The Bromium Protected App allows you to provide end-to-end protection around sensitive assets in your applications. The solution allows you to isolate confidential applications completely and secure network connections between clients and servers. At the same time, your authorized users can continue to access the applications and data they need for their work. Protected App ensures that confidential data remains secure so you can focus on what matters most: building the best apps for your business.
The use of privileged user accounts poses various challenges for businesses and authorities. In principle, these highly critical access points must be maintained on all systems and available to authorized groups of employees. At the same time, it is necessary to be able to track which administrator has carried out which activities on these user accounts – and when. Furthermore, these accounts are used for ad-hoc access to sensitive databases and domain controllers, especially in emergencies. Privileged Access Management (PAM) solutions are often used to facilitate the handling of such critical authorizations and to meet their requirements. They are used to rotate user IDs, log access and monitor activities.
Bromium Protected App moves the principle of the privileged access workstation to the workplace PC while maintaining the same level of security. To achieve this, Protected App launches explicit connections for critical access, below the potentially compromised operating system. Bromium’s root hypervisor creates a hardware-isolated virtual environment for each of these connections, from which – in a Linux operating system, for instance – an RDP connection can be established to the domain controller.
However, a keylogger or screen capture program installed by an attacker on a workstation PC does not notice this connection, because it is created below the Windows client. Through seamless integration with Privileged Access Management (PAM) solutions, the secure connection to the critical target system is clear to the administrator, who does not get to know the privileged access data. The use of PAM portals and jump servers and their logging continue as before.
About Bromium & HP Inc.
Bromium has transformed endpoint security to defeat cyberattacks with its revolutionary isolation technology. Unlike antivirus software and other detection-based defenses that cannot stop modern attacks, Bromium uses micro-virtualization to keep users safe while delivering significant cost savings, by reducing and even eliminating false positives, urgent patching and corrective action – and thus transforming the traditional security lifecycle.