C-level briefing: Bromium CEO Ian Pratt explains how virtualisation could tackle the onslaught of ransomware.
As many people in the industry will tell you, cyber security has traditionally been oriented around walls and perimeters: how can we keep the bad guys and threats out?
But one company is seeking to make the firewall approach to cyber security obsolete through the use of what it terms micro-virtualisation.
Co-founded by former Cambridge academic Ian Pratt, now CEO, Bromium’s technology uses virtual machines to isolate threats and prevent them from infecting computers.
"Most security products fundamentally rely on detection. They have to know what they’re looking for and have some model of what is bad, so that when they see it they can block it."
This, according to Pratt, doesn’t work when cyber attackers can simply modify malware to prevent it from being recognised.
"This worked a few years ago when somebody would create malware and send it out.
"Our approach is to acknowledge that it is an impossible problem. Now people make small changes to malware so that it evades the signatures and detection that people have."
Pratt says that the 97 percent guarantee offered by security vendors is not enough: 3 percent will still mean a large number of endpoints being compromised.
The solution, he says, is something that does not require worrying about compromise at all.
"Imagine that you could create a new instance for every task that you performed. Imagine that you could unwrap a new laptop and use it for going to a particular website, then unwrap a new laptop when you went to the next website."
This would mean that each time the user clicked a malicious link, the newly unwrapped laptop might be written off, but the attackers would not gain access to information stored elsewhere.
"You don’t really care whether that URL is malicious or not, because it’s only going to do damage to that laptop. It’s not going to have access to your documents or your credentials. There’s nothing else on that machine," says Pratt.
Bromium’s technology effectively aims to offer the next best thing. A new virtual machine is spun up for every single task the user undertakes. A new browser instance would be run inside its own virtual machine, so if the user accidentally clicked on a rogue link or went to a malicious URL, the infection would be contained within that virtual machine.
The same goes for opening a document, so that malware contained in documents sent by email would also be trapped within the virtual machine.
"As soon as you click close it’s the end of the attack," he says.
The firewall approach has of course been under fire for a while, increasingly being challenged from vendors offering a range of alternative solutions.
A key reason is that it is much harder to identify the perimeter that needs protecting. Information is no longer simply centralised on a company’s own mainframes or data centres but spread out through third party public and private clouds. Meanwhile, the number of end-points within companies has multiplied rapidly with the growth of mobile devices, wearables and the IoT.
But what has really driven demand for Bromium’s solution is the growth of ransomware, Pratt says, which has brought home the danger of end-points being infected.
Ransomware is malware that encrypts files on a victim’s device and forces them to pay a ransom to the attacker before they can access the files. The Infoblox DNS Threat Index saw a 3500 percent increase in the creation of ransomware domains in Q1 2016. In April video streaming site Pirate Bay was hit by an attack and in February Los Angeles hospital Hollywood Presbyterian Medical Center was hit.
The genesis for the technology was in Pratt’s earlier days as an academic, in which he led the Systems Research Group.
He co-founded XenSource, which built virtualisation software built on the open source Xen hypervisor. After XenSource was acquired by Citrix for $500M in 2007, he worked at Citrix as VP of Advanced Products and CTO. He left to found Bromium in June 2011.
In this time he worked closely with Intel and AMD to build capabilities into the CPU to do an efficient job of virtualisation. While back then the work was focused on enabling server virtualisation, the same CPU cores used in servers are also used in desktops and laptops.
This allows the virtual machines to work without draining too many resources in the CPU, and present the user with the same user experience they would normally expect.
Pratt claims that Bromium is currently the only company offering this kind of technology.
"Right now there’s no one else doing anything like this," he says, noting that the company has over 60 patents filed, presenting a high barrier to entry for any potential competitor.
It has seen early adoption in sectors where security is paramount, such as government, but he is bullish about its prospects in the consumer market.