Bromium Review

Forensic data helps us analyze a situation to make sure there isn't a larger problem involved

What is our primary use case?

We use it for endpoint protection. We use it for browsing and for documents: Microsoft, PDF, etc. We use all the capabilities.

How has it helped my organization?

It comes down to the endpoint protection. It has greatly reduced our risk of infection on our endpoints, either when browsing or when opening untrusted or unknown documents and PDF files.

Our overall security posture has improved as a result of adding this solution to our security stack. It's definitely a big improvement. We have seen a decrease in infections on our endpoints. That means less helpdesk and office technology people having to troubleshoot issues with machines, scan them, take them out of service, and put them back into service. From an operational standpoint, there has been a reduction in cost, and time spent cleaning up machines with infections.

It's another layer to our stack. We haven't removed anything from our stack because we have Bromium, but certainly, we're not adding extra things to the endpoints - there are a lot of different products that are out there - because we are really comfortable with the protection that we get from Bromium.

We definitely use the forensic data reported from this solution. If there's an attack, obviously we get the alerts and we can look at them. We also use the host monitoring portion too, which uses some of their cloud information. We definitely analyze the data and use it to make sure there's not a larger issue.

What is most valuable?

One of the big enhancements they've added recently is the following: When you go to a website that has an issue, Bromium will generate an alert, what they call a LAVA alert, which tells you, "Hey, this site was infected, here's what it had." There is a whole bunch of analysis and forensics that can go on behind the alert to look at what it was, what the issue was, and what they've done. That is great. Now, instead of us having to go through that analysis, they actually give us a monthly report that shows us: "Here's what you got hit with, here's what would have happened, here are the forensics behind the attack," and, obviously, Bromium stopped it. 

From the point of view of saleability to our management, it's great to show, "Hey, we had this many infections that would have happened if not for Bromium stopping them." It's great for the product, as far as being able to justify its existence, because you're able to show actual things that it's stopping. It's not like an antivirus where, typically, you get infected and then it cleans it. It's blocking everything before you get hit, so it's nice to have that analysis to show what you could have been in for.

What needs improvement?

They have always struggled with usability. The endpoint protection that it offers you is tremendous, but there's definitely an impact with use of resources on the computer. It's gotten a lot better now with Win 10. But sometimes, when you open up a website, it's going to take longer than it would without Bromium, and it's the same with documents. There is that extra overhead so anything that they can do to reduce the resources that it uses would help. It's doing everything in a micro VM, so obviously it needs to suck up some resources, and there's some overhead associated with it. They're definitely aware of the problem. It has improved over different versions. But that's the biggest issue. The overhead, that it uses resources, and it slows down browsing and opening documents.

Implementation, initially, was huge. That's gotten way better.

I'd like to see support for other browsers, which they've been working on. It supports IE and Chrome, and they do support some Firefox. They're looking at containerizing certain applications. That could be an interesting feature as well.

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

The stability has improved hugely, by leaps and bounds. Initially, three years ago, it was very difficult to implement. It's way better now.

There are still issues that pop up once in a while. Recently they had an issue with an Adobe update that came in where they had to quickly tweak a version and get a pack pushed out. But again, they were very responsive. We were the first ones talking to them about it and they supported it quickly.

They've had the same issue with one or two Windows 10 versions that have come out where an issue came up that they had to work through and resolve. It hasn't caused us downtime. In the worst-case scenario, we may have had a machine or some machines that were unprotected, if there was a big issue.

What do I think about the scalability of the solution?

The scalability is good now. The thing you've got to balance is that there is definitely some extra resource use on the endpoints. But with their current version it's been getting better and better and better. We have it on between 2,500 and 3,000 endpoints and I know there are companies that are much bigger than us that have it deployed on many more.

How are customer service and technical support?

Bromium has always been super-responsive. We have the support portal. We can quickly put a ticket in there. And we actually have monthly meetings with one of their leads in the support area during which we just troubleshoot.

Initially - and, again, this just shows how much they supported the product - during implementation, we were having weekly meetings or more to discuss issues and problems and to make sure we were getting implemented as quickly as we could.

Their support, their engineers are very good. We've had calls working through some issues here and there on different things. We've had calls with high-up people from the company. We've had calls with people overseas in the UK, troubleshooting different issues. I can't say enough about their support of the product, and their team.

Which solution did I use previously and why did I switch?

We didn't have any similar product.

How was the initial setup?

It was definitely very difficult to implement but that was over three years ago. If not for their support and their follow through on getting it up and running and going... 

The endpoint protection you get from it is phenomenal but there's definitely some overhead and there are some bumps in the road from time to time. You may have to do some work when a website doesn't operate correctly or you have to whitelist it because again it doesn't run well in a micro VM.

The deployment took around six months or so. We did a slow roll at first because a lot of websites did not render properly. We had some internal things that didn't work properly with it. There were some enhancements that they did and some whitelisting that went on. It was not a simple process to get up and running.

Our implementation strategy was to start with a small pilot group and grow as we felt comfortable with the usability.

In terms of the number of staff it took for deployment, we have a very small staff. There are only four IT security people here. At the peak of implementation, it was taking two of us a good deal of our time, between getting it going and trying to get with Bromium and resolve issues.

Now that it's fully implemented it takes a fraction of one person's time to maintain it. We'll still have a one-off issue now and then where there will be an issue with a website that somebody is going to, or they are trying to download a file from that may not work. But, we have pretty good expertise within our staff now for dealing with those problems.

What about the implementation team?

We just used Bromium for the initial piloting and implementation.

What was our ROI?

We have definitely saved money in remediation expenses. Where we've seen the improvement is in the decrease in times where our desktop people have to go get a computer and re-scan it or clean it or re-image it.

We have a fairly small team here so ROI is not a metric that we can really keep. It's hard to say what the ROI is on a machine that doesn't get infected, that might have gotten infected. Certainly we've had cases - one case in particular - where we dealt with them directly and had their engineers on there and it was a big help for a website that was affiliated with our organization. It was infected and it had been flagged by one of our machines that went there through Bromium. We've had some cases like that where we have definitely seen things that could have been big issues, from an IT security side of things, but were not. In terms of ROI, if the issues never happen, what do you see?

What's my experience with pricing, setup cost, and licensing?

We did a three-year deal three years ago. We're due for a renewal in a couple months. We'll see, then, where we're at. Initially, the cost was higher than some other solutions. The renewal, the licenses, are a perpetual thing, so I think the renewals are pretty reasonable.

Which other solutions did I evaluate?

We evaluated another product at the same time, Invincea, which is very similar. But we felt Bromium was better. The level of the OS where Bromium protects the exposure to the lines of code that they have, versus Invincea, was just a better solution.

What other advice do I have?

Make sure that you meet their specs as far as hardware requirements go. Having a standard hardware configuration, as we do, is huge, where you don't have to deal with different hardware things that may get affected by the resources that Bromium needs.

We're very happy with the product, for both things that I mentioned already: protecting endpoints for when our users are accessing the internet, for unknown websites, and the same for docs and PDF.

We've had this for a little over three years, we were one of their early customers. It was a rocky implementation initially because it was when they first came out, but their support, their service, and responsiveness have always been excellent. Any problems that we have had, they have always been very quick to assist, address.

They do a user group once a year, which is very valuable. Customers come in and they meet with Bromium execs, some engineers are there as well. It's like a user group, where they sponsor it and they have people come. That's a great exchange of information and great product-wise for talking about enhancements and what people are seeing, problems they are having, things they'd like to see. It's definitely nice and I would recommend they keep doing that because I think it's a big benefit.

For us that's what kept us going down this path, besides the great protection we're getting, especially during the rocky road at the beginning: the response, how responsive they are with issues.

I'd give it a high nine out of ten. Looking at it in the big picture of the risk that you're mitigating and the protection that you're getting, it's phenomenal. You pay for it a little with the resources and a little bit of work, from time to time, with sites that don't function quite right with it.

**Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Add a Comment