bromium vsentry

21

Bromium vSentry Adrian Taylor Director, Mobile

Upload: barny

Post on 24-Feb-2016

160 views

Category:

Documents

0 download

Report

Download

Tags:

Embed Size (px):

DESCRIPTION

Bromium vSentry. Adrian Taylor Director, Mobile. . Paid 3644-2276-1234-5678. Zero-day price list. Source: http:// www.forbes.com /sites/ andygreenberg /2012/03/23/shopping-for-zero-days-an-price-list-for-hackers-secret-software-exploits/. Demo. - PowerPoint PPT Presentation

TRANSCRIPT

Page 1: Bromium vSentry

Bromium vSentryAdrian Taylor

Director, Mobile

Page 2: Bromium vSentry

Paid3644-2276-1234-5678

Page 3: Bromium vSentry

Bromium Confidential

Zero-dayAdobe Reader $5,000-$30,000Flash, Java $40,000-$100,000Word $50,000-$100,000Internet Explorer $80,000-$200,000iOS $100,000-$250,000

Zero-day price list

Source: http://www.forbes.com/sites/andygreenberg/2012/03/23/shopping-for-zero-days-an-price-list-for-hackers-secret-software-exploits/

Page 4: Bromium vSentry

DEMO

Page 5: Bromium vSentry

Page 6: Bromium vSentry

Page 7: Bromium vSentry

Micro-virtualization:Hardware-isolation for untrusted tasks

MicrovisorHardware

Virtualization (VT-x)

Lightweight, fast, hidden, with an unchanged native UX

Hardware-isolates each untrusted Windows task

Uses I/O Virtualization VT-d, TXT & TPM if available

Based on Xen with a tiny, secure code base

Fully integrated into thedesktop user experience

Page 8: Bromium vSentry

DEMO

Page 9: Bromium vSentry

ApplicationsOS Libs / Utils

Kernel

Hardware

Page 10: Bromium vSentry

Desktop

Untrusted Tasks

CPU

Mutually isolates untrustworthy tasks from the Desktop, & each other

Page 11: Bromium vSentry

http://www.facebook.com

Page 12: Bromium vSentry

Micro-VMs have “need to know” access to

files, networks, and the user’s desktop

Page 13: Bromium vSentry

Page 14: Bromium vSentry

Page 15: Bromium vSentry

Micro-VMs execute “Copy on Write”

Page 16: Bromium vSentry

Malware is automatically

discarded

Page 17: Bromium vSentry

LIVE ATTACK VISUALIZATION AND ANALYSIS : LAVA

Page 18: Bromium vSentry

3. Full attack execution

2. One task per micro-VM

1. Micro-VM Introspection

APIs for Live Attack Analysis

Page 19: Bromium vSentry

DEMO

Page 20: Bromium vSentry

Bromium Confidential

Desktop, Laptop, Tablet and Smartphone

2012 2013 Future

Page 21: Bromium vSentry

Thank you

Xen Community Update · Xen Community Update Ian Pratt Chairman of Xen.org and SVP Products at Bromium 1 . ... –Memory Introspection API –CPU Pools for partitioning –Very large

HP Bromium Threat Insights Report July 2020 · Increased QakBot Banking Trojan Campaigns In June, we saw an increase in malicious spam campaigns distributing QakBot, a banking Trojan.³

Application Sandbox Limitations - Bromium

Bromium Secure Platform Deployment Guide

Key solution benefits Bromium Secure · the endpoint, uses hardwarelevel isolation to prevent malware from infecting or persisting on enterprise PCs. Bromium identifies and selfremediates

Bromium: Endpoint Protection Attitudes & Trends 2015

BROMIUM SECURE PLATFORM

THREAT INSIGHTS REPORT - Bromium€¦ · ensuring that malware cannot infect the host computer or spread onto the corporate network. Since the malware is contained, Bromium Secure

Bromium homoeopathic materia medica slide show presentation by Dr.Hansraj salve

Homöopathische Mittel Lager-Liste 08/2017 · PDF fileBotulismus Nosode = Clostridium botulinum X Bovista gigantea Q 1 – Q 9 X X X C 10.000 Brachyglottis repens X Bromium Q 1 –

OGNI DECISIONE RELATIVA AI PC è ANCHE UNA DECISIONE …€¦ · • 3. Ponemon Institute, Global Report on the Cost of Cyber Crime, 2015 • 4. Bromium, Into the Web of Profit, 2018

Bromium Secure Platform Release Notes Notes...Bromium Secure Platform previously required vPro chipsets supporting Intel VMCS Shadowing, a feature that improves performance of hypervisors

Vernetzte Welt – Sicherheit · Jochen Koehler, Regional Director DACH bei Bromium Jan Lindner, Geschäftsführer bei Panda Security Moderation und Impuls: ... 09:45 Dr. Hans-Joachim

Bromium Secure Platform Deployment Guide Guide...SpecifyingtheBootstrapPolicyFilePath 15 UsingSCCMtoDeployBromiumProducts 15 msiexecCommand-lineSwitchesandParameters 17 RemoteDeploymentFailures

Bromium Secure Platform Release Notes Notes/Bromium_Re… · End of Sale (EOS) / End of Life (EOL) Updates ... The Release Notes cover the Bromium 4.1 Update 8 product release, and

Bromium Secure Platform Notes... · 2018. 10. 4. · • Bromium Secure Browsing Extension (SBX) supports the latest Google-recommended version of Google Chrome. • Bromium Chrome

SANS Vulnerability Management Survey - Bromium...Scoring from threat and vulnerability intelligence feeds CVSS severity Figure 5. Risk Assessment and Assignment Factors Figure 6. Vulnerability

Malware as a Service - SURICON€¦ · © 2019 Bromium Inc. All rights reserved. 5 Malware as a Service –Previous Work 2015 2017 2018 2019

HP Sure Click Enterprise 4 Guide... · deployments to HP Sure Click Enterprise 4.2. Glossary The following abbreviations are used throughout this document: • BSP – Bromium Secure

Rafal Wojtczuk rafal@bromium Conf/Blackhat/2016/us-16... · –IDT, GDT limits set to 0, syscall&sysenter disabled . Kernel HVCI and kernel exploits •Attackers love arbitrary code

awar 2017 ds - aixagon.fr€¦ · SC AWARDS 2017 EUROPE 5 Finalists 2017 • Bromium for Bromium Secure Platform • Carbon Black for Carbon Black Cb Defense • Cylance for CYLANCEPROTECT®

HP Sure Click Enterprise 4 - Bromium Notes...Operating Systems with HP Sure Click Enterprise 4.2.1 and later. • Internet Explorer 11 Enterprise Mode and the Enterprise Mode site

Rafal Wojtczuk rafal@bromium - pdfs.semanticscholar.org€¦ · •No more cleartext creds in lsass, ever •Still, as before, until reboot, attacker can interact with CG and have

Bromium Secure Platform Notes...• Symantec Endpoint Protection 11.0.6, 11.0.7, and 12 • McAfee Endpoint Protection or Total Protection 8.7 and 8.8 • Trend Micro OfficeScan 10.6

Bromium vSentry Adrian Taylor Director, Mobile. Paid 3644-2276-1234-5678

Bromium Secure Platform Release Notes Notes... · 2011. Supported models have namesof type A4/A6/A8/A10 (followed by a four-digit number in which the first digit isnot 3.) ... •

Securing Legacy Applications with Bromium Application Isolation … · and applications from accessing host or prohibited network resources. 3. Remote Services Viewing Amazon Web

THREAT INSIGHTS REPORT - Bromium...THREAT INSIGHTS REPORT SEPTEMBER 2019 THREAT LANDSCAPE The Bromium Threat Insights Report is designed to help our customers become more aware of

STOP MALICIOUS EMAIL ATTACHMENTS - Bromium · When David Jones’ resume attachment is opened, it is safely isolated within a micro-VM running Microsoft Word. A second resume from

The SANS Maturity Model: Securing the Modern Endpoint · Bromium, Inc. 2018 4 White Paper Public Sector The SANS Security Maturity Model The SANS Institute has developed a Maturity

HP Sure Click Enterprise 4 - Bromium Notes/HP...feature that improves performance of hypervisors running nested virtual machines by reducing nesting-induced VM exits. Bromium 4.1.4

THREAT INSIGHTS REPORT - Bromium€¦ · security teams with tools and knowledge to combat today’s attacks, ... monitoring the script’s console output by redefining the console

Bromium 4.1.5 Open Source Software

Rafal Wojtczuk rafal@bromium - WordPress.com...aScenario 1 propertiesupa •After logon, no cleartext credentials in lsass •While user is logged in, lsass will auth to remote servers

Derbycon Bromium Labs: Sandboxes