Micro-virtualization vendor Bromium has offered a “Bring-Your-Own-Malware challenge” to delegates at Infosecurity Europe.
Offering a £10,000 bounty to anyone who can successfully breach its endpoint protection, participants are asked to visit the Bromium booth (B220) with malware of their choosing, or participate remotely by uploading the malware to its servers.
“The PCs in our booth are unpatched Windows machines and vulnerable to Flash, Java and other exploits. If your malware breaches our endpoint protection you will receive £10,000,” a statement said. “Bromium will also provide real-time analysis of submitted malware to help you understand its methods and vulnerabilities.”
Simon Crosby, Bromium CTO said that the cybersecurity industry “continues to peddle false promises and failed technologies that don’t protect customers from today’s attacks”, and its goal with the challenge is two-fold: firstly to allow IT security professions to test the endpoint protection platform assess its revolutionary security capabilities firsthand, and second, shine a bright light on the false claims of other endpoint vendors, whose ‘detect to protect’ promises are repeatedly proven bogus.
“Only a fundamentally different approach – such as micro-virtualization protection – can change the odds and truly secure enterprises in this battle,” he said.
Bromium, who once claimed that it could offer 100% protection, said on its challenge website that all forms of malware can be used, that a Denial of Service attack on the system does not mean a successful compromise of the host operating system, and the decision lies with the judges at the booth who will have tools to trace the activities on the host and identify a successful compromise of the host. “Adequate evidence needs to be gathered to prove that the machine has been successfully compromised by the malware. All of this will be done live in front of the audience at the booth.”
However noted bug finder Tavis Ormandy claimed to have defeated Bromium three days before the show starts, declaring on Twitter that he had found a host escape and “if they pay the £10,000 bounty, I'll donate it to Amnesty International.”