The Hoard Facts

Blog archive

Citrix Jumps on Bromium Bandwagon

The first time I talked to Simon Crosby after he left Citrix to co-found Bromium, he made it clear that he and CEO Mark Templeton were parting on good terms, which is why it comes as no surprise to me that Tal Klein of Bromium had a guest Citrix blog post entitled "Good Things Come in Small Packages" earlier this week, after his company unveiled its Bromium Microvisor technology at GigaOm's Structure conference.

Klein describes how the Bromium Microvisor automatically protects each vulnerable task on the operating system and instantly hardware-isolates it within a micro-VM, which is a "lightweight, hardware-backed isolation container that polices access to all OS services." Micro-VMs run natively on the OS without performance impact, but continuously protect the system -- even from unknown threats.

"A micro-VM can only access OS services or devices via simple controls that pause the execution of tasks and instantaneously arbitrate access through the microviser," Klein writes. "This provides an unbreakable hardware backstop for all software isolation technologies used by the OS and its applications, and imposes tight control on access to sensitive data, networks and other resources."

The Bromium system architecture was created with the understanding that micro-VMs will be compromised, but guarantees that the attacker could not gain access to sensitive data or applications or persist an attack. "A Micro-VM can only access data on a need-to-know basis, and any changes it makes are nulled as soon as the user closes the application, thereby automatically incapacitating malware and eliminating remediation costs, even for PCs that haven't been patched," Klein declares.

Turning his attention to how XenDesktop fits in, he says Bromium's new technology guarantees end-to-end security for users on laptops using Citrix Receiver to access their hosted sessions, no matter which FlexCast flavor users employ to deliver Windows desktops and apps. Klein goes on to claim that Bromium protects data on the endpoint at runtime, and prevents attacks from all outside vectors, including USB, web, apps, mime types, etc. on the client by design. As he puts it, "There is therefore no risk of a user's personal activities such as web browsing or web-mail compromising Receiver, the browser, the desktop or the enterprise."

To that end, he notes that Bromium is working with Citrix on the development of a Bromium plug-in for Receiver, and is seeking beta customers who have implemented Receiver in their enterprises.

Posted by Bruce Hoard on 06/21/2012 at 12:48 PM


Subscribe on YouTube