Runtime Integrity and Forensics Protect Data Center Servers at RSAC 2017, Booth N4521
February 9, 2017, Mountain View, CA—Bracket Computing, the pioneer of Full Workload Isolation for the Enterprise Cloud, today announced two significant new capabilities for its flagship product, the Bracket Computing Cell. The first is a set of controls that ensure runtime integrity of a data center server. These controls ensure that critical parts of the operating system that should never be modified or stopped cannot be tampered with. The second is an advanced forensics capability that transparently captures NetFlow and also captures the memory of a running server in response to an event or a behavior that suggests a server has been compromised. Combined with the workload isolation capabilities of the Bracket Computing Cell, these new controls ensure that advanced persistent threats, like the attack on the Democratic National Committee, can be automatically detected and prevented. Bracket will be demonstrating the new set of controls and advanced forensics capability at RSAC 2017 in San Francisco, booth N4521.
Most IT security leaders have realized that perimeter security defenses are not enough to protect workloads. Further, with the continued success of advanced attacks, it is becoming clear that network-only defenses are insufficient to protect sensitive enterprise data. What’s needed is a comprehensive solution that isolates the entire workload—not only the network, but also the storage and compute resources that make up a typical cloud workload. Gartner wrote “the market for cloud workload protection platforms (CWPPs) is defined by host-centric solutions that target the unique requirements of server workload protection in modern hybrid data center architectures that span on-premises physical, virtual and multiple public cloud IaaS environments.”* Bracket’s innovative Computing Cell is such a Cloud Workload Protection Platform. It provides a complete set of capabilities, including:
● Encryption of data at rest and data in motion
● Network micro-segmentation
● Server and data integrity
● Security Operations, including detailed audit logs, network flow visualization and event-based forensics
The new capabilities are features built in to the Bracket Computing Cell. The Server Runtime Integrity ensures that once booted, critical components of the server are always protected. This capability bolsters traditional security approaches such as anti-virus agents and/or host IPS, ensuring that they are never tampered with or bypassed. Furthermore, this capability prevents critical parts of the operating system, such as the system call table, from being maliciously modified. These controls are very powerful because they do not rely on prior knowledge or the signature of an attack—they simply ensure that the parts of a running server that should never change, never do. The forensics capability is also unique. Now, for the first time, IT teams can set up a policy that monitors critical system behaviors, and if a suspect behavior is detected, the Computing Cell will capture a snapshot of system memory at the precise moment of the attack. This snapshot allows for rapid diagnosis of a new threat and provides a fresh forensics trail.
“Our forensics are similar to a traffic camera at a stoplight,” said Jason Lango, co-founder and CTO of Bracket. “It will snap a picture of an attacker at the precise moment of the offense, and provide detailed information about the source of the attack.”
The Bracket Computing Cell is security software that runs on all major cloud platforms, including on-premise, VMware-based clouds, Amazon Web Services, Google Cloud Platform and Microsoft Azure. The heart of the Computing Cell is Bracket’s unique Metavisor™, an advanced virtualization layer that runs between the guest operating system and the hypervisor of the cloud underneath. The Metavisor allows the Computing Cell to provide consistent security controls across all major clouds, and also to offer comprehensive Workload Isolation that includes network, storage and compute defenses.
The runtime integrity and event-driven forensics features are available now as part of the Bracket Computing Cell software.
About Bracket Computing
Bracket Computing was founded with the ultimate goal of empowering enterprise IT with a single set of security controls to stop the spread of malware, malicious insiders and mistakes without impacting the speed and agility of the self-service cloud. The Bracket Computing Cell, the first Full Workload Isolation solution for the modern hybrid data center, uniquely combines net-new compute, storage and network controls that can’t be turned off—even with root access. Today the Cell is enabling large enterprises in financial services, media and other verticals to run their most sensitive production workloads securely on the modern hybrid cloud. Learn more at www.brkt.com.