The Virtual Desktop Infrastructure (VDI) continues to gain popularity among our customers due to its many advantages and benefits when deployed within the modern data center infrastructure. However, those deployments lack some of the capabilities that are needed to address the threats that are introduced when moving away from hardware desktops to a virtual environment or remote desktops. Thus, many organizations are still hesitating about VDI and remote desktops in view of security concerns, especially due to the increased attack surface and the fact that endpoint devices, which are vulnerable by nature, share compute resources with the organization’s most critical and important servers inside the data center.
Organizations struggle to achieve security for VDI deployments since most of the internal data center traffic follows “east-west” patterns. The dynamic nature of VDI adds more complexity as most of the desktops are non-persistent (i.e. shared or many-to-one as opposed to persistent or one-to-one) and traffic which is mostly SSL encrypted cannot be inspected. Once a single VDI desktop is compromised, the attacker can move laterally across other VDI desktops and servers using the credentials from the originally compromised system. The same admin account may even be used for both the VDI desktops and infrastructure, increasing the inherent risk of VDI deployments.
In other words, VDI deployments require effective security controls for the virtual realm that can scale without losing visibility and control. Unlike traditional deployments where end-user machines can be physically isolated from the data center, controlled and monitored properly, in a VDI deployment both the end users and the critical servers share the same infrastructure and thus different type of solutions that are capable to address the VDI security challenges are required. In addition, micro-segmentation must be used and the end-users should be closely controlled to prevent lateral movement attacks and monitored to identify data breaches and other attack attempts that could be prevented cold.
In a VDI environment, Guardicore Centra provides micro-segmentation, breach detection and advanced monitoring alongside automated and immediate protection as well as visibility as soon as a new virtual desktop is spun up. In addition, Centra provides great security capabilities for the entire data center beyond the VDI environment.
Guardicore Centa is integrated with any data center infrastructure, without the need to change the virtualization or orchestration layers. It provides operational benefits as well as advanced security.
Here are 7 Benefits of using Centra for VDI Deployments
- Real-time visibility. Achieve real-time visibility for processes, flows and applications. Centra allows you to identify and investigate security issues in real time with the highest level of granularity.
- Micro-segmentation at the VM, application and process level. Secure applications and users in the VDI environment as well as infrastructure protection and isolation. This provides consistent security across the data center, wherever the VM is running, as soon as the VM spans on the host.
- Scalability. Centra provides scalable performance that is not limited at the hypervisor level or other choke points.
- Breach detection. Centra provides advanced breach detection functions capable of detecting lateral movement attempts inside the data center and VDI environments. No additional physical or virtual taps are required.
- Automatic analysis of attacks and breaches. Separate attacks from the network, allowing you to identify network configuration issues and reduce overall work of security teams.
- Reduced time to detect and time to respond. Centra’s incident response capabilities allow the organization to respond and take control immediately when a breach is detected. The result is improved network uptime in case of a breach.
- Integration with orchestration, automation and security analysis tools. Deploying Centra in a VDI environment allows you to integrate your corporate security with the DevOps model without hindering performance.