Bromium and ForeScout Team to Automate Threat Response

Cupertino and Campbell, Calif. -- 12/10/13
Back To Press & Events

Integrated approach facilitates accurate, real-time threat intelligence and automates enterprise-wide mitigation against advanced malware

Bromium®, Inc., a pioneer in trustworthy computing, and ForeScout Technologies, Inc., a leading provider of pervasive network security solutions for Global 2000 enterprises and government organizations, today announced integration efforts between Bromium Live Attack Visualization and Analysis (LAVA™) and ForeScout CounterACT. The joint solution will help automatically defeat and remediate advanced malware, gather precise threat intelligence in real time, and protect the enterprise using advanced network-wide defenses.

“In today’s threat environment, responding to an attack immediately to achieve defense in depth is critical,” said Ken Pfeil, CISO at Pioneer Investments. “The integrated solution from Bromium and ForeScout will enable us to cut through the noise of false alerts and automate our response to actual attacks in real time, enterprise wide. Additionally, the approach leverages our existing investments in endpoint and network security, providing unambiguous and actionable threat intelligence that we can use to quickly and systematically enhance our overall security posture.”

Providing an unrivaled comprehensive and accurate view of malware behavior in real-time, LAVA is a centralized security application that works in conjunction with Bromium vSentry®. Bromium vSentry is built on the revolutionary Bromium Microvisor that protects end points by design, using CPU features for virtualization to hardware-isolate each browser tab, attachment or document in a micro-VM™ that cannot access enterprise data, the Intranet or valuable SaaS sites. Malware is automatically remediated when the user closes the task. LAVA gathers and provides real-time analysis of each hardware-isolated malware attack cycle occurring within an enterprise, providing detailed insight into an attack’s origin, techniques and targets while delivering immediate, actionable security intelligence and enabling enterprise security teams to safely analyze threats.

“In conjunction with vSentry, LAVA provides unparalleled intelligence into malware attacks at the most critical point and time, as it happens,” said Simon Crosby, CTO and co-founder at Bromium. “Our work with ForeScout, leveraging ControlFabric technology, allows joint customers to respond immediately, network wide, using the rich integration and powerful orchestration capabilities of LAVA and CounterACT.”

Based on CounterACT’s real-time visibility and policy-based mitigation capabilities, CounterACT can dynamically provision and activate the Bromium endpoint agent, vSentry®. CounterACT can also receive malware details from Bromium LAVA™, Bromium’s management system, in real time and allow organizations to enable CounterACT to quarantine infected endpoints, block the infection source and inspect all other endpoints on the network for presence of a similar infection.

The joint solution benefits include:

  • Automated malware response – When Bromium detects advanced malware, it sends information about infected endpoints and the infection source to CounterACT in real time via Bromium LAVA™. CounterACT can then take automated actions such as alerting the administrator, emailing the end-user and quarantining the infected endpoint. Additionally, CounterACT can prevent further malware propagation by blocking traffic to and from the infection source.
  • Agent provisioning and monitoring – CounterACT has the ability to discover, classify and monitor all endpoints on the network, including unmanaged and personal devices. This allows CounterACT to detect endpoints without a Bromium vSentry® agent and verify if they meet the minimum hardware and BIOS requirements for the agent. CounterACT then deploys the Bromium agent on these endpoints, automatically or via manual action.
  • Enterprise-wide attack mitigation – Bromium can determine the signature representative of an advanced malware attack and send this information, including the malware payload fingerprint, to CounterACT. CounterACT can use this information to assess all other endpoints (including unmanaged endpoints without Bromium agents) to identify and quarantine additional zero-day infection points across the enterprise network.


“We are thrilled to partner with Bromium to provide joint customers with enhanced protection against advanced malware,” said Gil Friedrich, vice president of technology at ForeScout. “This integration illustrates how ForeScout’s customers and partners leverage the ControlFabric technology to build a central security hub that can bi-directionally share real-time threat intelligence, automate remediation and improve operational efficiency."

ForeScout CounterACT, Bromium vSentry® and LAVA™ interoperability is delivered through the ForeScout ControlFabric Interface using open, standards-based formats. ForeScout delivers pervasive network security by allowing organizations to continuously monitor and mitigate advanced malware attacks. ForeScout CounterACT dynamically identifies and assesses all network users, endpoints and applications to provide comprehensive visibility, intelligence and policy-based mitigation of security issues. ForeScout’s open ControlFabric technology enables vendors, system integrators and customers to integrate CounterACT with a broad range of IT security products and management systems to automate enterprise-wide defenses.

Share On Twitter Linkedin