ON-DEMAND WEBINAR: Morphisec's Top 10 Security Predictions - Outlook into 2024
arrow-white arrow-white Watch now

Why Virtual Desktop Infrastructure Is Riskier Than You Realize

Posted by Matthew Delman on October 15, 2020
Find me on:


Virtual desktop infrastructure (VDI) felt like a lifeline at the start of the Coronavirus pandemic. As offices rushed to close down and companies scrambled to operate remotely, those with VDI found the process to be surprisingly seamless. People didn’t have to bring the office home with them or make do with incomplete data and insufficient tools. Instead, they simply had to login to a portal to access a virtual copy of their own office desktop. The setting may have changed, but thanks to VDI, the workflows carried on as always.

Whether or not a company currently has VDI, recent events have made it clear to both camps how vital this technology is during the Coronavirus pandemic and for a future where remote work plays a much bigger role. No wonder the VDI market is projected to grow from 4.49 billion in 2019 to almost 13 billion by 2027 - it’s quickly becoming a mission-critical business resource.

Important as VDI may be, users and new adopters shouldn’t assume it’s only an asset. The conversation around VDI focuses heavily on the advantages: mobility, flexibility, scalability. But that same conversation often ignores or obscures issues around VDI security. Consequently, companies right now are rushing to adopt a technology that’s far riskier than they realize.

VDI Security: Fact vs. Fiction

The reality of VDI security looks drastically different than the popular perception. Even experienced VDI users often have serious misconceptions about how secure virtual desktops are and what the consequences can be if that security fails.

Too commonly, users assume that virtual desktops are either invisible to hackers or invulnerable to their attacks. Neither is accurate. Virtual desktops are vulnerable to all the same types of attacks that threaten physical desktops. When attacks do occur, ending a session doesn’t always stop the damage. And if there aren’t endpoint protections defending the VDI, the damage can be severe once hackers move laterally from the virtual session into the server. From a security standpoint, virtual desktops are no different than their physical counterparts – contrary to what users have been led to believe.

Granted, VDIs do upgrade security in some ways. Virtual desktops tend to have the necessary patches and updates installed since IT only has to “work” on one machine instead of multiple. However, that only stops attacks following the path of least resistance. Zero-day attacks, which utilize vulnerabilities that haven’t been patched yet, can still devastate a VDI. So can something as simple as a phishing attack – all it takes is someone opening a bad email attachment during a virtual session. The point is, VDIs are hardly ironclad.

Security Struggles Unique to VDI

In addition to being wide open to attack, virtual environments are more complicated to secure. For example, VDIs attempt to efficiently provision limited computing resources to create as many virtual desktops as possible. Since antivirus provisions also require these resources, securing VDIs means companies have fewer virtual desktops at their disposal.

Antivirus protections can also cause a “boot storm” – when an antivirus platform automatically attempts to download multiple updates at once, slowing down system performance with an explosion in network traffic. However, if companies turn off automatic updates, they must install them manually instead – which is time-consuming and risky if an update goes overlooked.

Performance issues can also happen because of excess network traffic traveling between endpoint detection and response (EDR) agents on each virtual instance and their central interrogation server. For all intents and purposes, VDIs are incompatible with EDRs. Yet without endpoint security, virtual desktops have threadbare defenses.

Under these circumstances, companies face a serious conundrum: whether to rely on VDIs despite the security risks or try to make remote work possible without virtual desktops. Fortunately, there’s also a third option.

An Unconventional Approach to VDI Security

Moving target defense (MTD) technology is well-suited to VDI security, as in contrast to traditional protections it provides a very lightweight agent. This allows administrators to fit more virtual desktop instances on each host-server, fully realizing the cost savings of desktop virtualization. Further, MTD also doesn’t require an internet connection to function, which saves substantially on network traffic and reduces the risk of a boot storm.

Moving target defense also contrasts with traditional antivirus or even next-gen AV in that it doesn’t focus on identifying and remediating attacks. Rather, a moving target defense solution proactively blocks attacks by morphing the process memory on each virtual instance. Because moving target defense doesn’t rely on updating a signature database or altering an algorithm, it ultimately can more efficiently protect each individual virtual instance.

Ultimately, moving target defense stops attacks before they have a chance to cause any damage in the virtualized desktop or even progress beyond the child instance to the golden image. With VDI usage on the rise, attacks will increase as well. Whether or not they’re successful is entirely up to you.