SOURCE: Bracket Computing

Bracket Computing

November 09, 2017 10:00 ET

Bracket Computing Introduces Immutable Server Protection

Safeguarding the critical parts of the OS from outside the OS

MOUNTAIN VIEW, CA--(Marketwired - November 09, 2017) - Bracket Computing, the "Immutable Security Company", today announced a unique new feature set called Server Guard for its Bracket Security Software solution. Server Guard provides a defense against persistent attackers that is unique because it safeguards the critical parts of the operating system while on disk and also while running in memory. Server Guard can offer this essential defense of the OS because it is not actually running inside the OS. Instead, Server Guard resides in Bracket's patented Metavisor technology, which uses virtualization to isolate Server Guard from the guest OS. As a result, even if an attacker gets privileged or "root" access to a server, it can't get past Bracket's Server Guard. This unique architecture is what enables Bracket to deliver immutable security -- security that cannot be turned off, bypassed, or compromised.

Vulnerabilities Abound, but Persistence Is the Problem

When attackers are looking to enter a target network, they will often find a vulnerability in an Internet-facing data center server. One of the most high-profile vulnerabilities was in the Apache Struts software, which appears to have been at the heart of the recent Equifax breach. Software will never be free of bugs, and using signature-based systems to close the vulnerabilities will never be a complete solution. One must assume attackers will find a way in. But the real damage is done once an attacker has penetrated. The attacks at Sony, Target, HBO, and Equifax all had one thing in common -- the attackers found a way to get in, and then were able to stay in for months, even as long as a year. How can an attacker remain in the network so long when security agents are so widely deployed? The answer is called persistence -- the attackers embed themselves into the OS and remain undetected.

"To maximize damage, modern cyber attacks use sophisticated techniques to remain undetected for as long as possible," said John Pescatore, Director at SANS. "Security controls that can efficiently and effectively reduce both time to detect and time to mitigate advanced targeted attacks are critical for protecting business applications and sensitive data."

Announcing Server Guard -- Because the Server Can't Guard Itself

A server has built-in defenses, treating most applications as a "user," and very privileged access as "root." Root access is intended for administrators who have the ability to reconfigure and change how a server runs. When attackers gain a foothold in a network, they often seek root access, which allows them to patch themselves into the OS and therefore avoid detection from a user-based security agent. This is how they achieve long-term persistence. There are several vulnerable parts of an operating system that attackers will try to exploit to hide themselves, becoming undetectable by traditional security measures. The Operating System attempts to defend these areas but once an attacker has privileged or root access it is a "peer" to the OS and thus the OS cannot defend itself. Bracket's approach is unique in the industry. The Bracket Metavisor is a virtualization technology that does not actually reside in the OS; instead, the OS talks to the Metavisor as it would any cloud hypervisor. Building on this unique security platform, Bracket's new Server Guard analyzes and protects the critical parts of a running OS. With no prior knowledge of the attack, Server Guard causes Linux privilege escalation and rootkit attacks to simply bounce off, even if the server is not patched and running a known vulnerability. The Bracket approach assumes that one way or another an attacker is going to find a way in, but by hardening the core of the OS the attacker can't stay in. Server Guard protects the OS because the OS can't protect itself.

"We like to say that root can't stop root," said Jason Lango, co-founder and CTO of Bracket Computing. "What that means is when an attacker has the highest privilege in a server, the server cannot defend itself from the attack. Our new Server Guard, running in the Bracket Metavisor, can defend the server even when the server can't defend itself."

Immutable Security -- It Can't Be Turned Off or Bypassed

Another unique aspect of Bracket's new Server Guard is that it cannot be turned off or bypassed by a rogue insider or an outside attacker -- even if the attacker has root access. This capability has two major benefits: First, it is totally transparent to Development and Operations teams. If those teams are accustomed to using native Amazon controls, on-premise VM controls, or third-party orchestration tools, they will not see any changes to the Dev/Ops workflow. Dev/Ops teams aren't slowed down by Bracket Server Guard. Second, a rogue administrator cannot avoid the protections that Server Guard offers, because Server Guard resides in the Bracket Metavisor, not in the OS itself.

Part of a Layered Defense

Beyond unique server protection, the Bracket Security Software offers unique controls to micro-segment the network, gather forensics information, visualize network flows, and encrypt and protect all forms of data at rest and in motion. The Bracket software is easy to deploy -- most customers are up and running with a simple reboot of a server. The Bracket Security Software with Server Guard is available now. Download a test copy at www.brkt.com.

About Bracket Computing

Bracket Computing, the "Immutable Security Company," has developed security software for hybrid clouds that allows IT to empower the business to embrace the agility of the cloud but still ensure that the most advanced security controls are in place, on every cloud. What makes the Bracket solution unique is Bracket's virtualization technology, called the Metavisor. The Metavisor allows powerful security controls to be attached to every data center virtual machine, but remain isolated from the server OS. This unique architecture allows Bracket to protect the OS even when the OS cannot protect itself. Bracket protects critical parts of the OS while it is running and identifies known attack techniques such as in-memory privilege escalation, remote code execution, and kernel modification. Bracket combines these unique server protections with network segmentation and data protections, working together to ensure that attackers cannot maintain a persistent foothold in your network. These powerful controls are immutable, as they cannot be turned off or bypassed even with privileged access.

Contact Information

  • Media contact:
    Suzanne Matick
    for Bracket Computing
    Email: Email contact

    Phone: 831-234-0809