Tackling An Unpatchable Vulnerability With Bromium
In a recent cybersecurity training course with Police Scotland, I asked the group what I thought was a slightly sneaky question "what does every organisation in the world have in common?". After a few technical answers along the lines of computers, internet, servers and others, one of the class simply said, people. “People” was the answer I was looking for and for the next 30 mins, we discussed how much of a pain people are when it comes to cybersecurity.
With phishing attacks being one, if not the biggest issue organisations are currently facing, the need to make our users more security conscious is bigger than ever. User awareness schemes are now popping up everywhere and tools like Junglemap are a great way to get information across to people in bitesize ways with its NanoLearning.
Unfortunately, it’s inevitable that people will not take the information onboard or ignore it all together. So it’s time for the security teams to wrap user’s endpoints in cotton wool, and help fix the biggest risk to a company.
Recently I’ve been getting to know a newly updated Bromium. In a nut shell, Bromium uses micro virtualisation technology to isolate common business programs and isolate threats and reduce the attack surface of your endpoints. Specifically, Bromium’s unique, patented hardware-enforced isolation technology, leverages native virtualization-based security functions in Intel and AMD CPUs, to protect against external threats for protected applications like Office documents and PDFs.
By securing one of the main ways threats enter an organisations network, security teams can dramatically reduce their work load and stress. Further to documents and PDFs, web browsers are also isolated so the risk of drive by downloads is negated as well as XSS and other web browser based attacks. As this all happens inside its own micro VM, what happens on the web page, stays on that webpage.
Putting this to the test, we gathered a few dodgy looking files recently discovered by our team, and launched them inside a Bromium protected endpoint. Happily double clicking on PDFs filled with ransomware is rather entertaining when you are sure it won’t do any damage and have a full analysis of what it actually does to your endpoint afterwards. If we techies are happy to detonate files like this, safe in knowledge it’s all protected, we can be happy that when (when not if!) a user does open something, we don’t have to worry about it.