Meet vSentry, the end of malware as we know it?

Meet vSentry, the end of malware as we know it?

Henry Dalziel | Pentesting Distros, Product Reviews | June 25, 2013

Last September 2012 Bromium (a company whose focus is squarely on the global enterprise security market) released vSentry version 1 – a novel approach to combating the prevalence and escalation of cyber security threats for end-users. The problem that Bromium is solving is the relentless avalanche of cyber threats we are all exposed to. By ‘cyber threats’ we mean anything flying around the Internet with malice: for example java drive-by, trojans, worms, malware and advanced persistent threats.

There are literally thousands of vendors competing for our dollars in fighting this onslaught of malice but only a handful have such a novel approach as Bromium with their vSentry and LAVA products. LAVA: Live Attack Visualization & Analysis, is a centralized security application that works in tandem with vSentry. Both programs must be embedded within each person’s device on the network for malware prevention to be effective. LAVA produces instant forensic charts (some call it a ‘kill-chain’) which can be used to analyze future threats that can be used for future reference within the users machine.

The vSentry Bromium Approach
Once installed vSentry opens a ‘Micro-VM’ (virtual machine) for every application that the user executes. So, say for example, you open Internet Explorer to surf the net; that session would be captured and contained within a Micro-VM. Once that session is over then that particular Mico-VM would be deleted, along with any ‘bad-stuff’ that came with that particular session. Even key-strokes run by malware within the infected Micro-VM, should it have been infected, would not be able to complete their purpose. As we understand it, the Bromium technology is optimized for the Intel platform, specifically for VT-x and VT-d processors. With the explosive growth of BYOD (joking referred to as ‘Bring Your Own Disaster) securing the end-user within an enterprise network has never been greater: vSentry however does exactly that by defending endpoints on untrusted networks using their LAVA and Micro-VM’s.

Bromium’s commercial solution to the ever-present threat of end-user threats is excellent and should be welcomed.

Qubes OS
We blog a lot about Linux distro’s, with our favorite being BackBox, (see our poll on the best distro of 2013!) and this is a great place to insert a comment about Qubes OS. Qubes OS is a desktop environment that aims to ensure security through isolation, rather like vSentry. The virtualization is performed by Xen (which is also used by Bromium’s vSentry version 2.0) working within a Fedora environment. Although we have never used or tried Qubes OS, we’d appreciate a comment below from anyone who has and can chime in with their thoughts regarding the OS’s security profile!

VSentry is all about Safe Collaboration!
If it’s about the economy during an election year, then it’s all about security for a system or network engineer. C-level management would all sing in concert how much they would cherish their employees and colleagues to work together securely. Working without fear of cyber compromise surely enhances productivity, and one of the reasons we think the take-up of vSentry version 2 will be solid.

We’d love to get our hands on vSentry to see it in action, but from what we understand, this could be a game changer when it comes to protecting the employees Operating System. The technology seems to be very advanced and is clearly tackling an issue dear to our hearts, not least for network engineers and CISO’s. Simon Crosby, CTO and co-founder of Bromium, who we had the privilege of interviewing last year describes their solution as being a rock solid security solution for the corporate enterprise whilst not bloating the host Operating System’s resources.

* Also! It’s worth mentioning that Gartner has awarded Bromium, in 2013, with their coveted “Cool Vendor” designation. To learn more about vSentry click here!

Leave a comment or reply below...thanks!