What is our primary use case?
Our primary use case is in our radiology department. We see a lot of our patients daily. What would happen was, a traditional antivirus would scan each Radiologist's files. The files can be massive, 4 or 5-plus gigs, because they are radiation imaging files. The scans would slow down the process, as the radiologists need to see a bunch of images in a specified amount of time. A big complaint was that the AV was really slowing things down, it was ruining productivity.
How has it helped my organization?
With the Bromium, everything comes up in a nice, isolated window, which negates the need to wait for that AV scan to conclude, so the radiologists can be very productive; see many patients in a specified amount of time. we know we are safe with Bromium because once they close out that window, Any threats, if that particular image was compromised, would just disappear.
Here at Moffitt, patients are our top priority. They are everything to us. We want the patient experience to be wonderful, from registering, to the care that they receive here, to the experts that we hire and recruit to make sure they have top-notch, quality care. The way Bromium adds to that is that when you have cancer you have to do some scans, no matter where you go. These imaging scans are vital to the care of patients. These scans require radiologists and clinicians to read them efficiently and effectively. The workload we have, to see patients, is tremendous. Anything that slows down the process of taking care of our patients - to wait for an image to come up, to redo that image, to close it down - really inhibits the appropriate patient care we're trying to give. Bromium allows us to safely view images. It allows us to quickly and safely surf our network so that we can take proper care of our patients efficiently, effectively, and expeditiously.
I've heard from the doctors that, now that we have installed Bromium on the systems, on the radiology machines, they're able to spend more time with the actual patient, and the patients appreciate that extra time with their doctor to talk about what's happening to them, to map out a treatment plan. That has really been well received in the organization and by our patients.
Our overall security posture has improved as a result of adding this solution to our security stack. In the past, a request might be made like, "Hey, your AV is having some effect on our systems here. We need to exclude this file path because every time your AV scans this file path it makes the system stall or it makes the system freeze. We just can't run this program on the server that's needed for patient care." Or, "We cannot view what we need to view fast enough to be effective." So we would exclude that particular path. The AV would no longer scan a particular area of a computer, whether it's a file path or a file itself, and that would leave us vulnerable. The threat actors out there could leverage that to put malware or that like in that file path. With Bromium, there's no need to exclude anything, any path, any file, because everything is open in a micro VM. We are now more secure because we don't have to exclude anything from being scanned for malicious activity.
After implementing Bromium, we were able to remove endpoint protection defenses. All of the radiology machines, which is quite a few, do not have an AV on them. We have Bromium instead. We were able to remove one of the major, top-five antivirus solutions.
What is most valuable?
The feature that stands out the most is that when someone clicks on a link in an email, it opens up a web browser window, Internet Explorer. Let's say that link is malicious and it has some malware or keylogger attached to it. When it opens up in that Bromium virtualized browser, there's no chance of it actually being on the machine and running, because as soon as they click that "X" in the upper right-hand side of the browser, everything just vanishes. That is an added plus.
What needs improvement?
Initially, when we came in contact with Bromium a few years ago, it had a nice threat analyst, or a LAVA Pop, which is what they used to call it. Once it detected malware, it would show us the malware's path; for example, the malware was activated here, in this file, then it went here and it generated another file, then it went here. It was almost like a spider web, so to speak. And it showed it on the end user's computer, and that's what we liked. We could go to any computer and see what the malware tried to do, how it got into the micro VM, which is like a sandbox. I don't see that on the computers now. We only get to see that in the console.
I would like to still see that on the individual machines because when we go out to look at a machine, we don't necessarily have access to the console. We would like to see right there on the machine what has transpired.
For how long have I used the solution?
One to three years.
What do I think about the stability of the solution?
In the last two years, we haven't had any problems with Bromium outside of the issue I mentioned with WebEx. That's it.
To me, it's almost like that old Fixodent denture commercial: Fix it and forget it. To me, it's been a breath of fresh air. I was the single administrator for it and I didn't have any issues there at all. There are no tickets that have come in because of a Bromium issue. It's been running smoothly.
What do I think about the scalability of the solution?
The scalability is fine. We have not rolled it out enterprise-wide because we have a very complex system here and we like to roll out everything in sections. The scalability of Bromium would be conducive to a small, medium, or large enterprise. I don't think that would be a problem at all.
In my organization, we have about 150 users of it, and that number is growing rapidly. They are mostly clinicians and radiologists.
We have plans to increase usage in the future. The first thing we want to do is complete using Bromium throughout our Radiology department. As you can imagine, we have quite a large Radiology staff, so we want to cover that because the use case in that department has been a tremendous benefit to us. After we do that, we're going to roll it out into other sections that have had issues with the traditional antivirus. What I mean by issues is, if the antivirus is scanning the system at a specific time, especially when that device is in use, it interrupts that device because it's scanning a file that is very sensitive. To alleviate that, we would have to put in an exclusion for that file path or that file. When we come across issues like that, we would use Bromium to help protect the system to not interfere with the use of the system.
How are customer service and technical support?
Last time we talked to Ted in tech support, the incident was that a doctor trying to go to a WebEx. When you go to a WebEx meeting, it asks you to install a .exe file to get to the meeting website. Bromium would not allow that file to be installed. We simply had to whitelist that particular executable for that site and it installed just fine. The reason why Ted was engaged was because, while we're savvy enough to know that we needed to whitelist that site, when we checked Bromium Enterprise Controller, we saw that the WebEx site was already in our whitelist so we could not figure out why it would not install that .exe.
After troubleshooting with the help of Ted, we realized that the actual .exe for WebEx was a different site. WebEx had upgraded their .exe and it redirected you to another site which we did not have on our whitelist. Once we added that additional site it came up and installed no problem.
Overall, technical support is wonderful. They're very responsive, through email or by phone. It's always less than 24 hours until they get back to us. Usually, it's within an hour or so. That's really quick.
Which solution did I use previously and why did I switch?
We did have previous solutions. My boss came across Bromium about four-and-a-half years ago at a conference. Bromium gave a presentation and he was wowed by that presentation. He was so wowed that he actually came back to our place of employment and he had them do a demo for us. When we saw it, we were wowed as well. From that point, we did a proof of concept and it worked well, and we decided to bring it in-house.
How was the initial setup?
The setup was pretty straightforward. They make it really easy to install this particular product and you give it various avenues. You can do it remotely, through the BEC (Bromium Enterprise Controller), or you can do it on the endpoint, and the endpoint would actually reach back out to the BEC. It's pretty simple, pretty smooth. We just added two more Bromium administrators here and they were pleasantly pleased by how easy it was to manage and install.
The initial deployment didn't take that long at all. Installing the enterprise controller and installing on our first several PCs, took no more than an hour, if that. It was three years ago, roughly, when we did that, but I don't remember it taking more than an hour. Each additional machine literally takes five to ten minutes, tops. I hesitate to say ten minutes, not even that long. It's really easy and it's really simple.
Staff, on our side, for the deployment was two people: One setting up the Bromium Enterprise Controller, and the other who was over the radiology department, the technical control person there. That was so we could coordinate things, but it didn't take a lot of folks at all.
As far as to manage Bromium on a day-to-day basis, we only had one Bromium administrator, but we've expanded that to three. That's not because of the workload requirement but because everybody has to take vacation or gets sick once in a while. We just need a backup administrator for Bromium.
What about the implementation team?
We did work with Bromium. They "loaned" us one of their fantastic techs. His name is Ted and he did a beautiful job of assisting us. Every now and then, we still touch base with Ted about the new features and the upgrades to Bromium that they come out with and he assists us with upgrading if we need to. It's relatively easy to upgrade but we like to have him on the phone with us just to touch base.
Not having to use a third-party consultant was a cost savings.
What was our ROI?
We have definitely saved money in remediation expenses since implementing Bromium. With Bromium we don't have to worry about malware being on those systems, for the departments that it's in. That saves money in that we don't have to send a technician to those areas to see if problems can be cleaned and, if not, to clean them, re-image them, etc. So the time that they don't have to do that means that that person can be doing something more productive or handling another situation. That definitely saves us overhead.
We haven't done any detailed margins analysis but we recognize from day-to-day operations that we are saving. Definitely. That's easy to see.
There is ROI in the ability to see patients and to map out a plan with patients according to what is read on the scan that the Radiologists receive. Since we now don't get bogged down with the AV scanning of a particular image, we can see more. We can do more with patients. That's a return on investment right there.
What's my experience with pricing, setup cost, and licensing?
The pricing is very fair compared to the competition. The licensing is straightforward.
Which other solutions did I evaluate?
At that time we were evaluating many options, but nothing worked quite as well as Bromium, especially for isolation through email, the links, where they download something by surfing the web and catching Zero-day attacks. The traditional AV is signature-based and Bromium negates the need for that. That was very appealing to us as well. That was a cut above the rest.
What other advice do I have?
Bromium is a very good choice. It will make your life a lot easier and you should definitely implement it, especially if you're in a hospital environment and you have a radiology department that uses traditional AV.
We do not use the forensic data reported from Bromium to help protect our data center. We don't use the secure browser to isolate high-risk web activities. We use the regular browsers here. Our browsers are hardened: Internet Explorer and Google Chrome.
I would rate Bromium as an eight out of ten. What comes to mind is the ease of use. What also comes to mind is that if you are in the BEC and it detects some malicious activity it shows you in detail what it is, what it's doing, and where you can find it. We haven't really received a lot of tickets or complaints or issues with Bromium, so that again saves money. Finally, I think of the ease of install and support.
The reason it doesn't get a ten, in my opinion, is that there are some slight issues that I haven't been able to work out yet. Because Bromium has isolation, it isolates from one browser to another. If you're doing SSO and you actually want better communication or a certain type of communication from one browser window to another, you have to do a little bit of finagling to get it to work correctly. It's not all the time, just in some instances. As I said, our particular environment is very complex. But, that's the only reason it doesn't get a ten. I'm sure in the future that they will make adjustments accordingly.