Bromium deploys zero-trust tech to isolate and secure critical IP

Bromium deploys zero-trust tech to isolate and secure critical IP

Bromium has announced the release of Protected App, which allows organisations to establish robust, end-to-end protection around their critical IP and high value assets (HVA)

Bromium, a pioneer and leader in virtualisation-based endpoint security that stops advanced malware attacks via application isolation, has announced the release of Protected App, which allows organisations to establish robust, end-to-end protection around their critical IP and high value assets (HVA).

Protected App will address the challenges of a shrinking security perimeter and the loss of trust many organisations have experienced after constant breaches compromising their networks.

Bromium Protected App safeguards organisations’ intellectual property (IP) and HVAs from threats such as keylogging, kernel exploits, memory and disk tampering and man-in-the-middle attacks, with sensitive applications walled off from the endpoint.

“Organisations have been fighting an ongoing cyber-battle but they have been let down by layered defences failing to stop or slow down attacks. This failure has resulted in organisations feeling like they can’t trust their own networks or endpoints, which has forced them to move high-value services and IP off the network and restrict access,” said Robert Bigman, Former CISO of the CIA.

“Protected App can be used by organisations to enable trusted client access for employees and third-party partners to your intellectual property from their ‘dirty’ networks and endpoints, without ever having to worry about their security posture.”

“Zero trust as a concept is solid but in practice it’s become a real barrier to user productivity,” said Gavin Hill, VP Product and Strategy, Bromium. “Some organisations deploy second PCs that employees must use if they want to access critical IP, which doubles hardware costs and restricts workflow. It’s clear that we need a new approach to zero trust that secures networks and applications but doesn’t affect workflow.”

Protected App is the first to use hardware-enforced virtualisation on the endpoint, below the operating system (OS), ensuring total isolation for applications from the operating system while securing the network connection to server applications hosting critical IP.

“Protected App builds a wall around remote and virtual desktop applications on the endpoint, allowing employees to access sensitive applications without the need to use a second PC or risk infection from a compromised endpoint or network,” said Hill.

This allows users to work seamlessly between their endpoint and sensitive applications, even if the host PC has been compromised. To the end user, all activity is performed on their endpoint. This means they can work as they always do, but the connection to the sensitive data and IP is running completely isolated in a micro virtual machine (VM), which the host OS cannot see.

Bromium Protected App will defend organisations from:

  • Keylogging – keystrokes in Protected App are invisible to the host and the host cannot inject keystrokes into Protected App
  • Man-in-the-middle – as the connection from client to server is across a secured VPN connection
  • Kernel exploits – as the VM is independent of the OS, kernel exploits of the Windows host will not impact Protected App
  • Memory tampering – the protected VM running Protected App is walled off from the host PC making it impossible to access the memory
  • Disk tampering – the protected VM running Protected App is walled off from the host PC making it impossible to access the disk and the disk is encrypted
  • Registry updates – as the root of trust is below the OS, kernel exploits of the Windows host will not impact Protected App
  • Prevent copy and paste, downloading, printing and screen capture exploits

Hill said: “The security perimeter is shrinking and the old castle and moat concept of security is dead. Even if you do trust your own network and devices, remote working, cloud computing and the connected economy all mean that your apps and data are going to be accessed from environments you have no control over and can’t trust. Our vision for Protected App is all about making this access frictionless and secure.”

Protected App will be available in autumn this year.

 

Browse our latest issue

Intelligent CISO

View Magazine Archive