There’s something fundamentally wrong with the way organizations think about IT security. Instead of figuring out a way to make sure malware never gets a chance to infect our systems, most of our efforts are focused on trying to prevent malware from getting onto the system in the first place.
But Bromium CTO Simon Crosby says consistently detecting and mitigating malware is mathematically impossible. Most widely used approaches to security are based on the assumption that malware can be discovered. Of course, if it is ever actually discovered, no one can really be sure how long it’s been there or determine exactly what it did.
Bromium is advocating the adoption of an entirely new approach to IT security, called vSentry, which is based on a micro hypervisor that allows end users to execute code on their machines in a way that never allows that code to infect any other part of their machine. According to Crosby, what makes this approach so compelling is that not only does it dramatically reduce the total cost of security, it has no impact on the user experience whatsoever.
It’s unlikely that IT organizations are going to reduce the reliance on antivirus software tomorrow. But it’s also clear that the cost of security continues to escalate, especially as cybercriminals and other “bad actors” get more sophisticated in terms of both the tools they use and the approaches to distributing code. Not only does vSentry isolate code on the end-user system, it also provides analytics tools that enable us to see exactly where malware running on top of vSentry came from.
Arguably, IT security vendors have become a little too comfortable creating products that alleviate the symptoms of an IT security breach rather than actually preventing the breach from occurring at all. Virtualization technology holds great promise in terms of helping cure what ails us from a security perspective. While there may never be such a thing as absolute security, right now it feels like no matter how much anybody spends, there still is either no security or only enough to only stop relatively simple attacks. That doesn’t mean we should throw away all our existing security technologies, but it does mean there is a crying need to fundamentally rethink the approach to the problem.