Virtualization-based security (VBS) is technology that abstracts computer processes from the underlying operating system and, in some cases, hardware. It isolates these processes from one another, with the goal of protecting the operating system (OS) and device against malware and other attacks.
VBS relies on a hypervisor, which creates virtual machines (VMs) that host system processes and store their data, instead of running those processes directly on the computer's operating system. The idea behind VBS is that if an isolated process or application is attacked, the attack cannot spread outside of the VM. An attacker cannot exploit a vulnerability in one process to steal data from another application or seize the whole computer with ransomware, for example.Content Continues Below
Windows 10 virtualization-based security
Device Guard and Credential Guard utilize Virtual Secure Mode (VSM), a specific feature of virtualization-based security in Windows 10. VSM uses the Microsoft Hyper-V hypervisor, installed directly on the computer's hardware, to run specific processes and store their data independently of the operating system.
Device Guard is a set of three features -- Configurable Code Integrity, VSM Protected Code Integrity and Platform and UEFI Secure Boot -- that prevent untrusted code from running on a Windows 10 machine. These features ensure that only trusted code and signed, verified firmware can run on the computer, and they allow IT administrators to isolate specific processes for an added layer of protection.
Credential Guard uses VSM to isolate and secure user logins, passwords and other authentication data, to prevent unauthorized access to the machine and other systems.
Third-party vendor Bromium pioneered the concept of virtualization-based security. Bromium refers to its approach as micro-virtualization.
Bromium's proprietary hypervisor is called a Microvisor. It works with the virtualization technology built into computer hardware to create VMs for and isolate all processes that begin with untrusted user activity. For example, when a user clicks on a link to a website, the Microvisor will spin up a VM that contains only the processes and data required to open that site in a web browser. If the link leads to a malicious website that attempts to install malware on the computer, the malware will be contained within that VM, unable to infect any other system resources.
Bromium partnered with Microsoft to offer its capabilities as additional features for virtualization-based security in Windows 10. Bromium's product, the Bromium Secure Platform, is also available for Windows 7 and Windows 8.1.