Morphisec Cybersecurity Blog

How Are VDI Security and Endpoint Security the Same?

Written by Ronen Yehoshua | June 10, 2020 at 4:00 PM

If you rely on a cloud-based Virtual Desktop Infrastructure (VDI), you’re hardly alone. Projections suggest the market for this technology will grow from about $3.6 billion in 2017 to more than $10 billion in 2023, but the ceiling could actually be much higher as the Coronavirus pandemic drives demand for exactly what virtualized desktops have to offer.

Historically, companies have virtualized so that employees could log onto the same desktop environment from any device, making the workforce truly mobile. At the same time, virtual desktops can expand the impact of IT without requiring investment in new hardware. Companies can even repurpose old hardware to run the latest and greatest apps, further cutting IT costs.

Even more compelling for a lot of companies is the simplicity of managing virtual desktops. Patching and updating happen automatically in the cloud, ensuring each machine works perfectly without asking IT to do the work. A well-deployed VDI certainly make life easier, for both users and IT administrators.

What they don’t do, however, is make the software layer any more secure – a dangerous misconception putting any company that relies on cloud-based virtual desktops at risk.

Virtual Endpoints Are Still Endpoints

You understand the importance of securing physical endpoints like laptops and tablets. Virtual desktops designed to mimic these devices have all the same capabilities – and all the same weaknesses. Therefore, any attack designed to exploit something like Adobe Acrobat or Microsoft Word running on a physical machine will be just as effective targeting those applications on a virtual machine.

Helpful as cloud-based management may be, it does little to upgrade VDI security in a meaningful way. Arguably, it does just the opposite. When users believe they’re safe because someone else is handling the details, they can become complacent about VDI security and (accidentally) make things very easy for hackers. That’s true regardless of whether they’re running a persistent or non-persistent virtual setup.

Making matters worse, physical and virtual machines share the same vulnerabilities but not the same capacity for self-defense. Physical desktops with abundant memory can run antivirus programs that cross-check files and applications against a huge database of malware signatures. By design, virtual desktops use only enough memory to function. The database of malware signatures needed to run traditional antivirus consumes a significant amount of memory, which if deployed on each child desktop limits the number of instances that can be deployed per hypervisor. With virtual desktops needing to run in significant numbers to be truly cost-effective, enterprises need to carefully consider the memory requirements of VDI security.

Next-generation antivirus (NGAV) platforms have similar constraints running on VDI. NGAV tools utilize heavyweight machine learning algorithms that require more resources than many virtual desktops have to offer. This problem will only become more pronounced as cybersecurity tools begin to require more resources, creating a situation where virtual desktop infrastructures are no longer cost effective.

Users could abandon them preemptively, moving to something less convenient but more secure. Or they could continue to benefit from virtualization but with a whole new approach to security.

Moving Target Defense: VDI Security Made Real

Moving target defense consistently neutralizes endpoint attacks on both physical and virtual desktops. It works by morphing the application memory. Hackers think they’re launching an attack against a legitimate target, but they’re actually targeting a harmless decoy. Essentially, moving target defense diverts and then diffuses an endpoint attack before it has any consequences.

In addition to being effective, moving target defense has a small footprint, making it ideally suited to VDI security. Traditional AV and NGAV tools require a runtime component that either taxes performance or makes these tools incompatible with virtual machines. With moving target defense, by contrast, the memory gets morphed, and then the application steps out of the way, using minimal computing resources as there is no runtime component. In that way, this is the rare approach that’s both ironclad yet lightweight.

Moving target defense also benefits from lacking a database or algorithm to update. What this means is there is no additional information required to defend against emerging, zero-day threats. It’s always up to date and on guard because it doesn’t need to recognize a threat to stop it – unlike all other approaches to VDI security. As a result, users don’t have to worry that the version included with the golden image of the virtualized desktop has blind spots or requires updates. It’s always ready.

As more companies transition to virtual environments, so will more hackers. New and old users alike must acknowledge this fact and be just as honest about the vulnerabilities ingrained in virtual environments. But they shouldn’t despair. With moving target defense in places, companies can make mobility and security both priorities.