Bromium vSentry, a first glance
A couple of days ago I received the bits from Bromium’s vSentry. vSentry is a security solution built to provide safe desktops to end-users without the hassle of it (the security solution) being there. From their website:
Bromium vSentry transforms information and infrastructure protection with a revolutionary new architecture that isolates and defeats advanced threats targeting the corporate endpoint through web, email and documents. vSentry protects desktops without requiring patches or updates, defeating and automatically discarding malware, and eliminating costly remediation.
Traditional security solutions rely on detection and hence fail to block targeted attacks which often use zero day exploits. Bromium uses hardware level isolation to stop even “undetectable” attacks without disrupting the user.
vSentry is built on the Bromium Microvisor™ – a security-focused hypervisor that automatically, instantly and invisibly hardware-isolates each vulnerable Windows task in a micro-VM that cannot modify Windows or gain access to enterprise data or network infrastructure.
vSentry and how it works..
So vSentry works based on a microvisor that is controlled by policies (either local or via Active Directory, the ADMX file is included in the compressed folder) and leverages Intel® VT-x and Intel® EPT technology to sit between the hardware, OS and applications.
After some contact with Tal Klein (Senior Director of Products) I was asked to remove the screendump and vid’s from the installation, he informed me the vSentry product license prohibits posting screen captures & in-product videos so I went searching for some more information and found an even better architectural view of how vSentry protects the end user.
Recommendations for the installation of the vSentry software according to the deployment guide are displayed in the following list, based on that requirements I had to grab a newer laptop because my current production machine has a C2D CPU without VT or EPT :
- CPU: Intel i3 or higher (Intel VT and EPT must be enabled in the system BIOS.
- Memory: 4 GB RAM minimum, 8 GB RAM recommended.
- vSentry ensures adequate performance by limiting the number of micro-VMs that can be opened during a period of intensive memory usage. Only a few new micro-VMs can be opened when memory consumption exceeds 95%.
- Hard disk: 20 GB free disk space
When looking at the Software requirements in the deployment guide the following is needed:
- Windows 7 Enterprise (64-bit with SP1) with enterprise volume license (KMS) or OEM license.
- Microsoft .NET Framework 3.5 (pre-installed with Windows 7)
- Microsoft Office 2010 Standard or Professional Plus (either 32-bit with SP1 or 64-bit) with KMS licenses
- Microsoft Visual Studio Tools for Office 4.0
- Microsoft Silverlight 4.x or 5.x
- Microsoft Internet Explorer version 8 or 9
- Adobe PDF Reader 9 or X
- Adobe Flash 11
- Oracle Java 6 or 7 (32-bit)
- Antivirus (one of the following):
Microsoft Security Essentials 4.0
Symantec Endpoint Protection 11.0.6, 11.0.7 or 12
McAfee Endpoint Protection or Total Protection 8.7 or 8.8
Trend Micro OfficeScan 10.6
- Tool bars and plug-ins:
Bromium has tested compatibility with most popular tool bars and plug-ins,
such as Google, Yahoo, and Bing. Tool bars that require Document Object
appropriately in vSentry.
Installing the bits..
Of course I wanted to test this and tried to install vSentry on a Windows 8 installation but the installation failed, what I did notice is that the error handling is really good. I got very useful error messages stating what’s went wrong with the installation so I could act on missing software or enabling features in the BIOS.
After the installation of Windows 7 (x64) I could install the software without using the deployment guide which means the installation process is easy and straightforward, by just adding a couple of configuration settings to the installation I got a usable configuration of vSentry. I didn’t try the ADMX/ADML file because I used a standalone laptop but the Deployment Guide provides a well written guide through the GPO’s offered in the ADMX file.
When vSentry is installed there’s a vSentry tray icon that should be running in the sys tray, when opening the Status Monitor a lot of useful information comes up and it gives an overview of the processes protected by vSentry.
After a couple of days..
I’ve been using this laptop for a couple of days and from a user perspective it’s a good solution, normally one of the problems with security it conflicts with usability (post-it’s with complex passwords on monitors anyone?) but I’m under the impression vSentry is build to be non-intrusive and keeps a balance between security and usability. From an administrative perspective it’s a well documented solution and it’s easy to install and manage. The success of this new product will be made in the business case/use case and cost perspective, a lot of organisations aren’t aware of possible security threats which means there is a phase in which awareness should be developed and this could mean a long sales cycle. For organisations that are fully aware of all threats coming at them on their own network and the world wide web it’s a good solution as it is able to provide security without interfering with usability.