The real trouble with computer hackers doesn't come when they break in. The real trouble comes later — when they start snooping around, digging up sensitive data, or just thrashing your system.
That's what makes Bromium, a fledgling security startup, so interesting.
Instead of taking the approach of traditional security software from the likes of McAfee, Symantec and Trend Micro — trying to keep the bad guys out — Bromium assumes they'll get in, and just works to ensure that they can't wreak havoc once they do. The secret weapon: virtualization technology.
Virtualization is a technique that's normally used for efficiency. If you have a Mac and you'd like to run Windows programs, virtualization software helps you do it. In big corporate data centers, virtualization allows a few generic servers to act as if they're a much bigger group of specialized machines.
Bromium uses virtualization differently. Rather than create a bunch of virtual computers, Bromium's "micro-virtualization" technique creates the equivalent of hermetically sealed spaces for each task the computer does.
The affect, Bromium says: Even if hackers break into your system when you click that link in your browser, they're trapped. They can't spread their tentacles beyond the browser, and when you close the program, the attack dies, too.
"We are confident that it will absolutely change the architecture of computer systems forever," said Simon Crosby, Bromium co-founder and chief technology officer. "It's a very simple system that doesn't change the user's experience of the machine at all, and doesn't create complex procedures for management." (More: Surviving Disruption)
Bromium's founders are no newbies when it comes to virtualization, or to startups, for that matter. Two of the three cofounders were founders of Xensource, the virtualization startup Citrix Systemsbought five years ago for $500 million.
The founders also picked a ripe market. Citing results from its annual CIO survey last month, research firm Gartner projected that IT security budgets will grow from $60 billion this year to $86 billion in 2016.
Of course, none of that makes Bromium a sure thing. The company's first product works only on Windows 7 machines that have Intel processors — initially at least, Bromium's technique relies on virtualization features built into Intel's chips that allow "hardware isolation" of various tasks. Crosby says they're working on a Mac version and one for Android phones, but that will take awhile.
And then there's the fact that business customers can be slow to make big changes, even when the technology is good. (More: Disruption Empowering Consumers)
"It always takes a while before companies are willing to take a new approach," said David Johnson, an IT operations analyst at Forrester Research. The biggest market for the software, he said, is the "bring your own device" enterprise, where workers can use whatever machines they choose. "Until it works on Macs, until it works on other platforms, it's not a huge help for B.Y.O.D," added Johnson.
Bromium's founders seem to have bought themselves time to get there; the startup has raised more than $35 million in venture funds from the likes of Andreessen Horowitz, Ignition Partners and Intel Capital.