One year after announcing that he and XenSource co-founder Ian Pratt were leaving Citrix to launch Bromium with former Pheonix Technologies CTO Gaurav Banga; Simon Crosby was back at the GigaOM Structure conference in San Francisco today to unveil Bromium’s micro-virtualization technology together with its plans to transform enterprise endpoint security. Bromium, despite the occasional blog post calling into question the security limitations of current desktop virtualization solutions and despite today’s announcement of the Bromium Microvisor, has very little to do with desktop virtualization. Desktop virtualization whether it be VDI, or IDV or anything in between, is a management technology, a means of getting an appropriately specified endpoint configuration in front of the user. Bromium has set itself a bigger challenge, one that is applicable to every endpoint and every operating system – the extension of the precepts of trustworthy computing to mainstream operating systems. The Committee on Information Systems Trustworthiness’ publication, Trust in Cyberspace, defines such a trustworthy system as one which
does what people expect it to do – and not something else – despite environmental disruption, human user, and operator errors, and attacks by hostile parties. Design and implementation errors must be avoided, eliminated, or somehow tolerated. It is not sufficient to address only some of these dimensions, nor is it sufficient simply to assemble components that are themselves trustworthy. Trustworthiness is holistic and multidimensional.
This is a challenging goal, not least because Bromium does not own the operating system(s) where it intends to operate, but if successful it has the potential to transform the face of both IT security and operations and not just on the endpoint.
Bromium’s initial focus will be on enterprise Windows desktops, but it doesn’t have to stop there. Not only are Bromium’s core trustworthy computing technologies equally applicable to any mainstream operating system, but can be applied equally well to any platform with hardware assisted virtualization; mobile, data center, and cloud services platforms, and could well extend to the high-value industrial control and SCADA systems that have been the source of significance high profile incidents. Bromium’s decision to to focus its initial efforts on desktop computing makes sound sense. Cloud computing may be seeing the lion’s share of publicity, but with over 800 million enterprise desktop worldwide, with over 50 million lines of code to exploit the enterprise desktop is by far the largest target for the malware industry and in the greatest need of additional protection. At the same time, the anti-malware business is ripe for disruption. Trend lines suggest that the leading edge of security innovation lies with malware developers and not with countermeasures developers. In some respects, the changes presaged the Bromium view of trustworthy computing are already underway. The rapid growth in the zero-day exploit sales business where a single iOS exploit might change hands for $250,000 will inevitably see well-documented zero-day attacks being used for purposes beyond their original intent, at which point no amount of conventional anti-malware protection in the world will make a difference. Yesterday, Google revealed new analysis of five years’ worth of data gathered by its Safe Browsing service. The overall number of infected sites peaked in 2009, however this good news was offset by more disturbing news of a resurgence in dedicated attack sites. At the same time phishing site growth has also risen dramatically, with over 300,000 new sites being found each month in Q1 2012, compared to only a few thousand sites being identified each month five years ago.