SAN FRANCISCO — Simon Crosby, co-founder of Bromium, doesn’t think much of cybersecurity companies. The standard of using threat signatures to allow detection software to find known threats isn’t his cup of tea.
“The whole security industry is living a lie,” Crosby said.
Given that no signature approach can detect 100 percent of malware, Crosby believes that they don’t provide real value.
“They don’t do their job so you shouldn’t pay, it should be free,” he said.
Instead, Bromium has developed a solution designed to erect an impenetrable barrier for computers, a barrier based on keeping the Internet out and allowing downloaded documents to do only what the user needs.
“We are rejecting in every way that we have to detect to protect,” Crosby said.
The system creates separate virtualized environments for every downloaded document, every tab in an internet browser, essentially every item that the user needs on a day-to-day basis. These environments are entirely isolated, with no traffic permitted to bleed between them.
The “micro-virtualization” also means that this traffic isn’t allowed to touch other components of the computer system, such as the operating system through which many attackers find means of ingress.
Bromium’s Microvisor, as the company calls the solution, allows only specific flattened data to cross the barrier. For instance, if one were to copy text from a web page and paste it into a document that exists behind the wall, only the information of the characters themselves would be transferred. Certain formatting directions, possibly entry points for malicious code, are stripped away. Or, when one might attempt to print a document, a new simplified image is created of the document and only that is allowed to cross the barrier to networked printers.
The solution also protects one of the more vulnerable everyday activities of users, PDF downloading and reading. Numerous security holes have been found in PDF reader software that allows attackers in. Instead, working on the premise that users really only need to see the PDF itself and don’t need anything else, the system does not allow the PDF software to connect to the Internet in anyway, boxing in any code that might have been carried in with the PDF.
The Bromium team believes that this isolation of data has created an essentially impenetrable defense, and they say that the isolation and flattening has no noticeable impact on performance for the user.
But by breaking down tasks to small kernels, the solution has another perk: it’s very good at detecting malware. Detection isn’t necessary for the system to work, so instead the company is using the data it’s getting on attacks and sharing it for free.
While many security companies have massive teams that generate proprietary signatures that it sells through subscription services to companies, Bromium doesn’t want to profit from the data.
“I don’t believe that owning information on an attack should be of commercial value,” Crosby said.