Start-up company Invincea is launching Browser Protection, a completely virtualized browser environment meant to combat the increasing problem of web-based malware. Quickly overwhelming browser-based malware, new variants are proliferating at the rate of tens of thousands per day. Invincea Browser Protection launches each time a user initiates a new session, complete with a virtual Windows XP or Vista (Windows 7 coming soon) operating system. The company claims it detects and stops malicious behavior, such as an attack script or drive-by download, alerts the user and disposes of the virtual browser and launches a fresh virtual browser. Invincea supports Internet Explorer 6 through 8, with support for Firefox due soon.
Any changes to the OS, such as registry entries, are disposed of with the targeted virtual session, but all activity and attack information is recorded and sent to Invincea's Threat Analyzer for analysis and threat intelligence gathering. The Threat Analyzer provides customers with reporting and forensics information for investigation. The information can be accessed through Invincea's cloud portal, or optionally to a dedicated Threat Data Server on the enterprise premises.
Enterprises can install Invincea Browser Protection using typical software distribution packages such as Microsoft SMS or commercial software/patch installation packages. The application requires 500-600 MB hard drive space. Invincea recommends 1.5GB RAM for XP systems, 2GB for Vista or Windows 7. The cost starts at $60 per user, plus a starting price of $1,000 for up to 20 users if the enterprise licenses the on-site Threat Data Server. Invincea commissioned application security firm Cigital to vet the product's architecture, source code and operation prior to release to see if it could withstand attacks and to see whether it had vulnerabilities or design problems.
The idea of a virtual browser environment is not new. A startup called GreenBorder offered a virtualized sandbox for Web browsers that was designed to keep malware from accessing files or registries. The company was acquired by Google in 2007, and elements of its technology are included in Google's Chrome browser. TrustWare offers BufferZone to consumers and businesses that promises similar protection. And this summer, Dell announced free software called Secure Browser which can shunt malware to a protected environment. It also lets users create black and white lists.
Research and development for Invincea was funded by the Defense Advance Research Projects Agency (DARPA), where co-founder and chief scientist Anup Ghosh worked as program manager. "What struck us is that these guys are serious hacks," said Diana Kelley, partner, Securitycurve, a research and consulting firm. "They are technical, and what they do, they do well." She notes that one obstacle Invincea may face is convincing enterprises of Browser Protection's value against the cost of buying and managing yet another desktop protection agent, when it is already paying for anti-malware software, in addition, perhaps, to a Web security gateway appliance or cloud-based Web security service. "I'm not sure having a better mousetrap is going to resonate with the market," says Kelley.
