LAVA - Live Attack Visualization & Analysis

LAVA is a centralized security application that works in conjunction with Bromium's vSentry software installed at endpoints throughout the organization. LAVA gathers information from each vSentry endpoint - even mobile laptops not connected to the corporate network - then provides real-time analysis of each complete, hardware-isolated malware attack cycle that occurs. The graphical representation delivers immediate, actionable security intelligence on every corporate endpoint, enabling enterprise security teams to safely analyze threats.

What is LAVA?

Bromium LAVA offers precise and detailed view of malware behavior in real-time. The Live Attack Visualization and Analysis (LAVA) engine provides insight into an attack's origin, techniques and targets. Every Bromium-enabled endpoint uses micro-virtualization to contain each individual threat vector (website or document). This granular isolation makes it easy for LAVA to notify SOC teams of any abnormal behavior without false alarms. Bromium safely allows malware to fully execute within a hardware-isolated virtual container. This enables LAVA post-exploitation analysis of the complete attack cycle, establishing a full malware attack chain.

How does it work?

The Bromium Microvisor enables LAVA to observe each micro-VM at the virtualization layer, from the outside-in. This introspection provides a perfect view of the attacker's every move. It enables vSentry to detect attacks targeted at all vectors, including browsers, Java, Flash, and documents, including malware that operates below the operating system, such as rootkits and bootkits. Because it operates outside the isolated micro-VM, LAVA is immune to tampering or avoidance by an attacker