News
Bromium and ForeScout Team to Automate Threat Response
December 2013 by Marc Jacob
Bromium®, Inc., a pioneer in trustworthy computing, and ForeScout Technologies, Inc., a provider of pervasive network security solutions for Global 2000 enterprises and government organisations, today announced integration efforts between Bromium Live Attack Visualisation and Analysis (LAVA™) and ForeScout CounterACT. The joint solution will help automatically defeat and remediate advanced malware, gather precise threat intelligence in real time, and protect the enterprise using advanced network-wide defences.
Providing an unrivalled comprehensive and accurate view of malware behaviour in real-time, LAVA is a centralised security application that works in conjunction with Bromium vSentry®. Bromium vSentry is built on the revolutionary Bromium Microvisor that protects endpoints by design, using CPU features for virtualisation to hardware-isolate each browser tab, attachment or document in a micro-VM™ that cannot access enterprise data, the Intranet or valuable SaaS sites. Malware is automatically remediated when the user closes the task. LAVA gathers and provides real-time analysis of each hardware-isolated malware attack cycle occurring within an enterprise, providing detailed insight into an attack’s origin, techniques and targets while delivering immediate, actionable security intelligence and enabling enterprise security teams to safely analyse threats.
Based on CounterACT’s real-time visibility and policy-based mitigation capabilities, CounterACT can dynamically provision and activate the Bromium endpoint agent, vSentry®. CounterACT can also receive malware details from Bromium LAVA™, Bromium’s management system, in real-time and allow organisations to enable CounterACT to quarantine infected endpoints, block the infection source and inspect all other endpoints on the network for presence of a similar infection.
The joint solution benefits include:
Automated malware response – When Bromium LAVA detects advanced malware, it sends information about the attack to CounterACT in real-time. CounterACT can then take automated actions such as alerting the administrator, emailing the end-user and preventing further malware propagation to unprotected endpoints by blocking traffic to and from the infection source.
Agent provisioning and monitoring – CounterACT has the ability to discover, classify and monitor all endpoints on the network, including unmanaged and personal devices. This allows CounterACT to detect endpoints without a Bromium vSentry® agent and verify if they meet the minimum hardware and BIOS requirements. CounterACT then deploys the Bromium agent on these endpoints, automatically or via manual action.
Enterprise-wide attack mitigation – Bromium can determine the signature representative of an advanced malware attack and send this information, including the malware payload fingerprint, to CounterACT. CounterACT can use this information to assess all other endpoints (including unprotected endpoints) to identify and quarantine additional zero-day infection points across the enterprise network.
ForeScout CounterACT, Bromium vSentry® and LAVA™ interoperability is delivered through the ForeScout ControlFabric Interface using open, standards-based formats. ForeScout delivers pervasive network security by allowing organisations to continuously monitor and mitigate advanced malware attacks. ForeScout CounterACT dynamically identifies and assesses all network users, endpoints and applications to provide comprehensive visibility, intelligence and policy-based mitigation of security issues. ForeScout’s open ControlFabric technology enables vendors, system integrators and customers to integrate CounterACT with a broad range of IT security products and management systems to automate enterprise-wide defences.
