Bromium Advanced

Endpoint Security
Realizing the Potential of Next-Generation Endpoint Protection
Contents Introduction
Preventing zero-day attacks
Detect to protect: a flawed model
99% is not the answer
Adopting a new approachthe adaptive security architecture
Summary
BROMIUM ADVANCED ENDPOINT SECURITY 02
Introduction
Cyber security seems to be repeating itself. Each year brings the According to leading research
analysts, cyber-security spending
promise of improved security solutions, but this promise falls approached $75B in 2015; however,
short against the reality of continuous data breaches. according to the Identity Theft
Resource Center, the number of
It has become apparent that the majority of security solutions dont U.S. data breaches totaled 781
in 2015 with millions of records
live up to the hype, yet cyber-security spending has become irrational. compromised.
Security solutions continue to repeat the same mistakes as their SOURCE: WWW.IDTHEFTCENTER.ORG

predecessors, yet security professionals continue to purchase them,

expecting a different result. Some have defined this as insanity.
We must unlock the hidden potential of our computer systems to
develop infrastructure that is secure by design. This is not a problem
that can be solved by throwing money and manpower at it because
there are far too many attacks and alerts to manage. Instead, we
must unlock the hidden potential of our systems to make them
secure by design.

BROMIUM ADVANCED ENDPOINT SECURITY 01

Preventing One of the greatest
challenges for any security
zero-day
team is preventing zero-
day attacks and detecting
attempted breaches in
attacks. progress. Enterprises are
fighting a losing battle against
todays advanced, targeted
and often undetectable
cyber attacks. Enterprises
are spending more and
more on layered security
solutions, which add cost
and complexity, but do not
solve the problem since
they are based on detection.
The endpoint is by far the
weakest link and the number
one attack vector.
Your organization does not have to
fall prey to the fatalism of the youve
already been breached but dont know
it yet set. Those are the narratives of
executives who know they are failing
and seek solace in collective failure.
SIMON CROSBY, CTO AND
CO-FOUNDER, BROMIUM
Those who cannot learn from history
are doomed to repeat it.
GEORGE SANTAYANA
Only 50% of organizations patch
zero-day vulnerabilities in the first week

BROMIUM ADVANCED ENDPOINT SECURITY 03

Detect to From an endpoint protection
perspective, solution vendors,
protect:
for the most part, rely on
trying to detect malicious
activity. However, detection
a flawed rates for todays advanced
threats are typically around
model. 5-10%. Whether incorporating
techniques such as behavioral
analysis, heuristics or artificial
intelligence, the fact is
detection-based approaches
hinge on the ability to
accurately distinguish
legitimate applications and
files from malicious threats
IT and security administrators
said too many false positives
are keeping them from being
confident on breach detection.
ENTERPRISE MANAGEMENT
ASSOCIATES
crafted by determined and
skilled threat actors. The
bad. Moreover, as reported
by Verizon, more than 70%
latest approach gaining of breaches used malware
attention, machine learning, that was customized to the
is similarly challenged. specific environment of the
Normal behavior cannot be
easily defined, which makes it
target. Antivirus and other
security products that claim
difficult to detect anomalies.
Training a machine-learning
to be able to detect malware
quite simply cannot keep
engine with human experts up. The arms race between
is time consuming and attackers and vendors favors
expensive, and no guarantee the attacker.
for success.
We need to accept that, just
like us, our computers cannot
reliably distinguish good from
BROMIUM ADVANCED ENDPOINT SECURITY 04
99% is not In controlled test
environments, traditional
the answer.
and next-gen AV vendors
split hairs at the 99% catch-
rate level. With each year
proving to be a banner year
for malware variants and
evasion techniques, running
the math exposes the fallacy
of detection even more starkly.
According to a new report
from Panda Security more
than 84 million new malware
samples were collected over
99% of malware hashes are seen for
only 58 seconds or less. In fact, most
malware was seen only once
the course of 2015. This
nets out to approximately
230,000 new malware
samples per day. This figure,
compounded with other
disturbing trends highlighted
in the 2016 Verizon Data
Breach Investigations Report,
underscore how quickly
cybercriminals are modifying
their code to avoid detection.
1% of 84,000,000 is an
unacceptable number,
BROMIUM ADVANCED ENDPOINT SECURITY
particularly when you consider
that the 1% that gets
through likely comprises
the more difficult and
catastrophic threats. The
question remains: should
customers feel safe even
with a 99% protection rate
over critical threat vectors?
Given the stakes involved,
organizations cannot afford
to settle for good enough.
05
Adopting In the report, Designing an
Adaptive Security Architecture
a new for Protection From Advanced
Attacks, Gartner analysts
Neil MacDonald and
approach Peter Firstbrook wrote,
Enterprises are overly
the adaptive dependent on blocking
and prevention mechanisms
security that are decreasingly
effective against advanced
architecture. attacks. Comprehensive
PREDICTIVE
RETROSPECTIVE
protection requires an
adaptive protection process
integrating predictive,
preventive, detective and
response capabilities.
Adopting this approach
requires solutions that
can address the entire
threat life cycle. Isolation
solutions are an excellent
complement to detection
solutions, particularly if they
ADAPTIVE
BROMIUM ADVANCED ENDPOINT SECURITY
deliver strong monitoring
capabilities in the isolation
environment. Virtualization
enables endpoints to
hardware isolate each task
that processes untrusted
content, defeating attacks
automatically even if the
endpoint is unpatched,
eliminating potential
breaches or the requirement
for remediation.
PREVENTIVE
DETECTIVE
06
Bromium Advanced
Endpoint Security
Bromium Advanced
Endpoint Security is the only
solution that protects an
enterprise from breaches
while enabling users to click
on anything without risk
of compromise. There are
three core components that
enable Bromium to deliver
the worlds most secure
endpoint: Protect, Detect
and Respond.
Protect Detect Respond
Proactive Endpoint
Protection
Bromium Endpoint Protection
enables complete protection
against both known and
unknown attacks. Micro-
virtualization hardware
isolates untrusted websites,
email, documents, USB
and executables to defeat all
malware including viruses,
Trojans and zero-day attacks,
even on unpatched machines
and untrusted networks.
BROMIUM ADVANCED ENDPOINT SECURITY 07
Sophisticated Monitoring
Eliminates Security Gaps
Bromium Endpoint
Monitoring delivers real-time
detection and monitoring
of threat activity. Micro-
virtualization enables
introspection, delivering
continuous host monitoring
for untrusted execution.
Enterprises can quickly
detect and contain an
attempted breach on
unprotected systems.
Real-time Analysis
Enables Instant Response
Bromium Threat Analysis
provides real-time attack
visualization and threat
intelligence. Bromium
consolidates and correlates
all sensor data for real-time
visualization of the entire
attack kill chain. The Bromium
threat cloud provides
intelligence into known-bad
and newly discovered attacks,
which integrates with SIEM
solutions. Continuous host
monitoring and live attack
visualization deliver real-time
intelligence, without false
positives, for rapid incident
response.
BROMIUM ADVANCED ENDPOINT SECURITY 08
Summary
Bromium has pioneered the next generation of endpoint protection
that eliminates breaches. Just as virtualization transformed IT,
Bromium is transforming security with its unique micro-virtualization
technology. Bromium provides the worlds most advanced endpoint
security, even against the most sophisticated zero-day malware.
Unlike traditional security technologies, such as antivirus or virtual
containers, which rely on ineffective detection techniques, Bromiums
solution automatically isolates each user task in a lightweight, CPU-
enforced, micro-VM. This enables users to click on anything without risk
of compromise, protecting the enterprise. Bromiums technological
innovations have earned the company numerous industry awards.

The worlds most advanced

endpoint security

BROMIUM ADVANCED ENDPOINT SECURITY 09

Bromium, Inc. Bromium UK Ltd. For more information go to www.bromium.com
20813 Stevens Creek Blvd Lockton House or contact sales@bromium.com
Cupertino, CA 95014 2nd Floor, Clarendon Road
info@bromium.com Cambridge CB2 8FH Copyright 2016 Bromium, Inc. All rights reserved.
+1.408.213.5668 +44.1223.314914 EB.BAES.US-EN.1606