Bracket Computing Adds Forensic Capabilities to Isolation Platform

The Bracket Computing Cell platform in being expanded to provide organizations with event driven forensics and runtime integrity protection for running applications.

bracket computing

Bracket Computing announced new security features for its Computing Cell network isolation platform on Feb. 9. The new capabilities include runtime integrity protection and event driven forensics to help secure application workloads in the cloud.

Bracket Computing emerged from stealth mode in October 2014 with its core Computing Cell technology for security virtualization. The platform has since been expanded with additional capabilities announced in June 2016 providing network segmentation capabilities and data encryption options.

Bracket Computing founder and CEO Tom Gillis explained that since the Computing Cell operates as a virtualization hypervisor, the system has access to the guest operating system's memory. With the new event driven forensic capability that Bracket Computing is now introducing, the behavior of items in memory can be analyzed to help identify any potential malicious activities.

There are now also policy controls in the system to take immediate actions when a malicious actions occurs.

"At the moment of an attack, we can snapshot the memory and make that information available to a security forensics team," Gillis told eWEEK. 

As an analogy, Gillis said that the new event driven forensics is like a red-light traffic camera, that can capture the image of a speeding car and its license plate. From a technical perspective ,what the system is doing is capturing netflow network packet data and sending it all to a central control plane. From the control plane, an administrator can easily see what network elements are doing, enabling an organization to set policies based on normal operations.

"In the future, being able to incorporate external input, like threat feeds, is something that is on our roadmap and well within our grasp," Gillis said.

Another key addition to the Bracket Computing platform that is now being added is a suite of features the company is branding as runtime integrity. With runtime integrity, Bracket can help to make sure that for example, any security agents, including anti-virus or host protection, can not be modified or suspended by potentially malicious code.

"Runtime integrity is a way of making sure that once a server goes into production, it stays as immutable and hardened as is technically possible," Gillis said.

Looking forward, Gillis said that Bracket Computing will look to provide organizations with new additional security controls for configuration management.

"We're going to continue make the isolation we have with the Computing Cell stronger and easier to use," he said.

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.