Tag Archives: Micro-Virtualization

Some thoughts on “Zero-Day Exploits – Your Days are Numbered!”

23 April 2017

The Bromium Micro Virtualization Technology is indeed a game changer in the protection against zero-day exploits, unfortunately only for Microsoft Windows based devices.

Smart devices like smartphones, tablets or phablets are increasingly replacing the classic devices, with the consequence, that the overall security is reduced because no endpoint protection is available for those devices in general.

My worst nightmare: A tablet user downloads a word document with a zero-day exploit to an on-premise file share and opens it with Word for Windows on his laptop.

Thus, an additional endpoint protection solution, e.g. a Secure Web Gateway, is required to protect the users of smart devices, and the entire company, against internet born threats.

From my point of view, micro virtualization is great means for protection of classic computing devices against zero days. But to prevent blind spots, it must be embedded in an overall endpoint protection strategy.

Have a good weekend.

Advertisements

Bromium Partners to Bring Micro-virtualization to Windows 10

14 July 2015

This is perhaps the most exciting news of the year. Bromiums micro-virtualization technology in connection with the latest security technology of Windows 10 and integrated in Microsoft System Center – sounds like the next generation endpoint security solution that we so desperately need.

In particular because signature based anti-malware solutions can be tricked by simple means. For details see the cyber arms post Anti-Virus Bypass with Shellter 4.0 on Kali Linux.

Take care!

Bromium: The Vicious Cycle of “Assuming Compromise”

31 January 2015

The latest Bromium post ‘The Vicious Cycle of “Assuming Compromise”‘ is absolutely worth reading. The transition from reactive to proactive endpoint protection technology will mitigate some of our principal security risk. But, don’t forget people and processes…

Have a good weekend.

Word of the day: Malvertisement

2 October 2014

Lots of exiting news at the moment. The Bash Shellshock bug would be surely worth a post. But the Word of the Day from 30 September, Malvertisement, is such terrifying, that I decided to write about this today.

What makes Malvertisement particularly dangerous is that almost every website with advertisements could be potentially dangerous. In addition, the way your computer will be hijacked, is based on standard internet technology like pop-up Windows.

‘Malvertising is becoming so prevalent that many security experts recommend that users block all pop-up ads and create an application whitelist that will only allow their computer to run programs that have been positively approved.’ Ok, this sounds like a plan, but application whitelisting is a hard job, in particular for home users.

Using Internet Explorer 11 on Windows 8.1 in kiosk mode will mitigate the risk somewhat because Internet Explorer runs in an isolated AppContainer at the lowest integrity level. Although the handling of Internet Explorer on a laptop with Windows 8.1 is a little getting used to, the additional security delivered by the AppContainer technology makes the change easy for me.

For advanced security requirements the usage of micro virtualization technology makes sense. Micro virtualization systems can isolate applications from each other as well as from the operating system.

Don’t panic! Have a good day.

SearchSecurity – On prevention vs. detection, Gartner says to rebalance purchasing

28 June 2014

On prevention vs. detection, Gartner says to rebalance purchasing.

In this post Eric B. Parizo, Executive Editor for TechTarget’s Security Media Group, makes clear that the effectiveness of traditional, signature-based protective technologies like intrusion detection and prevention or antimalware will significantly decrease in future.

Gartner’s Adaptive Security Architecture (ASA) is a new approach for defense against targeted attacks. ASA is a re-active defense strategy based on continuous monitoring and analytics, and should be complemented by traditional, signature based pro-active technologies.

Ths ASA approach has one small(?) weakness: In the time between an attack, its first recognition and the implementation of protection measures we are left defenseless! This time shut be kept as small as possible to prevent greater damage.

In my opinion, there is a third, recommendable way: Micro-Virtualization

Micro-Virtualization is a new approach for defense against, not only targeted, attacks that irons out the weaknesses of the ASA approach. An e-mail client or an internet browser session is completely isolated from other tasks and the operating system. Only those data required for successful execution of the task (Need-to-Know principle) are loaded into the isolation container.

In the case of an attack only the data inside the isolation container is affected and on session end the malicious code is destroyed with the isolation container. This feature makes Micro-Virtualization a perfect complement for ASA and the traditional signature-based approach.

For more details about Micro-Virtualization please see www.bromium.com.