Find out more about our Managed Services
Bromium logo white 500x150

Application isolation using virtualization-based security stops attacks in real time, protecting your organisation from threats, and eliminating the cycle of chasing false alerts, emergency patching, and remediation.

Bromium logo white 500x150

Download this free guide and take a frank look at modern endpoint security, what's wrong with it, and why the future of your IT security is already available.

Tackle Malware with Virtualization

Application isolation provides benefits that simply cannot be matched by traditional detect-to-protect solutions. When every threat is contained in its own micro-VM, users can click with confidence when surfing the web, using email or opening documents.

Hardware-Enforced Application Isolation

Bromium micro-virtualization technology uses a Xen-based security-focused hypervisor called the Bromium Microvisor, taking advantage of the hardware features that are built into Intel® and AMD® CPUs to run each task in a single-use hardware-isolated container.

Isolate Each Task within Its Own Micro-VM

When a user visits a web page, opens a document, or downloads an email attachment, Bromium creates a new micro-VM. The user experience and application performance aren’t affected. From the user’s perspective, everything works exactly the same way as it would on a regular machine. However, each task and process runs inside its own micro-VM, and is safely contained there.

Everything in the Micro-VM Is Contained

If a task turns out to be malicious, and malware is attempting to modify the kernel or change the master boot record, it is only making those changes within the micro-VM. There is no impact on the underlying system or other micro-VMs. When the task is closed, the micro-VM is destroyed, along with any threats it may contain.

A ‘Black Box’ Flight Recorder for Malware

Each micro-VM is created to run a unique, single task. If its behaviour deviates from what’s expected, that’s a sign that malware might be present. All the information about what the malware is doing is sent in real time to the SOC team via the management console.

  • Collect data on the entire kill-chain of the attack
  • Identify its command and control server(s)
  • Find out what connections the malware is making
  • Determine the malware’s target and adversary’s intention
  • Capture the malware payloads and make it available to the analysts within the SOC

Superior Threat Analysis and No Need for Remediation

Breachless Threat Intelligence™

Bromium endpoints and servers form a continuously adaptive sensor network for malware analysis and instant sharing of threat indicators. Security teams receive Breachless Threat Intelligence™ and complete kill-chain analysis reports to help find threats faster, ensuring enterprise-wide visibility and control.

Disposable Environments

As soon as the task finishes, Bromium discards that micro-VM. Any malware that may have been present is removed from the system, with no risk of cross-contamination and no need for clean-up or re-imaging of the PCs.

Detection Relies On Patient-Zero Infection — Bromium Doesn’t

The anti-malware security industry has tried everything: signatures, heuristics, sandboxing, artificial intelligence, predictive analytics, machine learning, and neural networks. Yet none of these solutions can fully protect organisations from attacks. Application isolation helps you:

  • Protect your intellectual property, customer data, people, and your brand
  • Reduce your threat surface and protect endpoints with hardware-based security
  • Endpoints remain protected while native application performance and usability are unaffected
  • Breachless Threat Alerts™ show full kill-chain analysis
  • No malware escape has ever been reported by our customers