WHY THIS MATTERS IN BRIEF
- With the number of cyber attacks rising exponentially companies are turning to virtualisation to help them contain attacks, and it looks like it’s working
Speak to anyone – anyone at all, even your grandmother, and they’ll tell you that the number of cyber attacks are on the rise, and that they’re unlikely to stop any time soon. In fact, let’s face it – they’re never going to stop.
As a result companies are in a continual arms race with the cyber criminals trying to find new ways to protect and defend our systems from attack. And now, a security company called Bromium thinks its latest concept can protect people against the scourge of malware using a process called “Micro-virtualisation.”
Normally when you click on an infected link, or visit an infected website malware gets downloaded straight to your computer. Sometimes the malware just turns your computer into a bot, which hackers can then use to orchestrate massive DDoS attacks, like those perpetrated by the Mirai botnet in October last year that took down massive chunks of the US East Coast and European internet, and other times it can hold your data to ransom, encrypting it and metaphorically throwing away the key if you don’t pay up.
Now Bromium have decided that enough is enough. Every time you open a document or visit a website, Bromiums new technology creates a mini protected virtual environment for each event, and even if you’ve clicked on an E-Mail link containing a link to malware, there’s nowhere for that malware to go because it is isolated within its virtual bubble and can’t infect the rest of the machine or penetrate the corporate network.
Bromium co-founder and president Ian Pratt, who sold his first company XenSource to Citrix for $500m (£398m) in 2007, says it has taken his firm six years to perfect the product.
“This is by far the hardest thing I’ve done by miles,” he said.
One helpful development was when the big computer chip makers, such as Intel and ARM, began producing chips that had virtualisation capability built in to them.
“We’ve created a billion virtual machines since we started, and no bad stuff has ever escaped from one of them,” says Pratt, who also goes on to say that the technology’s proving to be very popular – particularly within the government and intelligence sector.
“The US intelligence services tend to compartmentalise data from secret sources using separate banks of computers. Now, using virtualisation, they can keep secret data separate and secure virtually on one computer,” he says.
Using Bromium’s new product a single computer can run 50 virtual machines (VM’s) at once without much loss in performance. It’s this ability to create VM’s instantly that’s one of the products main advantages – and knowing what we know about the recent alleged Russian hack of the DNC’s E-Mail servers during the recent US election using an infected malware link you could also argue that Bromium’s new platform could have stopped the attack in its tracks. And could that have changed the outcome of the US general election?
Well… who knows. Anyway, back to the story.
At the recent World Economic Forum’s (WEF) Davos summit, a cybersecurity roundtable discussion revealed that the biggest banks can now expect up to two billion cyber attacks a year, whereas retailers by comparison can expect a paltry 200 million. And, unfortunately, despite all the latest next generation firewalls and antivirus software, from firms such as Checkpoint, Palo Alto and Symantec it’s often us humans who are the weakest link in any organisation’s security defences.
After all, how many of us can resist clicking on a link E-Mailed to us by a complete stranger that promises us the latest cat meme’s? Certainly not me.
“Virtualisation’s a very effective way of containing the effects of an attack because it isolates the bad stuff, and that’s awesome,” says Prof Giovanni Vigna, a director of the University of California’s cybersecurity centre and co-founder of malware detection company, Lastline, “but it’s not a silver bullet,” he warns, “it won’t prevent users from giving away sensitive security data in targeted spear phishing attacks.”
Phishing attacks are where staff are hoodwinked into giving away security details because hackers have collated enough personal details to make an E-Mail or document look entirely official and convincing.
“This type of manipulation – called social engineering – is still very effective,” says Vigna, “and it’s difficult to protect against human stupidity.”
Bromium’s Ian Pratt accepts that this is a limitation of virtualisation, but he maintains: “In 80% of cases hackers are gaining access to enterprise networks through staff clicking on dodgy links. Our system limits the damage that can be caused. We’re trying to make these attacks far more expensive to execute.”
And he has a good point.
Traditional Anti-Virus (AV) products work by identifying malware signatures and adding them to the huge database, and once a known signature has been detected they can then quarantine and delete it. But the problem with this approach is that it’s reactive and does nothing to prevent previously unknown attacks made by new forms of malware – many of which, increasingly, are using machine learning to learn how to evolve within an infected system and evade the AV software.
One cybersecurity firm trying to tackle this issue is Invincea, which describes its “X” product as machine learning next generation antivirus. It aims to detect and stop malware without relying on signatures and learns how suspect programs look and behave when compared to legitimate programs and other known forms of malware. And if a suspect file exceeds a risk threshold it is quarantined or deleted. Similarly to Bromium it also makes use of virtualised isolated environments to contain the threat.
“Potentially Invincea is a major competitor to Bromium,” says Prof Vigna, “the advantage is that it works on CPUs that don’t support micro-virtualisation, so it can be used in organisations with older computers.”
Meanwhile Microsoft has also been exploring the benefits of virtualisation. Its next major Windows 10 update will enable users to run the Edge browser within a protected virtual machine environment and Prof Alan Woodward from the University of Surrey’s computer science department thinks the tech giant could go further.
“Virtualisation is a neat idea,” he says, “and lots of people are taking it very seriously. My personal suspicion is that someone like Microsoft may well try to build it into their operating system [OS] directly.”
Although we have much better malware detection systems these days, we, “the squidgy bit in the chair”, as Prof Woodward calls us – still remains the most vulnerable point in this cybersecurity warfare.
Ah, another cat meme link, I’ve got to go and click it…