UPDATED 23:03 EDT / OCTOBER 09 2020

SECURITY

Micro virtual machine security is a tried-and-true endpoint protection tactic

When VMware Inc. announced its Project Monterey strategy to redefine the data center last week, executives effused about the potential of the distributed processing model to redefine cybersecurity.

Using a combination of software-defined networks and microprocessor-equipped network interface cards running the full vSphere server virtualization stack, security specialists will be able to deploy large numbers of  individualized firewalls to protect applications, containers and even individual services. “Imagine you could create a little tiny firewall and a little tiny [intrusion prevention system] and attach it to each service,” Tom Gillis, VMware’s general manager of networking and security, said in an interview with SiliconANGLE.

HP's Pratt: In four years "we’ve had no reported breaches." Photo: HP

HP’s Pratt: In four years “we’ve had no reported breaches.” Photo: HP

But the idea of protecting applications and processes at a granular level isn’t new. HP Inc. has been shipping security software based on a similar concept for more than three years. Sure Click, which is included in every HP business computer, provides micro hypervisors, or virtual machine monitors, that can be dedicated to individual tasks on a personal computer to isolate them against attacks. Processes running in a VM get enough resources to do their job but can’t access the hardware or the file system, rendering them powerless to do harm.

The product is based on technology developed by Bromium Inc., which the PC and printer maker acquired last year. Bromium co-founder Ian Pratt, who is now the global head of security at HP, was formerly a senior faculty member at the U.K.’s University of Cambridge Computer Laboratory, where he was the principal architect of Xen, the open-source hypervisor that some of the world’s biggest cloud providers use for virtualization.

Micro VMs provide nearly total endpoint protection by changing the rules of engagement, Pratt told SiliconANGLE. Instead of engaging in a cat-and-mouse game of trying to anticipate an attacker’s actions, the software neutralizes the playing field.

For example, upon clicking a Word document attachment in an email, an action that he described as “the most dangerous thing you can do on a PC,” Sure Click transparently launches a virtual machine and opens the document inside it. “The document has just the resources required for that task and that VM exists just for the life of the attack and is then disposed of,” he said.

Pratt demonstrated by opening a Word file infected with ransomware. The action triggered an attack, but the malware was isolated within the temporary VM and disappeared when the instance was closed. The technology is equally effective in protecting browser instances and any other processes that don’t need to access the hardware directly, he said.

VMs are a better isolation chamber than software containers because “a hypervisor has a code base that’s orders of magnitude smaller and we’re able to take advantage of built-in analytics,” Pratt said. Administrators can also track micro VMs across a network for analysis. “You can watch attacks playing out and build heat maps of the tactics they’re using” as well as identify risky sites and zero-day exploits, which are attacks that have never been seen before. The performance penalty of the micro VM is minimal, amounting to about 100 milliseconds for each process.

Sure Click is far less ambitious than Project Monterey, which VMware sees as an architecture for sharing resources across entire data centers. It’s also limited to endpoints, whereas VMware sees Project Monterey spanning entire clouds.

But as an endpoint security tool, micro VMs are a tried-and-true tactic that has been in use for some time. HP has been shipping the technology for over four years and “we’ve had no reported breaches,” Pratt said.

Photo: Photopin CC

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU