A large US supermarket chain has implemented an innovative endpoint security technology to secure point of sales systems running legacy applications to save additional development or patching costs.
Bromium’s vSentry endpoint security software applies virtualisation expertise to isolate and secure every untrusted network task within its own tiny virtual machine or microVM.
According to Bromium, it is impossible to detect all the possible attacks or monitor all the possible forms of suspicious behaviour.
However, the firm maintains it is possible to protect endpoints using highly granular virtualisation in combination with hardware-enforced isolation.
In this proactive approach to security, vSentry assumes all internet tasks are untrusted and automatically puts each task into its own microVM, which is destroyed when the task is completed.
If an attack occurs within any of these tasks, the malware remains contained and isolated inside the microVM, unable to escape and access any system or network resource.
Because vSentry is completely transparent to the user – even during a malware attack - there is no affect on user experience or performance, according to Bromium.
This approach, the security firm claims, de-couples protection for the first time and provides 100% protection against all malware attacks as it does not use any “detection” technologies.
To validate this claim, research organisation NSS Labs completed an independent security validation exercise on vSentry.
The results, published in February 2013, stated that vSentry protected endpoints from every attack, including 166 embedded exploits delivered through email and drive-by attacks.
VSentry also protected targets against 15 advance attacks using the Metasploit penetration testing toolset that incorporated advanced obfuscation and evasion techniques in an attempt to bypass protection.
Read more on endpoint security:
- Managing BYOD endpoint security
- A CIO's five-point plan for managing endpoint security
- Tactical Success for Multiplatform Endpoint Security
- Endpoint device management key to controlling corporate data
- Antivirus alternatives: Evolving enterprise endpoint security strategy
- McAfee Focus 2012: Endpoint security key to Security Connected strategy
- Endpoint management FAQ for desktop admins
Speaking on condition of anonymity, the director of information security for a large US-based supermarket chain said the company implemented vSentry in the face of malware designed to avoid detection.
“This compelled us to examine solutions with novel approaches to solving the problem,” he said.
According to the supermarket chain, network-based detection tools would not be able to provide the adequate visibility or control to deal with this type of malware.
Similarly, there were certain attack types that the other endpoint security controls could not mitigate or were operationally burdensome.
“We were also looking for technology that would prevent the most sophisticated, targeted attacks, not just produce forensic data after they were successful and eventually detected,” the director of security said.
The threat intelligence provided by Bromium’s Live Attack Visualisation and Analysis (LAVA) system is one of the pillars of an improved security framework that the company is implementing to achieve greater visibility and alerting for malicious activity.
“The exceptional benefit that vSentry provides is that their isolation-based approach first protects the systems from targeted attacks, then alerts us of the threat – after it has already been mitigated,” he said.
This reduces the noise and number of alerts to investigate as well as having a measurable savings around the operational cost incurred to remediate those machines and associated lost productivity.
There are three main business benefits of vSentry, according to the director of security.
First, the systems running legacy applications could be secured with no additional development or patching cost.
Second, the number of malware infections and the associated time it takes to remediate them has been almost non-existent.
Third, the intelligence gained from malware captured with LAVA on only a small number of vSentry hosts protects the entire environment.