Please share with the community what you think needs improvement with Bromium.
What are its weaknesses? What would you like to see changed in a future version?
Initially, when we came in contact with Bromium a few years ago, it had a nice threat analyst, or a LAVA Pop, which is what they used to call it. Once it detected malware, it would show us the malware's path; for example, the malware was activated here, in this file, then it went here and it generated another file, then it went here. It was almost like a spider web, so to speak. And it showed it on the end user's computer, and that's what we liked. We could go to any computer and see what the malware tried to do, how it got into the micro VM, which is like a sandbox. I don't see that on the computers now. We only get to see that in the console. I would like to still see that on the individual machines because when we go out to look at a machine, we don't necessarily have access to the console. We would like to see right there on the machine what has transpired.
They have always struggled with usability. The endpoint protection that it offers you is tremendous, but there's definitely an impact with use of resources on the computer. It's gotten a lot better now with Win 10. But sometimes, when you open up a website, it's going to take longer than it would without Bromium, and it's the same with documents. There is that extra overhead so anything that they can do to reduce the resources that it uses would help. It's doing everything in a micro VM, so obviously it needs to suck up some resources, and there's some overhead associated with it. They're definitely aware of the problem. It has improved over different versions. But that's the biggest issue. The overhead, that it uses resources, and it slows down browsing and opening documents. Implementation, initially, was huge. That's gotten way better. I'd like to see support for other browsers, which they've been working on. It supports IE and Chrome, and they do support some Firefox. They're looking at containerizing certain applications. That could be an interesting feature as well.
In terms of using forensic data reported from the solution, reporting is actually one of the shortcomings of the product. We do mine the data that's in there from a forensics perspective, and we use it to raise awareness and make sure that the organization understands the type of threats we see on a day-to-day basis. The solution itself just quietly protects and the user doesn't really see it. We have to go in and actually mine the data to understand the events that have been protected against with the solution. It becomes very difficult because you have to spend a lot of time digging through the volumes of data. So reporting is absolutely the biggest shortcoming.
They need to improve the compatibility with other applications and its stability. It works well on attacks, but it doesn't work well with all software on the clients. There is a lot of troubleshooting and a lot of things that need to be tuned to make it work and not break things.
Room for improvement would be keeping up with the rate of change, specifically on Windows platforms. There are a lot of updates that come out for Microsoft Windows operating systems and the Bromium product needs to be able to keep up quickly with those updates and all the browser updates that are coming out. It's hard to do, but that's really where they need to be more responsive because we end up with problems. Then we have to call support, to get patches, etc.