Bromium Raises $26 Million and Emerges from Stealth with a “Microvisor” That Takes the Human Factor into Consideration

Bromium’s Simon Crosby has done a masterful job in the past year of marketing a startup without revealing what it is. For months, the buzz grew to such an extent that Bromium even won an award for “Startup of the Year.”

Today, the company is having its coming out party with the unveiling of its Microvisor, an x86 specific technology that it describes as a second generation virtualization technology. Bromium provides a virtualized hardware that isolates and secures data running within the operating system that is hidden from the user.

Bromium had $9.2 million in funding prior to today’s news. Today the company announced it has raised $26.5M Series B funding from lead investor Highland Capital Partners, new investor Intel Capital, and existing investors Andreessen Horowitz and Ignition Ventures.

Crosby is a co-founder and CTO. He led the virtualization and management division at Citrix before starting Bromium. But the roots of his fame date back about ten years ago when he created Xen, the open-source hypervisor that Amazon Web Services uses for its elastic cloud. He created Xen with Ian Pratt, who is now teaming up with Crosby on Bromium.

The Bromium software is installed on the end user’s device. The catch: it can only be used on x86 devices. That means that for now, you can’t use it on Apple devices and ARM-based architectures.

According to Bromium, the Microvisor identifies each vulnerable task and instantly isolates it within a micro-VM, an isolation container that polices access to all OS services and resources.

Micro-VMs run natively. It can only access OS services or devices via simple enlightenments which cause the virtualization hardware to pause execution of the micro-VM and hand control to the Microvisor.

Crosby thoroughly enjoys the analogy to the Byzantine General, a comparison made in security circles to the issues faced with distributed architecture.  The Byzantine generals could only communicate by message to the other generals.  That poses a problem in the message itself and to the generals, too. The generals could not always be trusted. Some were loyal, some were not. That means the message could get to the wrong person, A message could be sent that misled the others.

This is a root problem with humans and the consumer Web. Not everyone is loyal to the same cause.  Trickery abounds. We fall prey to the exploits of others. The attacks are sophisticated. The attacker sends a message that essentially says everything is okay.

Crosby says its answer comes to having a way to not worry at all about the bad messengers and the rogue characters.

To do that, Bromium maintains it is the only hardware virtualization to guarantee that “task-specific mandatory access control policies will be executed, in a safe, trusted execution context. ”

They maintain it’s the only technology that can safely enable trusted and untrusted applications and data to coexist on a single system with guaranteed mutual isolation.

Bromium enables users to safely access untrusted data, applications, networks and media. Bromium assumes that users will make mistakes, and that end point protection software will be unable to detect advanced malware. It assumes that a micro-VM may be compromised at any time, but guarantees that an attacker cannot gain access to sensitive data or applications, or persist an attack, even on PCs that haven’t been patched. A micro-VM can only access files on a “need to know” basis, and any changes it makes are discarded as soon as the user closes the application, erasing malware and eliminating the need for re-imaging Persisted files are securely tagged as untrusted, and can only be accessed from an isolated context: a new, untrusted micro-VM.

Bromium considers the human factor, knowing that people are always susceptible to attacks. They click attachments that they should not. That leads to major attacks that spread fast through networks. The promise is to make the security technology invisible so it makes no difference if the user make a mistake. Automatic isolation means that the user does not have to worry about security vulnerabilities as the microvisor will capture the rogue data and isolate it from the end user’s device.

The trick for Bromium will be to extend x86 technology so it can be used on any device. In the meantime, the x86 market is certainly wide enough for Bromium to have a considerable market opportunity.