There are only a handful of certainties in life: death, taxes, vulnerable software, and people making mistakes. The latter two items are the reasons why security professionals struggle to get a good night's sleep. The bane of existence for IT security folk has been how to mitigate risk to the enterprise without dis-empowering employees or decreasing their productivity? The balancing act of security and user freedom is a pendulum that is continually swinging to both extremes, struggling to find that happy medium.
However, a newcomer to the security scene is challenging the assertion that the perfect balance can ever be attained. Vulnerable software and people making "security" mistakes are certainties, therefore, making such a goal a fool's errand. The aforementioned newcomer, Bromium, may have an answer in the form of micro-virtualization. Micro-virtualization leverages hardware isolation to securely allow untrustworthy desktop tasks to safely coexist with trusted enterprise applications and data - minus the risk, all completely transparent to the end-user experience.
A logical extension of the isolation principles found within traditional virtualization, the Bromium Microvisor (according to their website) uses hardware virtualization to "automatically, instantly and invisibly isolate each untrustworthy task within a micro-VM that has no access to enterprise data or networks, and which cannot modify the underlying desktop system".
In order to gain some additional insight as to how Bromium's solutions would work in a corporate enterprise setting, I contacted Simon Crosby, the Chief Technology Officer (CTO) for Bromium. Since Bromium has not yet announced a specific product. Simon's responses below reflect more about what their technology can enable, and not about a particular product.Q: What class of security problems does Bromium address? What sort of companies would benefit from purchasing Bromium solutions? Crosby: Bromium aims to transform the resilience of computer systems, making them affordable, manageable and trustworthy by design. We believe that a trustworthy system empowers the user without increasing risk to the enterprise, and can enable IT to securely navigate the challenges of consumerization, mobility, and personal use of enterprise devices. It makes every device secure against malware, by design.
Bromium's key innovation - micro-virtualization - is the key building block of a trustworthy system. Micro-virtualization protects vulnerable software (even when the device hasn't been patched) and secures enterprise data at runtime, automatically discarding malware to deliver a resilient system - all industry firsts that save money and time, and keep users productive.Q: What kind of security problems are Bromium solutions not designed/intended? Crosby: Bromium is focused initially on enterprise Windows PCs. Recent security compromises have shown that sophisticated attackers use advanced malware to evade host and network based security. Using micro-virtualization it is possible to make end points vastly more secure.
By ensuring that each vulnerable or untrustworthy task (eg: opening a web page or an email attachment) is executed in its own micro-VM, Bromium can guarantee that a compromised task cannot access enterprise data or applications.Q: How would a company implement Bromium solutions? What sort of planning/architecture changes need to be carried out? Crosby: Our customers need not implement any new management tools or practices to benefit from our technology. Bromium is deployed as an application and simple Active Directory (or other policy management system) policies are all that is required to manage the core system capabilities. Q: What makes Bromium a "more secure solution" than sandboxing? Crosby: The microvisor automatically and invisibly identifies each vulnerable task and instantly hardware-isolates it within a micro-VM. The microvisor creates micro-VMs instantaneously, and can easily control hundreds of concurrent micro-VMs on a modern PC. Micro-VMs are tiny because they contain only task-specific state and they run natively. They are hardware isolated from each other and from Windows. Trusted and untrusted tasks can thus coexist on a single system with guaranteed mutual isolation. To Windows, micro-VMs are just tasks - it schedules them for execution, and tracks their performance and resource usage. Key properties of the system include:
- When a micro-VM executes, any changes it attempts to make to its view of the "golden" IT provisioned Windows instance are "Copy on Write" or CoW. For example, if an attacker changes a Windows kernel memory page, it only succeeds in modifying an instantly created local copy of that page, and not the original.
- Each micro-VM is granted only a narrow view of the file system that contains just the files it needs - an implementation of the principle of "least privilege" - with CoW update semantics.
- When a micro-VM terminates (the user closes the window, or it terminates) the microvisor discards the task's memory image and uses a persistence policy to determine whether to persist any new files. Any persisted files are securely tagged with meta-data that encodes their provenance and trust; the microvisor ensures that untrusted files can only be accessed from a micro-VM.
- The microvisor restricts micro-VM access to network services
Bromium's approach is unique because it addresses security by essentially assuming that any application is compromised at any time and then limiting the effects of it or the damage a given attack can do. Bromium's solution is practical because it doesn't require security staff to worry about software vulnerabilities or for users to be hyper vigilant, always worrying about what they click on and downloading security updates. This doesn't mean that we should stop all efforts to write secure software and to give-up on employee security awareness. Rather, it is time we accept that we cannot be perfect in those endeavours. This is about building computing systems that take into account the principle of trustworthiness.
My thanks and gratitude goes out to Bromium's CTO Simon Crosby for taking time out of his busy schedule to provide such insightful answers.
Dominic Vogel is currently a security analyst for a financial institution in beautiful Vancouver, British Columbia.