Bromium vSentry 2.0 protects users, companies with latest microvisor

New release focuses on user mobility and collaboration and now leverages the Xen hypervisor

At Citrix Synergy this year, I had the opportunity to speak with Simon Crosby, co-founder and CTO at Bromium. Though Bromium didn't have a booth at this year's event, I've discovered on more than one occasion that Crosby and I have a knack for finding one another in a crowd of a few thousand people. That's great news for me because I was able to get a sneak peek at what Bromium has been up to since our last conversation months earlier.

I've spoken with Crosby over the years when he was with XenSource and later with Citrix, and his passion and knowledge about the Xen hypervisor never ceased to amaze me. When we met at Synergy to discuss his latest version of Bromium vSentry, I was interested to hear how his new company was making use of the Xen hypervisor and, even more, to find out what else was new since we last spoke.

[ VMware Horizon Mobile delivers BYOD functionality to Verizon in US | Veeam announces Backup and Replication 7 for VMware, Microsoft environments | Track the latest trends in virtualization in InfoWorld's Virtualization Report newsletter. ]

The Synergy event is now behind us, and Bromium has officially announced the 2.0 release of its microvirtualization desktop security tool, vSentry. vSentry offers a unique approach to desktop security by using microvirtualization to isolate and defeat all advanced attacks targeting the endpoint through Web, email and documents. vSentry protects desktops without requiring patches or updates, defeating and automatically discarding all malware, and eliminating the need for costly remediation. With this latest release, the company said it has focused its efforts on improving end-user mobility and collaboration.

End-user mobility

Let's face it -- as more and more users are allowed to work remotely, the likelihood that an end-user's environment (or more to the point, the corporate environment itself) will become infected goes up dramatically. Why? Because mobile users often need to access enterprise applications and the Web while on an untrusted network that could be used to attack the endpoint.

Bromium's emphasis on secure mobility is to protect users who access corporate applications via wireless hotspots or other untrusted networks outside the corporate firewall. Because when they do, they (and therefore the enterprise) are vulnerable to attack.

"Even getting onto the Internet at a hotel or café is risky -- captive portals are renowned for delivering malware to endpoints," said Crosby. "Bromium vSentry v2.0 protects mobile devices when they interact with untrusted networks, USB devices, and other external content. Every task that interacts with an untrusted network is hardware isolated by the microvisor, guaranteeing that malware cannot attack the system. Moreover, when users access enterprise applications from an untrusted network, the enterprise can be sure that those tasks are also independently hardware isolated. They are instantly created from the known-good golden OS image, are securely connected to the enterprise VPN or to a SaaS application using an SSL connection, and therefore the enterprise can be sure that the remote user's access is secure."

Even if malware is present, it won't affect the host itself -- it accesses only the micro-VM, which will get tossed out anyway once the window or thread is closed.

Safe collaboration

The safe collaboration aspect of vSentry is important. At the end of the day, in order for vSentry to pass the sniff test with end-users, everything in the user's environment must work like "normal."

On a day-to-day basis, employees need to be able to safely interact with content that originates from within or comes from outside the organization. They may require access to content deemed "untrustworthy" that comes from removable media, the Web, email, or social applications. At the same time, users need to collaborate and easily exchange documents with one another.

According to Crosby, when they do so, they need to access content from others that ultimately is of unknown provenance. Is the email actually from your business partner, or is it a fake? Has an attacker put malware into files in the Dropbox folder you're currently accessing? It's ultimately unknown. Absent an ability to decide whether any piece of content is good or bad, Microsoft (and Apple) leaves the choice to the user, requiring that they decide whether or not to trust a document before interacting with it.

"Our latest release provides the protection needed when users are exchanging documents with one another," said Crosby. "Until now, products have placed the burden of decision making on the end-user as to whether or not something is secure and if it should be opened. As an example, if a user receives a Word document that is compromised in some way, and the system alerts the user that the document could potentially be unsafe, how many people will click OK and move on in spite of the warning? Probably quite a few, and now, the organization could be at risk."

vSentry 2.0 helps address this problem by granting users the ability to access and edit content without ever having to trust it, which enables them to be productive without the risk because these things always run in a micro-VM.

Xen hypervisor

One other interesting note about vSentry 2.0: Bromium has been able to more quickly evolve its own microvisor technology by leveraging the Xen hypervisor and taking advantage of the virtualization benefits it already provides.

But why use Xen now? Why not use it all along?

"When we started Bromium, Xen was not capable of acting as a microvisor," explained Crosby. "There were a couple of key areas of innovation needed: first, the ability to do an instant, in memory 'fork' of a running OS (Windows); and second, the ability to run as a 'late load' hypervisor, which starts once Windows has booted the hardware. This work is now complete. Now we are in a position to leverage our, and the community's, 10-year investment in the Xen code base."

Xen is heavily optimized and very secure. By leveraging the hypervisor, Bromium has been able to further reduce the size of its own code base. Xen has benefited from the security contributions of IBM s-hype code base and security modules, and (as far as we are aware) has never been compromised in practice, even though it is attacked daily on millions of devices worldwide.

Crosby added that Xen is fast and efficient, and the community effort is focused on continually optimizing it for new hardware (for example, Intel Haswell) and new architectures of relevance (such as ARM). He went on to say, "Everyone can benefit from our innovation, and vice versa. It's a terrific model that has served the industry fabulously."

As part of the company's ongoing product expansion, Bromium is also working on adding support for a number of other popular operating systems beyond Windows 7, including Windows 8, Android, and Mac OS X.

The software is being sold to enterprises, not directly to consumers. The current list price for vSentry 2.0 is $150 per seat, but volume discounts are available.

Bromium has raised $35.7 million thus far across two funding rounds backed by Highland Capital Partners with Andreessen Horowitz, Ignition Partners, Lightspeed Venture Partners, and Intel Capital. Now that the company is leveraging the Xen hypervisor for much of the heavy lifting, expect the company to spread some of that money around in other areas in order to continue to innovate on this interesting security play.

This article, "Bromium vSentry 2.0 protects users, companies with latest microvisor," was originally published at Follow the latest developments in virtualization at