Tag Archives: Bromium

Microsoft announces unbreakable Edge Browser with Windows 10 Fall Creators Update

4 November 2017

On 13 July 2015 Bromium announced a partnership with Microsoft to integrate the Bromium micro-virtualization technology in Windows 10. Two years later, on 23 October 2017, Microsoft announced the Windows 10 Fall Creators Update. With this update, Microsoft enhances Systems Center Endpoint Protection by many new security functions. The Bromium micro-virtualization technology is integrated in Windows Defender Application Guard (WDAG):

Windows Defender Application Guard makes Microsoft Edge the most secure browser for enterprise by hardware isolating the browser away from your apps, data, network and even Windows itself. WDAG protects your Microsoft Edge browsing sessions so if users encounter malware or hacking attempts while online they won’t impact the rest of your PC.

This sounds very promising! For details see this post published on 23 October 2017 in the Windows Security blog.

Unfortunately, currently only enterprise customers benefit from WDAG. I would appreciate it if Microsoft would integrate WDAG as soon as possible in all Windows versions to allow consumers and small businesses to benefit from WDAG as well.

Have a great weekend.

Advertisements

Some thoughts on “Zero-Day Exploits – Your Days are Numbered!”

23 April 2017

The Bromium Micro Virtualization Technology is indeed a game changer in the protection against zero-day exploits, unfortunately only for Microsoft Windows based devices.

Smart devices like smartphones, tablets or phablets are increasingly replacing the classic devices, with the consequence, that the overall security is reduced because no endpoint protection is available for those devices in general.

My worst nightmare: A tablet user downloads a word document with a zero-day exploit to an on-premise file share and opens it with Word for Windows on his laptop.

Thus, an additional endpoint protection solution, e.g. a Secure Web Gateway, is required to protect the users of smart devices, and the entire company, against internet born threats.

From my point of view, micro virtualization is great means for protection of classic computing devices against zero days. But to prevent blind spots, it must be embedded in an overall endpoint protection strategy.

Have a good weekend.

Bromium Partners to Bring Micro-virtualization to Windows 10

14 July 2015

This is perhaps the most exciting news of the year. Bromiums micro-virtualization technology in connection with the latest security technology of Windows 10 and integrated in Microsoft System Center – sounds like the next generation endpoint security solution that we so desperately need.

In particular because signature based anti-malware solutions can be tricked by simple means. For details see the cyber arms post Anti-Virus Bypass with Shellter 4.0 on Kali Linux.

Take care!

Some thoughts on ‘Dridex Reminds Us: You Can’t Prevent What You Can’t Detect’

28 March 2015

The latest Bromium post is really worth reading. Dridex is a further development of the Cridex Trojan. Dridex’s only goal is to steal your online banking credentials, to allow cyber-criminals to empty your bank accounts.

Dridex is a real beast. The developers hide the payload in Microsoft Office AutoClose macros to lever out the protection through the inbuilt sandboxing technology. If properly configured protected mode is a challenging task, but the bad guys had taken even this into account.

Michael Mimoso writes on threat post: ‘While macros are disabled by default since the release of Office 2007, the malware includes somewhat convincing social engineering that urges the user to enable macros—with directions included—in order to view an important invoice, bill or other sensitive document.’

The first line of defense, user awareness, has failed spectacularly! If someone tries to persuade you to disable protected mode for viewing an email attachment, it is very likely that this is a cyber-attack.

Task virtualization would have protected the user in this case. But even the task virtualization has its limitations. From my point of view, well-trained users, who are aware of the dangers of the internet, are the first line of defense today. Technology supports them to stay secure

… unless the users deactivates or the attackers bypasses them.

Have a good weekend.

Bromium: The Vicious Cycle of “Assuming Compromise”

31 January 2015

The latest Bromium post ‘The Vicious Cycle of “Assuming Compromise”‘ is absolutely worth reading. The transition from reactive to proactive endpoint protection technology will mitigate some of our principal security risk. But, don’t forget people and processes…

Have a good weekend.

Bromium – The Dawn Of A New Era In Corporate Cyber Threats?

14 July 2014

The Dawn Of A New Era In Corporate Cyber Threats? | A Collection of Bromides on Infrastructure.

Although the picture reminds me of some scenes of Terminator II, Bill Gardner does not announce the imminent end of the world. In this blog post he just creates awareness for a new kind of attacks with may have dramatic impact on businesses.

Fortunately, today’s attackers focus on new market businesses. The impact of a data theft, e.g. loss of reputation or annoyed customers, is costly and exasperating for companies, but not life-threatening. Destruction of data and of backups, as in the case of Code Spaces, might lead in the worst case to loss of business and disastrous effect on customers.

But the expansion of malicious activities to old market businesses, like chemical and pharmaceutical plants or basic infrastructure like national gas or power supply systems, could have  a catastrophic impact on businesses, environment and people.

In addition, a third type of damage, integrity loss, caused by tampering of data, makes things really worse, because this kind of damage is very hard, and often only after several years, to discover.

We urgently need to prepare for the “Maximum Credible Accident!

For a good starting point see Mark Brown’s article “Where should a CISO look for cyber security answers – hardware, software or wetware?”.

Don’t Panic – All will end well!

SearchSecurity – On prevention vs. detection, Gartner says to rebalance purchasing

28 June 2014

On prevention vs. detection, Gartner says to rebalance purchasing.

In this post Eric B. Parizo, Executive Editor for TechTarget’s Security Media Group, makes clear that the effectiveness of traditional, signature-based protective technologies like intrusion detection and prevention or antimalware will significantly decrease in future.

Gartner’s Adaptive Security Architecture (ASA) is a new approach for defense against targeted attacks. ASA is a re-active defense strategy based on continuous monitoring and analytics, and should be complemented by traditional, signature based pro-active technologies.

Ths ASA approach has one small(?) weakness: In the time between an attack, its first recognition and the implementation of protection measures we are left defenseless! This time shut be kept as small as possible to prevent greater damage.

In my opinion, there is a third, recommendable way: Micro-Virtualization

Micro-Virtualization is a new approach for defense against, not only targeted, attacks that irons out the weaknesses of the ASA approach. An e-mail client or an internet browser session is completely isolated from other tasks and the operating system. Only those data required for successful execution of the task (Need-to-Know principle) are loaded into the isolation container.

In the case of an attack only the data inside the isolation container is affected and on session end the malicious code is destroyed with the isolation container. This feature makes Micro-Virtualization a perfect complement for ASA and the traditional signature-based approach.

For more details about Micro-Virtualization please see www.bromium.com.