Virtualization has long been perceived as the holy grail of business agility, simplified management, return on investment, and even security. While the benefits of virtual desktop infrastructure (VDI) are undeniable, the security aspect is, unfortunately, a myth.
The security aspect of VDI is not only misunderstood, it is also often perceived as a drag on the ultimate success of VDI deployments. There are three main reasons for this. First there is a general misconception that VDI is somehow synonymous with security. Second, securing virtualized environments does indeed present a series of specific challenges; and third, because few solutions can protect virtual deployments in a cost-effective and resource-efficient manner. Let’s take a closer look at these three aspects.
VDI doesn’t equal security
VDI is one of the most popular virtualization technologies among organizations seeking to reduce costs, achieve operational agility, and increase revenue. For many businesses, physical endpoints are tedious to manage, patch and safeguard from cyberthreats. Virtual desktops, on the other hand, let IT administrators provide centrally managed desktop environments to employees, not just on laptops but, essentially, on any device with a display. VDI helps assure an organization that information is always accessed and managed in a centralized and secure fashion – regardless of where the user accesses or generates information from. But this doesn’t mean an IT department can neglect to monitor the infrastructure for threats. Lest we forget, there’s also malware out there, and that’s one thing VDI is not equipped to tackle on its own.
Virtualization poses specific security challenges
All applications are susceptible to exploitation, regardless of where they run – physical, virtual, in the cloud or on-premise. Although traditional security can be used in virtualized environments, these solutions are neither built nor optimized for virtual workloads. Traditional antivirus (AV) solutions can create specific challenges in a VDI environment, including low virtual machine consolidation ratios, boot latency, AV storms, outdated AV on dormant virtual machines, and administrative bottlenecks. This means employees face obstacles to working efficiently and IT administrators struggle with mundane tasks and endless manual configurations. Meanwhile, business leaders have no clear picture of their security posture. In fact, research shows excessive deployment of security solutions gives IT decision makers a false sense of confidence in their security.
Targeted attacks use advanced techniques like rootkits that operate at the OS / kernel layer of privilege. This way, they evade detection by the operating system or the security solution running within the OS. The reason? Conventional security can run at the same level of privilege as the infection itself. As a result, it may not reliably detect the malware, or it can be disabled outright by the infection. Furthermore, conventional solutions focus on filesystem protection. Advanced threats can – and often do – operate directly in the memory, without having any footprint in the filesystem.
Marrying security and VDI
To defend a virtual environment against advanced threats, companies need a solution that not only delivers security within the VM, but also protects the virtual desktop from outside the OS – all while achieving consolidated management and operational efficiency.
A good VDI security solution uses a single set of featherweight in-guest security tools – instead of a series of heavy legacy agents – to offload resource-intensive tasks to a dedicated virtual appliance that performs centralized threat analysis and maintains detection algorithms for multiple VMs. Scan offloading, combined with highly-optimized caching algorithms and heuristics, minimizes the security “tax” on infrastructure resources. This means applications have more resources to run, reducing latency and improving the end-user experience.
To fortify the infrastructure against zero-day, kernel-level exploits and other advanced threats, your ideal VDI security tool should also be able to perform live memory introspection at the hypervisor level, monitoring the VM for attack techniques (buffer overflow, code injection, API hooking) rather than trying to identify malware by what it looks like.
Unlike unique malware signatures, attack techniques are finite in numbers. These can be caught at the memory level simply by their behavior, prior to execution. This method has proven effective at stopping attacks leveraging unpatched software, side-channel attacks (i.e. Spectre, Meltdown, SWAP-GS) and even zero-day exploits.
Less is more
Security is instrumental to the success of any business. But security should not hamper the business. Choosing the right VDI security solution can sharply reduce additional capital outlay on more hardware, ease employee frustration and reduce wasted productivity.
Your VDI security solution must have the least possible impact on your people and processes, delivering a frictionless experience in every department. When it comes to security, choosing the right tools, versus more tools, is the smart thing to do.
