Tag Archives: Micro-Virtualization

Microsoft announces unbreakable Edge Browser with Windows 10 Fall Creators Update

4 November 2017

On 13 July 2015 Bromium announced a partnership with Microsoft to integrate the Bromium micro-virtualization technology in Windows 10. Two years later, on 23 October 2017, Microsoft announced the Windows 10 Fall Creators Update. With this update, Microsoft enhances Systems Center Endpoint Protection by many new security functions. The Bromium micro-virtualization technology is integrated in Windows Defender Application Guard (WDAG):

Windows Defender Application Guard makes Microsoft Edge the most secure browser for enterprise by hardware isolating the browser away from your apps, data, network and even Windows itself. WDAG protects your Microsoft Edge browsing sessions so if users encounter malware or hacking attempts while online they won’t impact the rest of your PC.

This sounds very promising! For details see this post published on 23 October 2017 in the Windows Security blog.

Unfortunately, currently only enterprise customers benefit from WDAG. I would appreciate it if Microsoft would integrate WDAG as soon as possible in all Windows versions to allow consumers and small businesses to benefit from WDAG as well.

Have a great weekend.

Some thoughts on “Zero-Day Exploits – Your Days are Numbered!”

23 April 2017

The Bromium Micro Virtualization Technology is indeed a game changer in the protection against zero-day exploits, unfortunately only for Microsoft Windows based devices.

Smart devices like smartphones, tablets or phablets are increasingly replacing the classic devices, with the consequence, that the overall security is reduced because no endpoint protection is available for those devices in general.

My worst nightmare: A tablet user downloads a word document with a zero-day exploit to an on-premise file share and opens it with Word for Windows on his laptop.

Thus, an additional endpoint protection solution, e.g. a Secure Web Gateway, is required to protect the users of smart devices, and the entire company, against internet born threats.

From my point of view, micro virtualization is great means for protection of classic computing devices against zero days. But to prevent blind spots, it must be embedded in an overall endpoint protection strategy.

Have a good weekend.

Bromium Partners to Bring Micro-virtualization to Windows 10

14 July 2015

This is perhaps the most exciting news of the year. Bromiums micro-virtualization technology in connection with the latest security technology of Windows 10 and integrated in Microsoft System Center – sounds like the next generation endpoint security solution that we so desperately need.

In particular because signature based anti-malware solutions can be tricked by simple means. For details see the cyber arms post Anti-Virus Bypass with Shellter 4.0 on Kali Linux.

Take care!

Bromium: The Vicious Cycle of “Assuming Compromise”

31 January 2015

The latest Bromium post ‘The Vicious Cycle of “Assuming Compromise”‘ is absolutely worth reading. The transition from reactive to proactive endpoint protection technology will mitigate some of our principal security risk. But, don’t forget people and processes…

Have a good weekend.

Word of the day: Malvertisement

2 October 2014

Lots of exiting news at the moment. The Bash Shellshock bug would be surely worth a post. But the Word of the Day from 30 September, Malvertisement, is such terrifying, that I decided to write about this today.

What makes Malvertisement particularly dangerous is that almost every website with advertisements could be potentially dangerous. In addition, the way your computer will be hijacked, is based on standard internet technology like pop-up Windows.

‘Malvertising is becoming so prevalent that many security experts recommend that users block all pop-up ads and create an application whitelist that will only allow their computer to run programs that have been positively approved.’ Ok, this sounds like a plan, but application whitelisting is a hard job, in particular for home users.

Using Internet Explorer 11 on Windows 8.1 in kiosk mode will mitigate the risk somewhat because Internet Explorer runs in an isolated AppContainer at the lowest integrity level. Although the handling of Internet Explorer on a laptop with Windows 8.1 is a little getting used to, the additional security delivered by the AppContainer technology makes the change easy for me.

For advanced security requirements the usage of micro virtualization technology makes sense. Micro virtualization systems can isolate applications from each other as well as from the operating system.

Don’t panic! Have a good day.

SearchSecurity – On prevention vs. detection, Gartner says to rebalance purchasing

28 June 2014

On prevention vs. detection, Gartner says to rebalance purchasing.

In this post Eric B. Parizo, Executive Editor for TechTarget’s Security Media Group, makes clear that the effectiveness of traditional, signature-based protective technologies like intrusion detection and prevention or antimalware will significantly decrease in future.

Gartner’s Adaptive Security Architecture (ASA) is a new approach for defense against targeted attacks. ASA is a re-active defense strategy based on continuous monitoring and analytics, and should be complemented by traditional, signature based pro-active technologies.

Ths ASA approach has one small(?) weakness: In the time between an attack, its first recognition and the implementation of protection measures we are left defenseless! This time shut be kept as small as possible to prevent greater damage.

In my opinion, there is a third, recommendable way: Micro-Virtualization

Micro-Virtualization is a new approach for defense against, not only targeted, attacks that irons out the weaknesses of the ASA approach. An e-mail client or an internet browser session is completely isolated from other tasks and the operating system. Only those data required for successful execution of the task (Need-to-Know principle) are loaded into the isolation container.

In the case of an attack only the data inside the isolation container is affected and on session end the malicious code is destroyed with the isolation container. This feature makes Micro-Virtualization a perfect complement for ASA and the traditional signature-based approach.

For more details about Micro-Virtualization please see www.bromium.com.