How to Close the Gap in VDI Security
By BUFFERZONE Team, 2/06/2015
In order to reduce operational costs, improve efficiency and enhance security, an increasing number of organizations are using a virtual desktop infrastructure (VDI). In fact, a recent analyst report forecasts that from 2014 to 2019 the VDI market in the US will surge at a compound annual growth rate of 29.70%.
However, while using VDI can lead to significant benefits, this approach is not without key risks; specifically:
- Just like physical desktops, VDI is inherently vulnerable to threat vectors such as untrusted sources over the web (e.g. drive-by-downloads, malvertising, etc.), spear phishing emails, and infected files on removable media like mobile phones. While it’s easier to ensure that every desktop is running the latest patches under VDI, user behavior is still hard to control.
- While VDI technically stores information inside the data center, users nevertheless still obtain information via their endpoints. As a result, hackers who breach an endpoint can steal data at rest, even on an endpoint that is powered off. And if the session is temporary, there is still a window of vulnerability.
- Since each desktop in the VDI infrastructure is connected to the data center, hackers who breach one endpoint can move laterally and breach others, as well as the server itself. As BrianMadden.com warns “an attack on one desktop could affect the whole lot”.
To combat these risks, organizations are using signature-based antivirus software and HIPS/IPS tools. While this is certainly a move in the right direction, it is not a bulletproof solution as the VDI remains vulnerable to advanced threats that go undetected. Therefore, organizations need to “close the gap” in their VDI security so that they reap the rewards, yet minimize the risks. And that is where BUFFERZONE enters the picture.
BUFFERZONE uses a patented virtual container to isolate malicious threats that bypass antivirus software and HIPS/IPS tools, and would otherwise breach one or many virtual desktops — and potentially the VDI server. And when users want to collaborate and share documents, they do so via BUFFERZONE’s secure bridge, which is a configurable process that safely transfers content and data between the virtual container and secure network zones.
At the same time, BUFFERZONE maximizes productivity by providing a seamless user experience. As such, employees can continue using the apps, programs and removable media they need. IT staff can also define granular policies for data sharing and trust (including a list of protected applications and URL whitelisting), and access accurate threat information via their SIEM in to order direct rapid remediation efforts, and to conduct enterprise-wide security analytics.
In addition, customers report that BUFFERZONE does not impact VDI performance, since it runs a very small agent on each virtual desktop and requires no scanning or signature updates.
The bottom-line is that VDI can be a smart strategic approach to help reduce operational costs, improve efficiency and enhance security. However, these gains cannot be optimized – or in some cases, even realized – without closing the security gap. For a growing number of organizations, the cost-effective, lightweight and reliable way to do that is simply by adding BUFFERZONE.