Invincea is looking to protect enterprise endpoints from Web-based malware by moving Internet Explorer into a virtual environment.
A security company is going to market with a plan to
bring virtualization to the browser to bolster security against
Web-based
threats.
Arguing that firewalls and antivirus software fail to adequately protect
enterprises, Invincea's strategy is to move Internet Explorer "into a
virtual environment in a manner that is transparent to users," the company
said Sept. 13. Invincea Browser Protection runs the browser "non-natively
as a virtual appliance on
the
user's desktop."
"Most attacks take advantage of browser vulnerabilities to implant
software in the OS. In IBP this happens in a virtual OS that is disposed of
after use," said Anup Ghosh, chief scientist at Invincea.
Any changes made by malware-including to the file system, system
libraries/DLLs, registry and memory-are made in a virtual environment and not
the host, Ghosh explained. Users can download files to a specific directory
shared with the host OS, he said, and the "directory is non-executable and
malware
cannot install or run software on the host OS."
Adding to the company's virtualization approach is behavioral malware
detection. Arming the browser with low-level sensors, IBP starts in the exact
same state down to the bit level on start-up.
"Since the state is the same on each start-unlike your desktop, for
instance-our behavioral sensors monitor for changes to this state during
operation," Ghosh said. "If, for instance, a heap spray attack
against the browser is used to run code in the browser stack that in turn
launches a command shell or forks a new process, our sensors detect this
abnormal behavior for the browser and will call a foul.
"At this point, the corrupted browser environment is disposed [of] (file
system and memory) while a new clean instance of the browser environment is
brought back," he continued. "Meanwhile, detailed cyber-forensics
about the infection event are recorded and sent to a database including the
source of the infection, its system changes it made and where it reached out to
on the network."
"Originally funded by the Defense Advanced Research Projects Agency
(DARPA) to build a prototype of a virtualized Web browsing solution," the
Invincea release said, the company "then developed its patent-pending
technology with George Mason
University's Center for Secure
Information Systems. Today, Invincea is venture-backed" and it released
its first version of IBP in April.
"The feedback has been positive and we're ready to go to market now ...
We have over a dozen deployments of various sizes currently," Ghosh said.
Right now, IBP supports Windows XP and Vista, with
Windows 7 support coming soon.
Email
Print
