Invincea Browser Protection
SummaryEight sales pitches went head to head in our Security Innovators Throwdown competition to find the most innovative security products and services from young companies.
This is one of our personal favorites. Invincea Browser Protection is an early - and very creative - use of virtualization to protect endpoints from malware. Since a huge percentage of malware infections start while surfing the web, this product is right on the money in terms of a waiting market.
The idea behind Browser Protection is simple. Its execution, perhaps not so. The idea is to build an independent virtual machine, put the browser inside, and limit the interaction between the guest virtual machine (VM) and the host. Of course, you need to keep everything independent, recognize zero-day attacks, keep the browsing environment pristine, and never, ever, let the bugs from the outside world migrate to the protected bare metal.
Invincea took all of these things into account. The VM is independent of the host. It does not use the host operating system for anything except launching the guest. From then on, the guest is completely independent with its own pared-down OS and instantiation of the familiar browser. It does not try to recognize malware from signatures. If anything tries to make an unauthorized alteration to the VM environment, the VM self-destructs and rebuilds from a protected gold copy stored elsewhere on the host. It then retains the user's bookmarks and is ready to go without any user intervention.
Browser Protection supports Internet Explorer, and there is a Firefox implementation in beta. We found that interesting since the guest OS for Firefox is Linux, an OS relatively impervious to malware. No matter. Invincea has ensured that the VM presents with a Windows look so users will feel right at home. The VM is hardened and contains a layer of sensors to identify attempts to compromise the environment.