Monthly Archive for: "August, 2014"
Updated: Mar 20, 2019
In the recent years, virtualization has in many ways become the way of life for most cybersecurity and IT professionals. Whether you are a malware examiner using virtualization to contain your samples for digital forensic analysis or you are simply testing new software, virtualization technology has permeated all of our lives.
With modern malware being so sophisticated, security professionals are having an increasingly difficult time combating malware attacks. Malicious actors have learned how to get past many of the current anti-malware solutions and we often hear that the current anti-malware solutions are not effective enough anymore. This dilemma has many security folks thinking: What’s the next step?
A relatively new solution, the Bromium vSentry, promises to take malware protection and data breach prevention to the next level. How? Bromium’s revolutionary idea takes advantage of Intel’s hardware virtualization technology VT-x (and EPT), which allows the vSentry to hardware-isolate operating system tasks. When active, the vSentry solution is able to isolate each Windows task that either accesses the Internet or untrusted documents, such as an Excel spreadsheet downloaded from the Internet. Its architecture guarantees that all malware will be defeated and automatically discarded. In addition, vSentry automates live attack visualization and analysis.
As we can see in the video below, the presenter downloads a Russian Excel file from the Internet and when the file is opened, a new micro-VM is created that contained the file. The Bromium vSentry blocks access to the internet, thus preventing any communication with C&C servers (assuming the file does contain malware). The user is even able to make changes to the file and save it, while still preserving the isolation. This is possible because although the potentially dangerous file was saved on the hard drive just like any other healthy file would, the potentially harmful file has been marked as such (unsafe), and when the file is opened again, it is automatically executed in the micro-VM again, ensuring absolute safety. In addition, the micro-VMs contain copies certain copies of core file of Windows, therefore if any malware attempts to make changes to them, it will only do so for the copies.
The Bromium vSentry is also able to completely isolate the running processes. This even applies to individual web pages. In the video below, we can see how vSentry is able to virtualize each tab of the Internet Explorer and seamlessly integrate the result back into web browser, preserving the user experience completely.
The best part about Bromium vSentry’s hardware micro-virtualization is the fact the impact on system performance is minimal and practically impossible to notice from the end user’s perspective, as the presenter demonstrates.
For more information about the Bromium vSentry solution, visit Bromium’s website.