In an effort to improve cloud security, Bracket Computing announced on Nov. 9 a new Server Guard functionality to provide immutable server protection for cloud deployments.
Server Guard is built into Bracket Computing’s Metavisor isolation technology that separates application workloads from the cloud guest operating system. With Server Guard, Bracket Computing is able to detect and block multiple types of attacks and operating system compromises.
“The goal of the Metavisor is to transparently insert advanced security controls underneath workloads that are deployed in the cloud,” Jason Lango, Bracket Computing co-founder and CTO, told eWEEK. “Server Guard is a natural extension of our platform and instead of just looking at network activity, we’re now looking up into the operating system, using memory introspection to identify hacker behaviors.”
Bracket Computing emerged from stealth mode in October 2014 with its core Computing Cell technology for security virtualization. The platform has since been expanded with additional capabilities announced in June 2016 that provide network segmentation capabilities and data encryption options. On Feb. 9, Bracket introduced runtime integrity protection and event-driven forensics to help improve cloud application security.
Lango said the Server Guard capabilities are an expansion of the runtime integrity features to provide more security introspection to detect potential risks. The expanded capabilities include the ability to detect root-level privilege escalation as well as rootkits. Attackers aren’t satisfied with simply exploiting a system, as many spend days or even weeks inside a compromised system looking for information to steal.
“We can now look into a running operating system and identify techniques that hackers use to maintain long-term persistence,” Lango said.
There are multiple techniques that hackers use to stay persistent on a system that Bracket Computing’s Server Guard can now detect. Among them are tampering with system call tables. For example, an attacker could install a rootkit designed to hide from administrators that also has root privileges, Lango said. Since the Metavisor sits underneath the guest operating system, it has an unbiased view of what is going on with protected operating system data structures.
“Since the Metavisor is underneath the operating system, we can see things that a network security device could never be able to see,” he said.
There is a configuration wizard that sets up the security policies and allows administrators to customize the policies as required, according to Lango. For visibility into alerts, Bracket Computing has event information and health statistics as part of the dashboard interface.
“We have very concise ways of showing people what is going on inside of their deployments,” Lango said.
Bracket Computing’s platform can also be integrated with SIEM (Security Information and Event Management) platforms for further security analysis.
Moving forward, Bracket Computing is looking at threat intelligence feed integration as well as looking to help further harden cloud workload security.
“We’re going to continue to use our Metavisor platform to help create truly immutable servers,” Lango said. “Meaning that if you’re running on Metavisor, you can be assured that your server is fully locked down.”