Microsoft Enterprise Mobility for Every Business and Every Device

Microsoft Enterprise Mobility for Every Business and Every Device

Earlier today in San Francisco, Satya spoke about the wide-ranging work Microsoft is doing to deliver a cloud for everyone and every device. Satya’s remarks certainly covered a lot of ground – including big announcements about the availability of Office on the iPad, as well as the release of what we call the Microsoft Enterprise Mobility Suite.

Regarding the Enterprise Mobility Suite (EMS), I want to share some additional details about the upcoming general availability of Azure Active Directory Premium, as well as our latest updates to Windows Intune.

If you haven’t had a chance to read this morning’s post from Satya, I really recommend checking in out here. In the post, Satya talks about the focus of our company being “Mobile First – Cloud First.” I love this focus! The mobile devices that we all use every day (and, honestly, could not live without) were built to consume the cloud, and the cloud is what enables these devices to become such a critical and thoroughly integrated part of our lives.

For years I have emphasized that, as we architect the solutions that help organizations embrace the devices their users want to bring into work (i.e. BYOD), the cloud should be at the core of how we enable this. As I have worked across the industry with numerous customers it is clear that embracing a cloud-based infrastructure for Enterprise Mobility has become the go-to choice for forward-looking organizations around the world who want to maximize their Enterprise Mobility capabilities.

Enterprise Mobility is a big topic – so big, in fact, that it extends beyond mobile device management (MDM) and the need to address BYOD. Now Enterprise Mobility stretches all the way to how to best handle new applications and services (SaaS) coming into the organization. Enterprise Mobility also has to address data protection at the device level, at the app level, and at the data level (via technologies like Rights Management).

With these challenges in mind, we have assembled the EMS to help our customers supercharge their Enterprise Mobility capabilities with the latest cloud services across MDM, MAM, identity/access management, and information protection.

On one point I do want to be very specific: The EMS is the most comprehensive and complete platform for organizations to embrace these mobility and cloud trends. Looking across the industry, other offerings feature only disconnected pieces of what is needed. When you examine what Microsoft has built and what we are delivering, EMS is simply the only solution that has combined all of the capabilities needed to fully enable users in this new, mobile, cloud-enabled world.

Additionally, with Office now available on iPad, and cloud-based MDM from Intune, over time we will deliver integrated management capabilities for Office apps across the mobile platforms.

To see Office in action on an iPad, check out this video:

You can check out Office for iPad product guide here.

The capabilities packaged in the EMS are a giant step beyond simple MDM. The EMS is a people-first approach to identity, devices, apps, and data – and it allows you to actively build upon what you already have in place while proactively empowering your workforce well into the future.

The EMS has three key elements:

  • Identity and access management delivered by Azure Active Directory Premium
  • MDM and MAM delivered by Windows Intune
  • Data protection delivered by Azure AD Rights Management Services

Cloud-based Identity & Access Management

Azure Active Directory (AAD) is a comprehensive, cloud-based identity/access management solution which includes core directory services that already support some of the largest cloud services (including Office 365) with billions of authentications every week. AAD acts as your identity hub in the cloud for single sign-on to Office 365 and hundreds of other cloud services.

Azure AD Premium builds on AAD’s functionality and gives IT a powerful set of capabilities to manage identities and access to the SaaS applications that end-users need.

Azure AD Premium is packed with features that save IT teams time and money, for example:

  • It delivers group management and self-service password reset – dramatically cutting the time/cost of helpdesk calls.
  • It provides pre-configured single sign on to more than 1,000 popular SaaS applications so IT can easily manage access for users with one set of credentials.
  • To improve visibility for IT and security, it includes security reporting to identify and block threats (e.g. anomalous logins) and require multi-factor authentication for users when these abnormalities are detected.

The Azure AD Premium service will be generally available in April. For more info, check out this new post from the Azure team.

Cloud-delivered MDM

Windows Intune is our cloud-based MDM and PC management solution that helps IT enable their employees to be productive on the devices they love.

Since its launch we have regularly delivered updates to this service at a cloud cadence. In October 2013 and January 2014 we added new capabilities like e-mail profile management for iOS, selective wipe, iOS 7 data protection configuration, and remote lock and password reset.

Following up on these new features, in April we will also be adding more Android device management with support for the Samsung KNOX platform, as well as support for the upcoming update to Windows Phone.

Data Protection from the Cloud

Microsoft Azure Rights Management is a powerful and easy-to-use way for organizations to protect their critical information when it is at rest or in transit.

This service is already available today as part of Office 365, and we recently added extended capability for existing on-prem deployments. Azure RMS now supports the connection to on-prem Exchange, SharePoint, and Windows Servers.

In addition to these updates, Azure RMS also offers customers the option to bring their own key to the service, as well as access to logging information by enabling access policy to be embedded into the actual documents being shared. When a document is being shared in this manner, the user’s access rights to the document are validated each time the document is opened. If an employee leaves an organization or if a document is accidentally sent to the wrong individual, the company’s data is protected because there is no way for the recipient to open the file.

Cost Effective Licensing

Now with these three cloud services brought together in the EMS, Microsoft has made it easy and cost effective to acquire the full set of capabilities necessary to manage today’s (and the future’s) enterprise mobility challenges.

As we have built the Enterprise Mobility Suite we also have thought deeply about the need to really simplify how EMS is licensed and acquired. With this in mind, EMS is licensed on a per-user basis. This means that you will not need to count the number of devices in use, or implement policies that would limit the types of devices that can be used.

The Enterprise Mobility Suite offers more capabilities for enabling BYO and SaaS than anyone in the market – and at a fraction of the cost charged elsewhere in the industry.

* * *

This is a major opportunity for IT organizations to take huge leaps forward in their mobility strategy and execution, and Microsoft is committed to supporting every element of this cloud-based, device-based, mobility-centric transformation.

EMS is available to customers via Microsoft’s Enterprise Volume Licensing channels beginning May 1st.

There is so much we want to tell you about the Enterprise Mobility Suite and the innovations we are delivering here. This will be a big topic for us at TechEd North America and it will be a big part of the keynote on May 12. See you there!

Click for more at source


Palo Alto Networks splashes $US200 million on buying Cyvera

Palo Alto Networks has announced that its buying Tel Aviv-based Cyvera for $US200 million, including $US88 million in cash.

The attraction is the Israeli company’s TRAPS (Targeted Remote Attack Prevention System), an endpoint protection system for Windows machines, which PAN will add to its existing firewall and cloud security products.

PAN’s blog post about the acquisition makes the bold claim that Cyvera has “successfully stopped every published zero-day attack since they first began deploying their product”.

Announcing the acquisition, PAN’s CEO Mark McLaughlin tagged endpoint security as a market worth between $US4 billion and $US5 billion.

Details on the operation of Cyvera’s technology are sketchy, but according to the San Jose Mercury News, it impressed PAN’s co-founder Nir Zuk, who said the normal zero-day attack toolkit is “limited to about 20 different techniques … what Cyvera does is basically blocks the bad guys from being able to use those techniques.”

Cyvera’s 55 staff will remain in Israel, and the acquisition is expected to be completed in the second half of the year. ®

Do we honestly believe others aren’t snooping our messages. 10 Things we Know about This Microsoft Hotmail Privacy Case

Interesting thing about all of this is that we really believe sending any email or text (which is basically simple text) SMTP (simple mail transfer protocol) across multiple networks that we don’t own to servers we don’t own (the internet or cloud) can be secure or not be snooped on. There are lots of tools out there not owned by the intelligence services that can so data capture and intercept any data on a network can be voice, email, anything lots of organisations, countries, and people do this be if for regulatory reasons or personal reasons.

Microsoft’s Hotmail


Written on Time. Harry McCracken: 10 Things we Know to Be True About This Microsoft Hotmail Privacy Case: March 22, 2014

Anyway for Microsoft It’s ugly. It’s complicated. And it’s a great opportunity for any webmail provider who isn’t Microsoft

When the news broke on Wednesday that Microsoft had tapped into the e-mail of a Hotmail user who had apparently received stolen software from Alex Kibkalo, a rogue Microsoft employee in Lebanon, I didn’t immediately write about it in this space. It’s a complicated matter, and there’s a lot we don’t know about the details — including the identity of the French blogger who allegedly received the purloined code. (There’s a theory on the web about who the person is, but Microsoft’s criminal complaint doesn’t name a name.)

Still, in the fullness of time, I have come to a few conclusions:

1. You can be sympathetic to Microsoft about the crime apparently committed against it and still deeply unhappy with its response. There are presumably all sorts of questionable, potentially illegal things going on in (the successor to Hotmail) and its competitors. The one sort of case in which we know that Microsoft thinks it’s O.K. for it to spy on your e-mail without a warrant is when you might be stealing its own stuff. It’s a fundamental conflict of interest, and it isn’t completely solved by the company’s new policy which states it’ll seek approval from a former judge before doing this again. (The higher court is still a Microsoft higher court.)

2. Just calling the Hotmail user “a blogger” is misleading. When I hear about a blogger tussling with a giant software company, my instinct, as a journalist, is to side with the blogger. But Microsoft wasn’t just concerned about leaked screenshots showing up online. As the criminal complaint explains, outsider with Windows source code might be able to crack the operating system’s copy protection. The complaint says that this was Kibkalo’s whole idea in leaking the code, and that the blogger admitted to having previously trafficked in Microsoft activation codes on eBay.

3. Calling the person a journalist or reporter is even more misleading. That’s what Techdirt’s Mike Masnick did, even though the case isn’t just about a leaked-screenshot blog, let alone reporting. Microsoft was worried about leaked SDK code enabling piracy of its software. Even if you’re unhappy about the actions the company took, I don’t think this case is about freedom of the press.

4. These guys were idiots. According to the complaint, Kibkalo and the outsider used Microsoft products such as Hotmail, SkyDrive and Windows Live Messenger to steal Microsoft’s software. When it comes to digital espionage, they were a gang that couldn’t shoot straight.

5. We don’t know what Microsoft has done in other instances. It says that these events which we’re discussing were extraordinary, and perhaps they were. But thanks to the court case, they’re the only ones we know about. (The company says that it will henceforth disclose the quantity of such instances and the number of user accounts impacted on a biannual basis, but unless they crop up in the courtroom, we’ll apparently never know the gist of each individual situation.)

6. We really don’t know what other webmail providers have done. Maybe nothing like this has ever happened to a Gmail user or a Yahoo Mail user. Or maybe far more troubling stuff has been going on. Who knows? Not us. (For the record, TechCrunch founder Michael Arrington says that he’s “nearly certain” that Google once dug around in his Gmail account, although his evidence is far from airtight.)

7. I’m not comfortable that I understand the legal situation. If Microsoft had successfully gotten a court order to search the blogger’s Hotmail, most outsiders would likely find its actions to be reasonable. Microsoft says that it’s impossible to get a court order to search your own servers, but the Electronic Frontier Foundation’s Andrew Crocker says that this is not the case. If Crocker is right, then the only appropriate scenario in future situations such as this is Microsoft getting a court order.

8. Once again, “Scroogled” makes Microsoft look bad, not Google. Microsoft has been telling us that the way Google scans for keywords in Gmail e-mails to serve up related ads is an outrageous privacy violation. That automated practice, which affects every Gmail account, has virtually nothing in common with Microsoft’s contention that it’s acceptable to dig into a single Hotmail account to protect the company’s intellectual property. But it craters Microsoft’s ability to be self-righteous and makes the whole “Scroogled” campaign look even sillier and hypocritical than it already did. (Danny Sullivan of Marketing Land has a good post on this.)

9. This creates a fantastic opportunity for somebody. Microsoft says it reserves the right to keep on doing this, albeit under tighter rules. If Google or Yahoo or somebody else declares that it won’t rummage through your mail without court approval, period, that company would make lemonade out of Microsoft’s lemons. I’m not holding my breath, though: So far, other webmail providers haven’t even said they’ll hew to self-imposed restrictions of the sort which Microsoft now says it’ll follow.

10. In a perverse way, Microsoft has done us all a favor. The French blogger didn’t own that Hotmail account; people who use don’t own their accounts. Their stuff is stored on Microsoft property, and when they signed up for the service, they gave the company broad license to intrude upon it. The same is true for countless other online freebies from other companies.

If we become a more cynical bunch based on these events, it’ll be kind of sad — but it’ll also be a more appropriate attitude than blithely treating a web service as if it really belonged to you.

Click for more at source

Gmail: Encryption is now mandatory

Four years after Google turned on HTTPS by default in Gmail, and less than a year since the Edward Snowden document leaks, Google removes your ability to opt out of encryption.

Google has removed your ability to get out of encrypting your Gmail, the company announced Thursday.

This follows a 2010 decision to make HTTPS the default for Gmail communications, but up until today Google had given users the ability to not use encryption. Four years ago, the company explained the opt-out as necessary because encryption could “make your mail slower.”

“The team has been working hard to mitigate any performance costs, which now puts us in a position where it no longer makes sense to allow HTTP connections,” a Google spokesperson told CNET. “The large majority of users already use HTTPS connections, so this is the final step in the journey.”

Google notes that Gmail messages are encrypted internally, as they move about Google’s servers and data centers, a measure implemented in the wake of the Edward Snowden leaks. The company also boasted about Gmail’s stability, with service available 99.978 percent of the time.

Click for more at source

Splunk Big Data Tool to Boost Symantec Enterprise Security

cloud security cloudtimes Splunk Big Data Tool to Boost Symantec Enterprise SecurityMcAfee in a recent report said enterprises expect to see an increase in attacks aimed at shared resources in any IaaS, PaaS, or SaaS (Infrastructure, Platform, or Software as a Service) cloud environment. Cybercriminal will target cloud-based applications and data repositories such as the ubiquitous hypervisors found in all data centers, the multitenant communications infrastructure implicit in cloud services, and management infrastructure used to provision and monitor large-scale cloud services. The denial-of-service (DoS) attacks will also increase, causing service outages and financial loss to cloud providers.

The future of enterprise security is the analysis of all available data, not just the small subset that is a safety related with conventional approaches. Statistical analysis increases the value of that data. Because it helps to uncover valuable insights that go under otherwise unrecognized in most cases in the mass of raw information.

The statistical analysis is the new security weapon warrior against threats that bypass traditional security detection systems. Companies now understand that abnormal activity patterns hidden in terabytes of machine data generated by users represent the presence of malware or malicious behavior. Splunk App for Enterprise Security allows a statistical analysis of HTTP traffic to help security professionals to determine a baseline of what is normal, quickly detect outliers and use those events as starting points for safety and research analysis.

Symantec has now selected Splunk Enterprise 6 to help bolster its security intelligence Operations. As part of this partnership, Symantec will centralize, monitor and analyze security-related data in Splunk Enterprise to help investigate incidents and detect advanced threats. The security company will also use Splunk software to ensure comprehensive compliance with Sarbanes-Oxley (SOX) and the Payment Card Industry Data Security Standard (PCI DSS).

Symantec says it is critical that security firm react quickly to identify and respond to any type of threat, especially advanced threats that continue to increase in complexity. The Splunk App for Enterprise is breaking new grounds in the analysis of safety data by applying statistical techniques to the data that often beyond the scope of existing tools.

The big data security application automates the process to observe data anomalies. By monitoring the Splunk App for Enterprise Security proxy data of individual users, the security officer can analyze appropriate usage peaks as overall trend and at the user level. In addition, the app can monitor user agent anomalies in real time and be alerted if questionable threats occurred. The new dashboards in the Splunk App for Enterprise Security help security professionals make this data more actionable.

Last month, Gartner said big data analytics will play a crucial role in detecting crime and security infractions. By 2016, more than 25 percent of global firms will adopt big data analytics for at least one security and fraud detection use case, up from current eight percent. Big data security tools will have an impact that will change most of the product categories in the field of computer security including solutions, network monitoring, authentication and authorization of users, identity management, fraud detection, and systems of governance, risk and compliance.

View more at source article…

Digital identities could help to improve enterprise BYOD

Digital identities could help to improve enterprise BYOD.

Allowing employees to use their own digital identity may reduce issues such as remembering multiple passwords and security reporting.

A lot of the talk around the consumerisation of IT focuses on employees using their own devices, installing their own apps and using social media

The trend to bring your own device (BYOD) is at best seen as employees being innovative in the way they use IT, and at worst a danger to an organisation’s digital assets that needs to be monitored, controlled or blocked.

While employers can exercise some level of control over what their employees do with IT systems, this is not the case with customers.

Recent Quocirca research shows the extent to which the BYOD trend is being exploited more and more by businesses in one particular area – bring your own identity (BYOID). The primary opportunity is the ease of engagement with consumers.

The driver for this is to solve one of the oldest issues in the pantheon of IT security issues – the problem of users having to manage multiple identities and remember many passwords. In effect, BYOID is outsourcing all the issues involved with establishing and managing identity to third parties.

The marketing push

Most providers of internet services want their regular users to create an account of some sort so the relationship can be deepened for marketing and other commercial purposes. Accounts need logins and that means establishing an identity. However, rather than getting users to create a new identity, many now turn to third-party social media sites that the user already has an account with; there are many to choose from: Facebook, Google, Yahoo, Twitter or PayPal for example.

Most of the major social media sites provide widgets and APIs that enable the use of the login credentials the user has for their site as a way of authenticating to another. This is convenient for the consumer as it allows them to register for a service more easily and then, of course, when they return at a later date, they are far more likely to remember their credentials if they are the ones they use for their favoured social media site. Indeed, many of their devices may be set to automatically log in to such services.

Cementing the relationship

It is good for the social media site as it cements its relationship with users too and raises its profile through exposure on hundreds of other sites. JustGiving, Spotify and The Economist are just a few examples of those offering social login. For the provider of a new online service, there will be whole series of questions about doing this, including the veracity of social identities, how to set up and manage them and how to authenticate the actual user behind the identity.

When it comes to veracity, some will worry more than others. A free media service that wants to capture identities for marketing purposes may not care if a few are not real. Users will like the convenience of using a social identity and will be more likely to create an account. Anyway, why would someone want to sign up for a free service in someone else’s name?

However, as soon as money starts changing hands, there is a need to be sure of whom you are dealing with. Using social identities actually reduces the problem, making up an identity on the spot is easier than creating a social identity expressly for the purpose. If it can be established that the account being used has been active for some time and has a history of activity that matches that of a genuine user, then it is arguably far better to be using social identities than ones created on the fly.

The good news is that social infrastructure services such as Gigya, Janrain and Loginradius are, among other things, designed to check the veracity of social logins. By looking at a given user’s history and activity on a given social media site they can verify that they are an established user with a track record. They also help with another obvious problem, which is that many users will want to use different social identities and this needs managing.

Acting as the middleman

Social infrastructure services act as brokers, managing the many-to-many relationship between the social media sites and those providing services that want to enable social login. Social infrastructure services enable a retailer, charity or media company for example, to establish a single view of their customers regardless of how they login – providing a basic form of customer relationship management (CRM).

Using such services, it is possible to establish a high level of confidence that a real person is being dealt with – far more so than if someone had just made up a username and password. The next question is when someone logs in with a social identity, how do you know that in this instance the user is the owner of that identity? Authentication is only as good as that offered by the social media site itself. Some now offer two-factor authentication as an option and have auto-log out settings. Remember, the competition here is ad hoc usernames and passwords scribbled on scraps of paper.

But such an approach is still focused primarily on the consumer. However, for many organisations the need to manage external identity goes well beyond this. There are also external business users, the employees of partners and customers – these are business-tobusiness relationships.

Quocirca’s research shows that in some cases social identities are being used here too. However, there are other sources of identity that come into play, including the other business’s own directories, the membership lists of professional bodies, government databases and so on. To manage all this requires a federated identity management system which can bring together identities from all sources and manage them via a single interface. This may include employees as well as third-party users, many of whom will access common applications (for example, supply chain systems). To this end, many of the big identity management providers such as CA, Oracle, IBM and Intel/ McAfee have adapted their systems to work from multiple identity sources.

A professional passport

Having a unified identity and access management system, regardless of the sources of identity, eases reporting for security and compliance purposes and makes it easier to implement single sign on (SSO) systems. SSO solves the business equivalent of the consumer problem described earlier, the user having to remember multiple usernames and passwords for different systems. SSO also helps solve another growing problem for businesses – controlling access to web-based services. The problem here is if a business uses Google Apps or Microsoft Office 365 for document management, for CRM, SuccessFactors for HR and so on. Enabling every employee for each one and, perhaps more importantly, ensuring access is de-provisioned when they leave, is much easier if all access is provided via an SSO portal. This has led to the emergence of a host of new identity and access management suppliers including Ping Identity, Okta, SaaS-ID and Symplified (the last of which has a partnership with Symantec). Many of these are offering SSO and identity and access management as cloud-based services; if the users can be anywhere and the applications are in the cloud, why not the SSO system too? The big identity suppliers are adapting their products as well, for example CA’s CloudMinder can be deployed as a purely on-demand service or linked with existing on-premise systems creating a hybrid deployment.

Looking to the future, we can speculate that we may all get more ownership of our digital identities as time goes by. As consumers, we can already choose to use a favoured social identity and, with education, we can understand how to protect and harden it. Actually we are quite used to this in the offline world. Most people have a passport and understand the need to care for and protect that.

This raises an interesting point. A new employer does not issue you with a passport for business travel; you use your own. Perhaps in the future employees will provide employers with their favoured digital identities. It may not be long before you are accessing your employer’s IT systems and applications using your Facebook, LinkedIn or Twitter identity. When that happens the age of BYOID will truly have arrived.

Click for more at source

Bromium Introduces vSentry 2.0 for Endpoint Security

Impressive new start up Bromium co-founded by Simon Crosby – original founder and CTO of XenSource today released a new version of vSentry device security.

New version improves secure mobility, safe collaboration, and enterprise manageability

CUPERTINO, Calif., June 11, 2013 – Bromium, Inc., a pioneer in trustworthy computing, today announced the general availability of Bromium vSentry® 2.0. Powered by its Xen-based Bromium Microvisor™, vSentry 2.0 makes endpoints secure – by design, enabling enterprises to embrace key IT trends such as mobility and collaboration, without risk of attack from insecure networks, the web and malicious documents or media.

vSentry uses Intel® CPU features for virtualization and security to invisibly hardware-isolate each Windows® task that accesses the Internet or untrusted documents. Its architecture guarantees that all malware will be defeated and automatically discarded. In addition, vSentry automates live attack visualization and analysis – giving security operations teams unparalleled insight into attacks when they occur.

“The Intel 4th generation Core™ vPro™ platform offers enterprises a very secure endpoint architecture as well as a rich set of features that enhance endpoint security, including AES-NI, Data Execution Prevention (DEP) and Intel Platform Protection Technology with OS Guard,” said Rick Echevarria, vice president and general manager of Intel’s Business Client Platforms Division. “Bromium vSentry uses Intel VT-x, VT-d and EPT to hardware-isolate operating system tasks, and Intel AES-NI, DEP, and OS Guard to further protect the endpoint. Bromium vSentry advances endpoint security enabling enterprises to secure mobile endpoints and empowers employees to safely access networks and media.”

The enhancements in vSentry 2.0 focus on three important requirements for enterprise deployments – secure mobility, safe collaboration, and improved manageability. The new release also delivers improved overall performance and end user experience.

Secure Mobility

Mobile users need to access enterprise applications and the web from untrusted networks that could be used to attack the endpoint. vSentry 2.0 hardware-isolates each user task that accesses an untrusted network, blocking all attacks from captive portals, the web and untrusted content. It guarantees the security of mobile endpoints that are used to remotely access enterprise SaaS and web applications, and virtual desktops. User credentials and application data delivered to the endpoint are secure at all times.

Safe Collaboration

Employees need to securely interact and collaborate with content originating from both within and outside the enterprise, requiring them to access untrustworthy content from removable media, the web, email and social applications. This places endpoint security in the user’s hands by making them remove security restrictions from, or “trust” content before interacting with it. If a user mistakenly trusts a malicious document, an attacker can compromise the endpoint. vSentry 2.0 lets users access and edit content without ever having to trust it, enabling them to be productive without risk.

Improved Manageability

The Bromium Management Server (BMS) that comes with vSentry now provides granular monitoring of deployment progress of vSentry endpoint agents, as well as automated gathering of critical information – such as missing software pre-requisites and installation progress. BMS delivers centralized policy management – and now includes simplified policy creation, editing, and distribution, event aggregation and reporting, as well as dashboards for monitoring key metrics. These improvements help simplify and accelerate enterprise-wide deployments of vSentry.

Bromium vSentry 2.0 secures both 32- and 64 bit versions of Windows 7, and virtual desktops delivered with Microsoft Remote Desktop Services (including Citrix XenDesktop and VMware View). It is deployed as a standard MSI package, and configured via simple policies using Microsoft® Active Directory or using the Bromium Management Server. NYSE and BlackRock are among the growing number of enterprise customers planning to deploy vSentry enterprise-wide.

“vSentry 2.0 delivers on our goal to make endpoints fully protected from targeted attacks, by hardware-isolating all untrusted user tasks,” said Gaurav Banga, CEO and co-founder of Bromium Inc. “vSentry 2.0 addresses important use cases that further empower end users without compromising on enterprise security. It represents the industry’s most secure solution for enterprise mobility and gives users unparalleled flexibility and ease of use in collaborative environments.”

Interested parties may view a webcast covering the new features and functionality of vSentry 2.0 presented by Simon Crosby, CTO and co-founder of Bromium, at

Bromium vSentry is licensed per-user, enterprise wide, and priced according to volume. For more information, contact

About Bromium

Bromium, Inc., is transforming enterprise network security with innovative software solutions that solve endpoint security problems, while delivering unmatched visualization capabilities to IT security analysts. At the endpoint, Bromium vSentry combines micro-virtualization with hardware-enforced isolation to protect against advanced targeted attacks – including all APTs and zero-day attacks. This protection also empowers vSentry end users with total Internet freedom, without any impact on user experience. For security analysts, Bromium LAVA provides a detailed graphical view of complete malware attacks isolated and recorded by vSentry, enabling in-depth, automated analysis of unknown attacks. Learn more

Click for more at source