![Page 1: Making All Client Side Java Secure Bill Gardner Sr. Director Products September 2014 1](https://reader037.vdocument.in/reader037/viewer/2022110323/56649d6e5503460f94a4f92a/html5/thumbnails/1.jpg)
1
Making All Client SideJava Secure
Bill Gardner
Sr. Director Products
September 2014
![Page 2: Making All Client Side Java Secure Bill Gardner Sr. Director Products September 2014 1](https://reader037.vdocument.in/reader037/viewer/2022110323/56649d6e5503460f94a4f92a/html5/thumbnails/2.jpg)
2
Agenda
The Security Landscape
Let’s Talk Java
Demonstration
Q&A
![Page 3: Making All Client Side Java Secure Bill Gardner Sr. Director Products September 2014 1](https://reader037.vdocument.in/reader037/viewer/2022110323/56649d6e5503460f94a4f92a/html5/thumbnails/3.jpg)
3
The IT Security Paradox
Security Spending — ’05–’14
Up 294%$30B
No!Up 390%
Are breaches going down?
Malware/Breaches — ’05–’14Source: Gartner, Idtheftcenter, $30B is a Gartner figure for 2014
![Page 4: Making All Client Side Java Secure Bill Gardner Sr. Director Products September 2014 1](https://reader037.vdocument.in/reader037/viewer/2022110323/56649d6e5503460f94a4f92a/html5/thumbnails/4.jpg)
4
The Problem
The Endpoint ProblemIneffective DetectionAdvanced Threats
• Polymorphic
• Targeted
• Zero Day
Pattern-Matching
• Only known
• Many false positives
• Costly remediation
71% of all breaches start on the endpoint!
Source: Verizon Data Breach Report
![Page 5: Making All Client Side Java Secure Bill Gardner Sr. Director Products September 2014 1](https://reader037.vdocument.in/reader037/viewer/2022110323/56649d6e5503460f94a4f92a/html5/thumbnails/5.jpg)
Source: Verizon Data Breach Report
The Endpoint ProblemIneffective DetectionAdvanced Threats
71% of all breaches start on the endpoint!
The Problem
• Polymorphic
• Targeted
• Zero Day
Pattern-Matching
• Only known
• Many false positives
• Costly remediation
“Anti-virus is dead. It catches only 45% of cyber-attacks. ”
Brian DyeSVP, Symantec
![Page 6: Making All Client Side Java Secure Bill Gardner Sr. Director Products September 2014 1](https://reader037.vdocument.in/reader037/viewer/2022110323/56649d6e5503460f94a4f92a/html5/thumbnails/6.jpg)
6
If JAVA didn’t exist…
It would have to be invented
![Page 7: Making All Client Side Java Secure Bill Gardner Sr. Director Products September 2014 1](https://reader037.vdocument.in/reader037/viewer/2022110323/56649d6e5503460f94a4f92a/html5/thumbnails/7.jpg)
7
97% of enterprise browsers ran Java
in 2013Source: Cisco 2014 Annual Threat Report
91% of successful enterprises attacks
exploited Java in 2013Source: Cisco 2014 Annual Threat Report
~50% of enterprise traffic uses a Java version that’s more than two years out of date
Source: CIOL Bureau
19% of enterprise Windows PCs ran the latest
version of Java between August 1-29, 2013 Source: CIOL Bureau
Let’s Talk About Java
![Page 8: Making All Client Side Java Secure Bill Gardner Sr. Director Products September 2014 1](https://reader037.vdocument.in/reader037/viewer/2022110323/56649d6e5503460f94a4f92a/html5/thumbnails/8.jpg)
8
Java Is Not the Problem
NTDLL.DLL
ntoskrnl.exe win32k.sys
HAL
![Page 9: Making All Client Side Java Secure Bill Gardner Sr. Director Products September 2014 1](https://reader037.vdocument.in/reader037/viewer/2022110323/56649d6e5503460f94a4f92a/html5/thumbnails/9.jpg)
9
NTDLL.DLL
ntoskrnl.exe win32k.sys
HAL
And AllSoftware IsVulnerable
![Page 10: Making All Client Side Java Secure Bill Gardner Sr. Director Products September 2014 1](https://reader037.vdocument.in/reader037/viewer/2022110323/56649d6e5503460f94a4f92a/html5/thumbnails/10.jpg)
A Better Idea
10
Isolate the threat!
![Page 11: Making All Client Side Java Secure Bill Gardner Sr. Director Products September 2014 1](https://reader037.vdocument.in/reader037/viewer/2022110323/56649d6e5503460f94a4f92a/html5/thumbnails/11.jpg)
11
Bromium vSentry:Hardware-isolation for Untrusted Tasks
Microvisor
Hardware isolates each untrusted Windows task
Lightweight, fast, hidden, with an
unchanged native UX
Based on Xen with a small, secure
code base
Fully integrated into the desktop user
experience
Hardware virtualization
Hardware security features
![Page 12: Making All Client Side Java Secure Bill Gardner Sr. Director Products September 2014 1](https://reader037.vdocument.in/reader037/viewer/2022110323/56649d6e5503460f94a4f92a/html5/thumbnails/12.jpg)
12
Desktop
Untrusted Tasks
Micro-visor mutually isolates untrustworthy tasks from the OS and each other
![Page 13: Making All Client Side Java Secure Bill Gardner Sr. Director Products September 2014 1](https://reader037.vdocument.in/reader037/viewer/2022110323/56649d6e5503460f94a4f92a/html5/thumbnails/13.jpg)
Each untrusted task is instantly isolated in a micro-VM, invisible to the user 13
Untrusted Tasks
![Page 14: Making All Client Side Java Secure Bill Gardner Sr. Director Products September 2014 1](https://reader037.vdocument.in/reader037/viewer/2022110323/56649d6e5503460f94a4f92a/html5/thumbnails/14.jpg)
14
Micro-VMs execute
“Copy on Write”
![Page 15: Making All Client Side Java Secure Bill Gardner Sr. Director Products September 2014 1](https://reader037.vdocument.in/reader037/viewer/2022110323/56649d6e5503460f94a4f92a/html5/thumbnails/15.jpg)
15
Malware is automatically
discarded when the task is complete
![Page 16: Making All Client Side Java Secure Bill Gardner Sr. Director Products September 2014 1](https://reader037.vdocument.in/reader037/viewer/2022110323/56649d6e5503460f94a4f92a/html5/thumbnails/16.jpg)
16
Full attack execution
3
Live Attack Visualization & Analysis (LAVA)
4
One task per micro-VM
2
Micro-VM introspection
1
![Page 17: Making All Client Side Java Secure Bill Gardner Sr. Director Products September 2014 1](https://reader037.vdocument.in/reader037/viewer/2022110323/56649d6e5503460f94a4f92a/html5/thumbnails/17.jpg)
17
Benefits
Consumerization
SaaS/Cloud & VDI
Patching & Remediation
End Point Security
• Data is secure at runtime• Malware has no access
to your network
• Empower users: “click on anything”
• Real-time insight into actual attacks
• Protect un-patched desktops
• Eliminate remediation
• Defeat Advanced Persistent Threats
• Robust to human mistakes
![Page 18: Making All Client Side Java Secure Bill Gardner Sr. Director Products September 2014 1](https://reader037.vdocument.in/reader037/viewer/2022110323/56649d6e5503460f94a4f92a/html5/thumbnails/18.jpg)
18
Benefits
• Empower users: “click on anything”
• Real-time insight into actual attacks
• Defeat Advanced Persistent Threats
• Robust to human mistakes
• Data is secure at runtime
• Malware has no access to your network
• Protect un-patched desktops
• Eliminate remediation
Consumerization
SaaS/Cloud & VDI
Patching & Remediation
End Point Security
![Page 19: Making All Client Side Java Secure Bill Gardner Sr. Director Products September 2014 1](https://reader037.vdocument.in/reader037/viewer/2022110323/56649d6e5503460f94a4f92a/html5/thumbnails/19.jpg)
19
The attack landscape has fundamentally changed; perimeter evaporating in the cloud and mobile era
Current ‘detection’ defenses are ineffective; endpoint is the weakest link
Bromium is redefining endpoint security with micro-virtualization
Enormous benefits in defeating attacks,streamlining IT and empowering users
Summary
![Page 20: Making All Client Side Java Secure Bill Gardner Sr. Director Products September 2014 1](https://reader037.vdocument.in/reader037/viewer/2022110323/56649d6e5503460f94a4f92a/html5/thumbnails/20.jpg)
20
Demo