Interview with Tal Klein of Bromium

Tal Klein (Profile)
Thursday, January 17th 2013

VSM: Bromium recently announced the release of vSentry 1.1. Before going into the new features, can you first provide us with a brief overview of vSentry?

TK: Simply put, Bromium vSentry transforms enterprise information and infrastructure protection. It is designed to deal with the inescapable realities of vulnerable software and targeted persistent attacks. By design, it protects Windows PCs from undetectable advanced malware that attacks enterprises via tricking users into opening poisoned attachments, documents and websites.

With a powerful  new architecture, vSentry is built on the Bromium Microvisor; a security-focused hypervisor that automatically, instantly and invisibly hardware-isolates each vulnerable Windows task in a micro-VM that cannot modify Windows or gain access to enterprise data or network infrastructure.

VSM: With the release of version 1.1, was there a particular gap in the market you were trying to address?

TK: With this release, we wanted to find a solution to the irregular security coverage of the VDI market. Virtual desktops are vulnerable to exactly the same attacks as native PCs.

In fact, in many real world implementations, VDI is less secure than a native PC. A compromised virtual desktop puts the attacker in an ideal location, the enterprise datacenter, with the potential to attack at the core. Since VDI desktops typically appear on the same LAN or VLAN segment, it is possible for attackers to spread laterally from one desktop to another.

Legacy signature-based protection doesn’t scale in virtual desktop environments, so the vast majority of VDI desktops today have no endpoint protection at all – relying solely on perimeter protection mechanisms.

VSM: And how does vSentry 1.1 address this issue?

TK: Bromium vSentry 1.1 includes the first features that will deliver the benefits of micro-virtualization and hardware based security to more PCs and allow us to extend the protection of micro-virtualization to all enterprise desktops. With this new release, Bromium reduces the enterprise attack surface for all users – without new management tools or skill sets.

vSentry 1.1 helps enterprises to secure Windows XP, both 32 and 64-bit versions of Windows 7, and also virtual desktops delivered with Microsoft Remote Desktop Services, Citrix XenDesktop, or VMware View.  No other solution has addressed these VDI concerns that are becoming increasingly important as the VDI market space continues to grow over time.

VSM: What new features will we see on 1.1?

TK: In addition to the expanding vSentry availability to multiple platforms (VDI desktop, hosted platforms, legacy XP clients), other notable features include the general availability of Bromium LAVA (Live Attack Visualization and Analysis) and the first version of the Bromium Management Server (BMS).

BMS delivers a centralized web service for vSentry policy management, an assemblage of LAVA events from every enterprise desktops, and a correlation of attack data. BMS offers a centralized console for visualization and analysis of malware forensics. Even more, it can also be used to input data into other security analysis systems such as SIEMs, third party consoles, or Splunk.