A new security vendor is selling a Windows application that it says could eliminate a major attack vector plaguing enterprises. Invincea, a Virginia-based security firm, is rolling out a virtualized browser that places Internet Explorer
We encapsulate not only the browser, but also the operating system that the browser runs on. It's a superior solution to an in-browser sandbox.
Anup K. Ghosh,
founder and chief scientistInvincea
The company, which formally launched at the end of August, is using underlying technology that was developed with funding from the Defense Advanced Research Projects Agency (DARPA).
"When a user opens their browser, it would open in its own virtual machine and from there the user could go out and get infected all they wanted," said Anup K. Ghosh, founder and chief scientist at Invincea. "Any infection is contained to the virtual environment and at the end of that session, the VM gets dumped and all the infections get eliminated."
Ghosh said the technology is nearly transparent to end users, who could browse the Internet as they normally would. In addition, Ghosh added behavior-based detection into the application, which alerts the user and IT about any malicious activity it detects, and terminates the session to eliminate the attack. Gosh said the browser restarts and restores the browser to the last safe place the user visited.
Nearly any malware attack can be eliminated using the virtual browser, Ghosh said. Drive-by downloads and more sophisticated man-in-the-middle attacks can be detected using behavior-based sensors in the virtual session -- not signatures.
Under pressure to address a rising number of attacks targeting the browser and its components, browser makers have been slowly adding security improvements. Google's new Chrome browser uses a sandboxing technique, separating the browser's rendering engine from the rest of the application to make certain attacks more difficult. Microsoft has added support for a number of new features in Internet Explorer 7 and 8, including address space layout randomization (ASLR) to defend against buffer overrun exploits and data execution prevention (DEP) to check system memory for anomalies.
The security features are a good start, but they don't go far enough because they don't isolate the browser from the underlying operating system, Ghosh said.
"We encapsulate not only the browser, but also the operating system that the browser runs on," he said. "It's a superior solution to an in-browser sandbox."
Invincea plans to offer the application using other browser code bases, beginning with Mozilla Firefox. It currently can be run on Windows XP. Windows 7 support will be available soon, Gosh said.
Browser collects detailed malware data
The virtual browser is customizable and can run custom Web applications. In addition, the application collects detailed data about the kind of malware detected and behavior of the browsing session for use by the enterprise in data forensics. The activity can be stored on or off premise. The attack data can help enterprises to add firewall rules, update their Web gateways with specialized content blocking, and be more proactive about other pieces of malware that may be penetrating the organization.
The browser is priced at $60 per seat to early adopters. Volume discounts are available.
Ghosh said there is still a need for traditional security technologies. The virtual browser doesn't isolate other productivity applications, such as Microsoft Office, making antimalware technologies essential in protecting other attack vectors.