|By Maureen O'Gara||
|September 24, 2012 07:00 AM EDT||
Please, God, let this work - even if it's not completely impenetrable, it sounds better than what we've got as we know from the Chinese.
"It" is widgetry called vSentry from a UK start-up called Bromium that promises to put an end to malware - at least in the enterprise. Bromium is too young to deal with consumers yet.
It will work initially on (presumably clean) 64-bit Windows 7 PCs using Internet Explorer 8 and 9. Later it will be moved to Intel-based Macs and other browsers. Presumably Bromium will prioritize ARM devices somehow and Windows 8 boxes will likely be supported when the enterprise actually starts deploying them.
What is does is use a lightweight second-generation species of virtualization the Bromium boys call a Microvisor to create a disposable virtual machine around every task you do on a PC - click on a URL, open a document or e-mail attachment, or a file on a thumb drive - anything can reportedly run in a Micro-VM provided the PC is based on one of the Intel Core i3, i5, or i7 processors that make what's called hardware-enforced isolation possible. And that's because of Intel's Virtualization Technology (VT).
Users won't even know vSentry and its Micro-VMs are there - at least that's what its creators say.
The virtual machine cages any undetectable malware you might happen upon in a poisoned e-mail or malicious site, gives it something harmless to play with to let it think it's doing its job, and kills it when the VM is killed.
Micro-VMs are automatically discarded when an untrusted task is completed. The Intel hardware nips in the bud any move by a task in a Micro-VM to access trusted files or resources like the network, file system, clipboard and printing, handing control over to the Microvisor to see if it's legit.
The evil malware can't leak into the rest of the machine and can't leak into the enterprise or the mobile devices connected to the corporate network. And it doesn't matter what the malware is or whether it's known or not.
vSentry protects desktops that haven't been patched (not a great safeguard anyway). Users are free to download apps, collaborate, access cloud-hosted programs and the web, and open unsafe documents and media without risking enterprise's data or infrastructure.
See, the hardware virtualization guarantees that the VMs are isolated from the operating system and each other, and enterprise assets are protected by restricting the ability of each Micro-virtual machine to access data, networks and other system resources. To penetrate, the malware would have to break Intel's hardware, which is supposed to be way harder than compromising software.
The widgetry is also supposed to provide in-depth forensic capabilities to determine the intent of the attack without risk of exposure and identify the vectors, targets and methods of new attacks in real-time.
Bromium calls this Live Attack Visualization and Analysis (LAVA), and says vSentry automatically generates signatures for new attacks that legacy detection-centric tools can neither identify nor block.
It lets the malware do what it wants to do - fooling it with fakes - so it can be fully analyzed. vSentry then uploads the data to security software from, say, Symantec, McAfee or Trend Micro to identify.
vSentry, which is configured through Active Directory, debuted Wednesday at a Gartner Security & Risk Management Summit in London and Gartner fixes the value of the market it's headed for at $17.7 billion last year.
However, the Wall Street Journal says Bromium's beta customers told the company they saw the widgetry as additive to old-fashioned endpoint (albeit easily compromised) security and that may translate into a cost hurdle.
vSentry is supposed to be licensed per-user, enterprise-wide, and priced according to volume. What those prices are exactly isn't clear. Maybe a few hundred dollars a head.
The boys who created this stuff are Simon Crosby, Ian Pratt and Gaurav Banga. Crosby and Pratt created the open source Xen virtualization project - Amazon uses Xen - and sold XenSource, the company that commercialized it, to Citrix for $500 million in 2007. Pratt worked with Intel on the virtualization support in its chips. Banga was CTO at Phoenix Technologies, the BIOS outfit.
Banga is now CEO of Bromium, Crosby is CTO and Pratt is SVP, products.
Bromium has raised $35.7 million in two rounds from Highland Capital, Andreessen Horowitz, Ignition, Lightspeed and Intel Capital which apparently see micro-virtualization as having the potential to be a disruptive change in information and infrastructure protection.
Business Insider said Bromium is doing for security what VMware did for servers.