An alternative to software sandboxing, micro VMs rely on hardware isolation to prevent infection from untrustworthy, often user-initiated tasks such as Web browsing or document/media downloading. The concept was pioneered by security startup vendor Bromium, which released its first micro VM product in 2012.
In a micro-virtualization environment, enterprises set up policies to identify trusted processes. Any computer process deemed untrusted, such as opening a file or downloading a webpage, is automatically placed in a micro VM. Should malware or other malicious code be hiding in the isolated VM instance, even if executed within the micro VM it would not be able to compromise the rest of the system.
The goal of a micro VM is to stop malware at the endpoint, increase cybersecurity and boost resilience through virtualization -- all without affecting the end user.
At any given time, a computer can run dozens or even hundreds of micro VMs. Because they are generated for user-initiated tasks, micro VMs must be created instantaneously. To prevent latency and bottlenecks, micro VMs were designed to only access a minimal set of operating system resources and cannot interact with any other processes.