtualize the x86 instruction set after VMware's Mendel Rosenblum), and entrepreneur Gaurav Banga, now CEO.

The Bromium approach uses Intel's VT-x technology embedded in its recent chips to determine whether the hardware device is trusted. When a system is activated, VT-x etched into the CPU checks for a signature to the hypervisor that confirms it is an unmodified copy. The Microvisor goes through that check, then can police newly minted micro-VMs.

As a desktop starts up, Bromium becomes an application running in the background. It assesses the machine it is running on and launches "hundreds of micro-VMs in under a second," said Crosby. Potentially vulnerable application tasks are executed from inside a micro-VM, which restricts their access to general purpose memory, I/O, and CPU.

By making direct use of the hardware assists to virtualization that both Intel and AMD have built into their chips, the Microvisor can quickly assign limited memory, CPU, and networking to a task--a logical sandbox--which restricts it from seeing the Windows operating system or any files, other than the ones it's authorized to access.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
1 of 2
Comment  | 
Print  | 
More Insights
2021 Outlook: Tackling Cloud Transformation Choices
Joao-Pierre S. Ruth, Senior Writer,  1/4/2021
Enterprise IT Leaders Face Two Paths to AI
Jessica Davis, Senior Editor, Enterprise Apps,  12/23/2020
10 IT Trends to Watch for in 2021
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/22/2020
White Papers
Register for InformationWeek Newsletters
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
Flash Poll