LAS VEGAS -- Enterprise applications and data are increasingly moving to the cloud, but the endpoint remains the biggest security risk.
Ransomware, spear phishing and other emerging endpoint threats often fly under the radar of traditional security tools. And as they grow more sophisticated, they can trick even the most vigilant and well-educated user into clicking a malicious link or opening a malware-laden attachment.
In response to these endpoint security threats, Microsoft in Windows 10 has embraced the concept of micro-virtualization, which isolates applications and other system processes from each other. That way, if one process falls victim to an attack, it doesn't affect the rest of the PC or the corporate network at large.
Microsoft also partners with Bromium, which developed micro-virtualization, to extend the technology's capabilities further into Windows. In an interview at VMworld, Bromium co-founders Ian Pratt and Simon Crosby discuss that partnership and explain how organizations can protect themselves against emerging endpoint security threats.
Is the hype around ransomware real?
Ian Pratt: The whole point of ransomware is that it announces its presence and demands money. If you think about it, it's the easiest kind of thing to detect.
The malware which tries to be stealthy -- hides in your machine, steals your intellectual property or credit card data or patient records -- typically those kinds of attacks have far more cost to the organization.
It's really kind of odd that so much of the behaviors are being driven around ransomware. It's drawing attention away from bigger risks.
What are the major challenges your customers are facing?
Pratt: Windows is their biggest challenge, not because Windows is worse from a security point of view, but because it's most attacked. That's where most organizations' intellectual property lives.
Ian Prattpresident, Bromium
It's an impossible problem trying to secure Windows and all the applications. They're just way too big of an attack surface. [Windows is] pushing 150 million lines of code, much of it written in the 1980s, when security was not what people focused on.
Simon Crosby: Out there on PCs, [organizations are] still doing arcane, silly stuff. A huge amount of the challenge is on legacy PCs.
What have been the effects of your partnership with Microsoft?
Crosby: The core capabilities of micro-virtualization are being adopted into Hyper-V, both on the Windows 10 client but also Windows Server. On the client side, in Windows 10, if you are running an enterprise license and you're on the right hardware, then a couple of key Windows services move out of the operating system and into micro VMs. In particular, there is a service that manages locally maintained passwords and their hashes on the host. The goal there is to make the Windows kernel and progressively more and more applications protected and distrusted from each other.
How important is it to educate users about phishing and ransomware, compared to addressing these endpoint threats from a technical perspective?
Pratt: Blaming users, or hoping users will spot this stuff, is ridiculous. Some of the spear phishing attacks we've seen have been so well-crafted. We saw one, and the domain was a misspelling of Bromium. But if you looked at it, [you wouldn't immediately notice]. You need to make it so that the user can click with confidence.
How can organizations find the right balance between security and user productivity?
Crosby: Why did [organizations] get more and more permissive on iPhones? Because they were actually pretty good with security. We see a lot of overly reactive stuff. 'Let's close everything down.' That just isn't the way forward, because ultimately users have to be productive and they'll find a way around, and that'll be a security loophole and the bad guy will find a way in again.
Could Citrix buy Bromium to protect against more endpoint threats?
Why hasn't Bromium supplanted enterprise antivirus?
The fundamentals of enterprise endpoint security