Invincea Protects PC Browser Through Virtualisation

Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved,

By moving Internet Explorer into a virtual environment, Invincea claims it can protect enterprise endpoints from Web-based malware

Security company Invincea is coming to market with a product that bolsters security against Web-based threats by virtualising the browser.

Claiming that firewalls and anti-virus software fail to adequately protect enterprises, Invincea’s strategy is to move Internet Explorer into a virtual environment transparent to users. With Invincea Browser Protection (IBP), the browser runs non-natively as a virtual appliance on the user’s desktop.

Fresh Start On Every Boot

“Most attacks take advantage of browser vulnerabilities to implant software in the OS. In IBP this happens in a virtual OS that is disposed of after use,” said Anup Ghosh, chief scientist at Invincea.

Any changes made by malware, including to the file system, system libraries or DLLs, registry, and memory, are made in the virtual environment and not the host, he explained. Users can download files to a specific directory shared with the host operating system, he added, and the “directory is non-executable and malware cannot install or run software on the host OS”.

Adding to the company’s virtualisation approach is behavioural malware detection. Arming the browser with low-level sensors, IBP initialises in exactly the same state, down to the bit level, on start-up.

“Since the state is the same on each start, unlike your desktop, our behavioural sensors monitor for changes to this state during operation,” Ghosh said. “If, for instance, a heap spray attack against the browser is used to run code in the browser stack that, in turn, launches a command shell or forks a new process, our sensors detect this abnormal behaviour for the browser and will call a foul.

“At this point, the corrupted browser environment is disposed of (file system and memory) while a new clean instance of the browser environment is brought back,” he continued. “Meanwhile, detailed cyber-forensics about the infection event are recorded and sent to a database – including the source of the infection – the system changes it made, and where it reached out to on the network.”

Originally funded by the Defense Advanced Research Projects Agency (DARPA) to build a prototype virtualised web-browsing solution, the company developed its patent-pending technology with George Mason University’s Centre for Secure Information Systems. Today, the company is venture-backed and released its first version of IBP in April.

“The feedback has been positive and we’re ready to go to market now…We have over a dozen deployments of various sizes currently,” Ghosh said.

At the moment, IBP supports Windows XP and Vista, with Windows 7 support coming soon.