OK. So I wasn't all that impressed the first time I heard about this tool. It sounded like another “me, too” web browser product using the same, old, tired technologies that pretend to isolate malware. Yawn. Then I spent an hour with the product and the people at Invincea who came up with it and wow! Was I ever wrong at first blush. I really beat these guys up on the technology and methodologies they use, and they were like Teflon: Nothing stuck. So, before we even get started, here is my recommendation: Take a very close look at this. It is from a brand new company and I predict big things for it if the management team continues down the road they're on now.
On to the product. My first impression of Invincea Browser Protection was that it is just a sandbox. That is partially true. But it is not just a sandbox. This product encapsulates the browser in a virtual machine rather than in the computer's native (“bare metal”) environment. This is an extremely important differentiator because it allows the product to contain completely the entire web transaction rather than concentrate on interposing a layer of protection between the user and the outside world. Typical sandbox applications simply insert a protection layer while the idea of encapsulating in a virtual machine implies total isolation.
In the case of Invincea, the browser is encapsulated in a boiled-down operating system (OS) sitting inside of a guest virtual machine (VM). The guest communicates through and with the host only under very controlled conditions. Instead of monitoring web transactions for malware using scanners that work based on signatures or heuristics, Invincea watches for anything that attacks the browser or its environment and then deletes the entire virtual machine, malware, browser, operating system and all. It then rebuilds the guest OS from scratch using a gold copy of the VM. All of this takes about a minute, and the user is back on the web.
Because the guest OS has all of the attributes of a full OS – registry, important data link layers and more – the browser operates natively, and the user never knows they are using the Invincea system if it is not for a red bar at the top of the browser instead of a blue one. All of the user's preferences, bookmarks and history are preserved when malware forces a rebuild of the virtual machine.Using the product is simple. It installs exactly the way any Microsoft-compatible product does, and once the user installs it – or it is pushed down to the user by the system administrator – the user interacts with the browser in exactly the same way they always have. The browser does not even need to be open for Invincea to function.
It becomes the native mode for anything from the web. So if a user responds to a phishing email, Invincea takes over and protects the user's machine as soon as the phisher's malware attempts to infect. Because there are no black or whitelists, no signature data sets and no heuristics to keep current, Invincea effectively stops zero-day malware in its tracks.
The information that such a product could gather about a piece of web-borne malware can be extremely important to the organization. So Invincea saves an impressive collection of forensic data to a management server that is accessible only to the administrators. If the browser cannot reach the management server, it saves the forensics in a protected location on the host and delivers it as soon as it can communicate with the server. One important use for this data is adding it to blacklists on other anti-malware products and the like.Since PDFs are among the new vehicles for malware attacks, Invincea handles them as well. Today, Invincea Browser Protection supports Internet Explorer 6, 7 and 8 with Firefox coming soon. All of us can relate to the problems this tool solves. So it only makes sense to have a look. You'll put this on your test computer, aim some web-borne malware at it and you'll be sold. No matter what I may have thought initially, this is the real deal. Have a close look at it, and I'm pretty sure you'll agree with me.