Virtualization
has long been perceived as the holy grail of business agility, simplified
management, return on investment, and even security. While the benefits of
virtual desktop infrastructure (VDI) are undeniable, the security aspect is,
unfortunately, a myth.The security
aspect of VDI is not only misunderstood, it is also often perceived as a drag
on the ultimate success of VDI deployments. There are three main reasons for
this. First there is a general misconception that VDI is somehow synonymous
with security. Second, securing virtualized environments does indeed present a
series of specific challenges; and third, because few solutions can protect
virtual deployments in a cost-effective and resource-efficient manner. Let’s take a closer look at these three
aspects.VDI doesn’t equal security
VDI is one
of the most popular virtualization technologies among organizations seeking to
reduce costs, achieve operational agility, and increase revenue. For many
businesses, physical endpoints are tedious to manage, patch and safeguard from cyberthreats.
Virtual desktops, on the other hand, let IT administrators provide centrally
managed desktop environments to employees, not just on laptops but, essentially,
on any device with a display. VDI helps assure an organization that information
is always accessed and managed in a centralized and secure fashion – regardless
of where the user accesses or generates information from. But this doesn’t mean
an IT department can neglect to monitor the infrastructure for threats. Lest we
forget, there’s also malware out there, and that’s one thing VDI is not
equipped to tackle on its own.Virtualization poses specific
security challengesAll applications
are susceptible to exploitation, regardless of where they run – physical,
virtual, in the cloud or on-premise. Although traditional security can be used
in virtualized environments, these solutions are neither built nor optimized
for virtual workloads. Traditional antivirus (AV) solutions can create specific
challenges in a VDI environment, including low virtual machine consolidation ratios,
boot latency, AV storms, outdated AV on dormant virtual machines, and administrative
bottlenecks. This means employees face obstacles to working efficiently and IT
administrators struggle with mundane tasks and endless manual configurations.
Meanwhile, business leaders have no clear picture of their security posture. In
fact, research shows excessive deployment of security
solutions gives IT decision makers a false sense of confidence in their
security.Targeted
attacks use advanced techniques like rootkits that operate at the OS / kernel
layer of privilege. This way, they evade detection by the operating system or
the security solution running within the OS. The reason? Conventional security
can run at the same level of privilege as the infection itself. As a result, it
may not reliably detect the malware, or it can be disabled outright by the
infection. Furthermore, conventional solutions focus on filesystem protection.
Advanced threats can – and often do – operate directly in the memory, without
having any footprint in the filesystem.Marrying security and VDITo defend a
virtual environment against advanced threats, companies need a solution that
not only delivers security within the VM, but also protects the virtual desktop
from outside the OS – all while achieving consolidated management and
operational efficiency.A good VDI
security solution uses a single set of featherweight in-guest security tools – instead
of a series of heavy legacy agents – to offload resource-intensive tasks to a
dedicated virtual appliance that performs centralized threat analysis and
maintains detection algorithms for multiple VMs. Scan offloading, combined with
highly-optimized caching algorithms and heuristics, minimizes the security
“tax” on infrastructure resources. This means applications have more resources
to run, reducing latency and improving the end-user experience.To fortify
the infrastructure against zero-day, kernel-level exploits and other advanced
threats, your ideal VDI security tool should also be able to perform live
memory introspection at the hypervisor level, monitoring the VM for attack
techniques (buffer overflow, code injection, API hooking) rather than trying to
identify malware by what it looks like.Unlike
unique malware signatures, attack techniques are finite in numbers. These can
be caught at the memory level simply by their behavior, prior to execution.
This method has proven effective at stopping attacks leveraging unpatched
software, side-channel attacks (i.e. Spectre, Meltdown, SWAP-GS) and even
zero-day exploits.Less is moreSecurity is instrumental
to the success of any business. But security should not hamper the business. Choosing
the right VDI security solution can sharply reduce additional capital outlay on
more hardware, ease employee frustration and reduce wasted productivity.Your VDI
security solution must have the least possible impact on your people and
processes, delivering a frictionless experience in every department. When it
comes to security, choosing the right tools, versus more tools, is the smart thing to do.
