Invincea’s Browser Protection uses virtualization technology to provide a secure and isolated Internet Explorer instance for enterprises. (click on the picture to view a video demonstration)
A few weeks ago I wrote a speculative article on the Browser Deflector Shield, a proposed systems architecture for Windows that would allow any web browser to become fully isolated from the main operating system userspace and thus would be able to prevent malware infections and other web-based compromises.
Shortly after I wrote that piece, I was contacted by Dr. Anup Ghosh, the CEO of Invincea, a start-up which has done exactly what I had proposed — create a virtualized environment for Windows XP and Windows Vista (and soon, Windows 7) which completely isolates an instance of Internet Explorer from the OS.
Fairfax, VA-based Invincea, which was originally Secure Command, began its life at George Mason University’s Center for Secure Information Systems, and was funded by the United States’ Defense Advanced Research Projects Agency (DARPA), the same folks that brought you the early version of Internet as ARPANET back in the early 1970s.
Invincea has done some very interesting things with their product. They’ve licensed the run-time version of Oracle’s VM VirtualBox software (which I reviewed recently) and have created a stripped-down executable Windows XP environment in a Virtual Machine complete with Internet Explorer 7 and Adobe Acrobat Reader.
To the end user, this VM looks just like a browser launch icon. And when the software is running, it looks just like Internet Explorer 7 and Adobe Acrobat Reader, with only one minor difference — the apps have red borders in the windows. No virtual environment training is needed whatsoever.
The Invincea VM environment, which uses up approximately 600MB of hard drive space (a 3GB or 4GB dual-core desktop is recommended) is completely isolated from the host’s OS, including network and file system.
Should the environment become infected, Invincea is able to proactively detect it using patented technology the company has developed which is able to sense abnormal system behavior based upon the condition and activity of system processes.
Invincea’s “behavioral” approach is different from the way other virus/malware scanners operate, which requires signature updates in order to detect an infected file or scripting attack.
Once abnormalities are detected, Invincea actually destroys the VM environment and restores a pristine copy, as if nothing had happened. I recently observed a demonstration by Invincea in which we purposely infected the browser with a malware attack originating from a Russian web site, and the software reacted instantaneously, flushing the environment completely and setting it back to a clean state.
The Invincea software runs completely on the desktop PC, so there’s no other enterprise infrastructure to deploy, other than package management in the event specific plug-ins are needed for the browser.
In addition to the VM that Invincea provides for Internet Explorer and Acrobat Reader (which can be extended to other applications, if required) Invincea has a comprehensive forensics utility that ships with the software which logs all the abnormal activity that occurs and allows IT administrators to react proactively to Internet-based malware attacks.
Invincea has not yet provided me with pricing for the software, but has told me that the product is competitive on a per-seat basis with other enterprise desktop security products and volume pricing is negotiable at purchase.
Right now, the software is only available to enterprises and runs only on Windows XP and Windows Vista desktops — but a Windows 7 version as well as Firefox support is due to ship shortly and potentially, the company is looking to market it directly to end-users as well.
Does Invincea’s “Browser Deflector Shield” interest you? Talk Back and Let Me Know.
