Bromium: Watching threats burn out in a safe place

An Intellyx BrainCandy Brief

Bromium is fulfilling an underserved niche in the security and threat protection portfolio: that of securely isolating attacks and letting them safely play out in an isolated virtual environment.

To be exact, Bromium calls their safe traps “Micro-Virtual Machines” (mVMs) and they run under the kernel and directly atop the CPU with a light footprint, while still simulating the resource characteristics of the attacker’s intended target system.

Rather than stopping detected threats or unfamiliar processes, the goal here is to rapidly separate potentially dangerous email and browser links, file and app downloads, malware and ransomware from the user or corporate endpoint, and then contain them. This allows the attack payload to believe it is ‘doing its thing’ in the mVM without being able to reach out to influence live system processes through the OS or network connections.

The key benefit of this process, beyond preventing escalation of the attack (which is already par for the course in many other tools), is the resulting rich data on threat telemetry. Security teams get the scoop on unknown or zero-day threats that standard antivirus and detection profilers can miss.

Not surprisingly, the firm is seeing the most adoption among customers who are furthest along the maturity curve of threat readiness: financial institutions and government entities, but other commercial applications are starting to surface.

©2019 Intellyx LLC. Intellyx advises companies on their digital transformation initiatives, and helps vendors communicate their agility stories. At the time of this writing, none of the organizations mentioned in this article are Intellyx customers. To be considered for a Brain Candy article, email us at pr@intellyx.com.

SHARE THIS:

Principal Analyst & CMO, Intellyx. Twitter: @bluefug