A Guide to Closing All Potential VDI Security Gaps

Similar documents
Securing Today s Mobile Workforce

Make security part of your client systems refresh

MOBILE SECURITY 2017 SPOTLIGHT REPORT. Information Security PRESENTED BY. Group Partner

Securing the Modern Data Center with Trend Micro Deep Security

SO YOU THINK YOU ARE PROTECTED? THINK AGAIN! NEXT GENERATION ENDPOINT SECURITY

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

BUFFERZONE Advanced Endpoint Security

The McAfee MOVE Platform and Virtual Desktop Infrastructure

ForeScout CounterACT. Continuous Monitoring and Mitigation. Real-time Visibility. Network Access Control. Endpoint Compliance.

AT&T Endpoint Security

Say Yes to BYOD How Fortinet Enables You to Protect Your Network from the Risk of Mobile Devices WHITE PAPER

THE ACCENTURE CYBER DEFENSE SOLUTION

Whitepaper. Endpoint Strategy: Debunking Myths about Isolation

Security by Default: Enabling Transformation Through Cyber Resilience

Symantec Endpoint Protection

Barracuda Advanced Threat Protection. Bringing a New Layer of Security for . White Paper

Mobility, Security Concerns, and Avoidance

McAfee Complete Endpoint Threat Protection Advanced threat protection for sophisticated attacks

KASPERSKY ENDPOINT SECURITY FOR BUSINESS

Accelerate Graphics in Virtual Environments

Seqrite Endpoint Security

HPE Intelligent Management Center

EU GENERAL DATA PROTECTION: TIME TO ACT. Laurent Vanderschrick Channel Manager Belgium & Luxembourg Stefaan Van Hoornick Technical Manager BeNeLux

Spotlight Report. Information Security. Presented by. Group Partner

Symantec Endpoint Protection Family Feature Comparison

5 Trends That Will Impact Your IT Planning in Layered Security. Executive Brief

Changing face of endpoint security

Five Tips to Mastering Enterprise Mobility

Symantec Endpoint Protection

SIEM: Five Requirements that Solve the Bigger Business Issues

As Enterprise Mobility Usage Escalates, So Does Security Risk

Kaspersky Security for Virtualization Frequently Asked Questions

Ensuring Desktop Central Compliance to Payment Card Industry (PCI) Data Security Standard

How to Identify Advanced Persistent, Targeted Malware Threats with Multidimensional Analysis

Understanding VDI End-to-End

White Paper. Why IDS Can t Adequately Protect Your IoT Devices

IT Security Cost Reduction

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

Features. HDX WAN optimization. QoS

CloudSOC and Security.cloud for Microsoft Office 365

White Paper Taking Windows Mobile on Any Device Taking Windows Mobile on Any Device

TREND MICRO SMART PROTECTION SUITES

GUIDE. MetaDefender Kiosk Deployment Guide

Next Generation Privilege Identity Management

Symantec Client Security. Integrated protection for network and remote clients.

ENTERPRISE ENDPOINT PROTECTION BUYER S GUIDE

Managed Endpoint Defense

RSA Solution Brief. The RSA Solution for VMware. Key Manager RSA. RSA Solution Brief

A Mobile Security Checklist: The Top Ten Threats to Your Enterprise Today. White Paper

BYOD: BRING YOUR OWN DEVICE.

Adaptive Authentication Adapter for Citrix XenApp. Adaptive Authentication in Citrix XenApp Environments. Solution Brief

THE IMPACT OF MOBILE DEVICES ON INFORMATION SECURITY:

Best Practices in Securing a Multicloud World

PCI DSS Compliance. White Paper Parallels Remote Application Server

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

Digital Workspace SHOWDOWN

Solution Guide for Sennheiser Headsets, IGEL Endpoints and Skype for Business on Citrix VDI

CLOSING IN FEDERAL ENDPOINT SECURITY

BUFFERZONE Advanced Endpoint Security

XenApp, XenDesktop and XenMobile Integration

TRAPS ADVANCED ENDPOINT PROTECTION

ForeScout ControlFabric TM Architecture

8 Must Have. Features for Risk-Based Vulnerability Management and More

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Malware Outbreak

Survey Results: Virtual Insecurity

Rethinking VDI: The Role of Client-Hosted Virtual Desktops. White Paper Virtual Computer, Inc. All Rights Reserved.

IT Boosting Employee & Business Productivity with Innovative Technologies and Solutions Refresh Now

Securing Health Data in a BYOD World

Endpoint Security and Virtualization. Darren Niller Product Management Director May 2012

Borderless security engineered for your elastic hybrid cloud. Kaspersky Hybrid Cloud Security. #truecybersecurity

Security Gap Analysis: Aggregrated Results

Quick Heal AntiVirus Pro. Tough on malware, light on your PC.

Paper. Delivering Strong Security in a Hyperconverged Data Center Environment

How your network can take on the cloud and win. Think beyond traditional networking toward a secure digital perimeter

The 2017 State of Endpoint Security Risk

ForeScout Extended Module for Splunk

Top 10 most important IT priorities over the next 12 months. (Percent of respondents, N=633, ten responses accepted)

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

PROTECTION FOR WORKSTATIONS, SERVERS, AND TERMINAL DEVICES ENDPOINT SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY

Cisco VXI Smart Solution with VMware View

Citrix XenMobile and Windows 10

The Virtues of Virtualization and the Microsoft Windows 10 Window of Opportunity

Dell Cloud Client Computing. Dennis Larsen DVS Specialist Dell Cloud Client Computing

Why is Office 365 the right choice?

Completing your AWS Cloud SECURING YOUR AMAZON WEB SERVICES ENVIRONMENT

BUILDING A NEXT-GENERATION FIREWALL

Dell DVS. Enabling user productivity and efficiency in the Virtual Era. Dennis Larsen & Henrik Christensen. End User Computing

Retail Security in a World of Digital Touchpoint Complexity

Ensure Virtualization Security and Improve Business Productivity with Kaspersky

Table of Contents Table of Contents...2 Introduction...3 Mission of IT...3 Primary Service Delivery Objectives...3 Availability of Systems...

SECURING DEVICES IN THE INTERNET OF THINGS

3 Ways Businesses Use Network Virtualization. A Faster Path to Improved Security, Automated IT, and App Continuity

Securing Dynamic Data Centers. Muhammad Wajahat Rajab, Pre-Sales Consultant Trend Micro, Pakistan &

Using Threat Analytics to Protect Privileged Access and Prevent Breaches

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data

WHITEPAPER. How to secure your Post-perimeter world

Data Sheet: Endpoint Security Symantec Multi-tier Protection Trusted protection for endpoints and messaging environments

STATE OF THE NETWORK STUDY

RSA INCIDENT RESPONSE SERVICES

Trend Micro Deep Discovery for Education. Identify and mitigate APTs and other security issues before they corrupt databases or steal sensitive data

Transcription:

Brought to you by A Guide to Closing All Potential VDI Security Gaps IT and security leaders are embracing virtual desktop infrastructure (VDI) as a way to improve security for an increasingly diverse user population. Even with VDI, however, there are still security concerns that can be overlooked. Examples include thin clients running Microsoft Windows Embedded Standard (WES) as well as Windows virtual desktops, which can be insecure because they lack antimalware software. This white paper discusses how to address these specific challenges within the framework of an overall VDI security strategy that extends all the way from the data center to the edge. With an end-to-end approach, security teams can reduce risk, improve flexibility and support an uncompromised user experience. Here s how. Improving security is one of the main reasons why many IT organizations are turning to VDI to support their user populations. By keeping applications and data centrally located under lock and key within the data center, IT teams have more control in closing potential endpoint security gaps and responding to issues if they do arise. In addition, VDI gives IT a lot more flexibility and control in supporting an increasingly diverse base of users, who may be using combinations of desktops, laptops, tablets, bring your own devices (BYOD) such as smartphones, and companysupplied thin or zero clients. Security and BYOD are typically cited as two of the critical reasons why VDI deployments are

continuing to expand quickly with a projected compound annual growth rate of more than 27% from 2016 to 2020, according to research from Technavio.1 While many clients may be running a traditional Windows operating system, a comprehensive end-to-end VDI security solution must also support users of other operating systems, such as Mac OS or Google Chrome, as well as users of nontraditional operating systems such as Microsoft WES. Despite the overall security improvements and protections engendered by VDI deployments, there are still potential gaps that security teams often overlook. It is important to be aware of these risk areas and address them before they lead to serious and unexpected breaches. One of those gaps can affect users of thin clients running Microsoft WES. Simply put, without the proper antimalware solution in place, these devices can increase the risk of malware proliferation if a user on the network forwards a malicious attachment to a colleague using a traditional PC. Even sophisticated IT and security personnel may not be aware of this potential threat, which can proliferate through an organization s most widely used applications, such as Microsoft Skype for Business and Microsoft Exchange. In attempting to close this gap, it is important that IT and security teams deploy a solution that not only is effective in solving the problem, but does so in a way that supports the key goals of the VDI deployment, which typically encompass the following: 1 Global Virtual Desktop Infrastructure Market 2016-2020, Technavio, Jan. 20, 2016 Improving endpoint security and compliance by keeping all applications and data in the corporate data center. Increasing flexibility in terms of supporting a broad range of users and devices and easily scaling the solution as requirements grow. Delivering a great user experience that addresses the specific needs of a broad range of users with different job functions and workload requirements. This white paper focuses on VDI security in general and specifically on how organizations can leverage new technology innovations to deal with the security challenges inherent to VDI thin clients running Microsoft WES and virtual desktops running a Windows client OS, such as Windows 7, 8 and 10. It also discusses specific solutions from Dell and Citrix that address those challenges directly, resulting in not only improved endpoint security and compliance, but also increased flexibility and a great user experience. Understanding the WES Thin Client Challenge Thin clients have become an increasingly popular endpoint solution for VDI because of their inherent security protections and very low power consumption. They significantly reduce risk because applications and data are not stored locally but rather are housed within the vault of the corporate data center. About 40% of commercially available thin clients run Microsoft WES. With WES, users have flexibility to use a local browser, install drivers for external peripherals and run small applications 2

locally. Because of these capabilities, however, WES-based thin clients must install security patches on a regular basis, just like any other endpoint running a Windows OS. In fact, Microsoft releases security patches for WES each month. Without the right protection strategy, these endpoints can be infected by a malicious website, an infected web link or an infected file residing on a USB stick or other attached peripheral device. While no data would be affected on the endpoint itself, there is a risk of proliferation on the network if a user forwards a malicious attachment to a colleague using a traditional PC. Microsoft Skype for Business provides a real-world example of how this particular threat can proliferate. Skype for Business is one of the most widely used applications in the world. Well more than 50% of enterprise customers use Skype for Business, and it is emerging as an increasingly popular replacement for traditional PBX systems.2 In a Citrix XenApp and XenDesktop VDI environment, you can and should store sensitive Skype for Business data in the data center to ensure files, contacts, chat logs and more stay safe within the corporate vault, using a solution such as Skype for Business on XenApp from Citrix. But if users are using local cameras or other peripherals such as a USB stick, or if they are using Skype for Business to share files after all, it is a collaboration platform they could put your organization at risk. Another potential concern centers on performance, particularly with Skype for Business. When voice and video traffic has to travel significant distances between the data center and the user, performance can be impacted by 2 Skype for Business Adoption Trends 2016, No Jitter, May 19, 2016 something commonly known as the trombone effect. This issue can be easily resolved with the Citrix HDX RealTime Optimization Pack, which provides an optimized architecture for clear, crisp audio and video calls. An Innovative Approach to Thin Client Security How do you mitigate risk from WES thin-client endpoints? A traditional best practice is to install an antivirus/ antimalware (AV/AM) solution on a WES-based thin client. In fact, some organizations require that an AV/AM solution be installed on all endpoints, including thin clients. However, a traditional signature-based AV solution is impractical for VDI environments. On a thin client, a traditional AV/AM solution has a negative impact on the user experience, slowing the system to a crawl when a virus scan takes place. This limits its effectiveness: Traditional AV solutions in this environment stop an average of only 50% of threats, based on data from internal testing by Dell.* They also leave users dissatisfied. As a result, most companies don t use a traditional AV/AM solution on their thin clients. The key to protecting these thin clients is to use an advanced threat prevention methodology that can detect malware even unknown malware before it can run. Dell is the only vendor that has developed this technology, released as the Dell Data Protection Threat Defense solution. Threat Defense is based on dynamic mathematical modeling and artificial intelligence. The algorithm was trained by analyzing tens of thousands of file attributes for millions of known realworld good and bad files. Any new file is assessed and immediately classified as 3

good, suspicious or bad. If it is identified as malware, the file is not allowed to run. Dell s internal testing has shown that Threat Defense prevents 99% of executable malware, far above the 50% on average of threats identified by top antivirus solutions.* It will also identify and stop zero-day attacks. Another important benefit of Threat Defense is that it does not depend on signatures or known patterns to recognize a threat, and does not depend on human intervention or frequent signature updates. It uses an agent, installed on the endpoint or virtual machine, that consumes only 1% to 3% of the CPU and less than 40 MB of RAM. Therefore, it has virtually no impact on system performance or the user experience. A Broader VDI Security Strategy Dell s Threat Defense is part of a complete, end-to-end set of security solutions designed to protect VDI environments in conjunction with solutions from the company s key strategic partners, Citrix and Microsoft. The combination of products from Dell, Citrix and Microsoft enables organizations to deploy a comprehensive security VDI security strategy all the way from the edge to the data center. Products include: Dell Data Protection Threat Defense: Threat defense should be part of an overall strategy and solution set designed to provide maximum advanced threat protection for WES thin clients in particular and other endpoints in general, including Mac OS and Windows Server systems. It should be noted that in planning a strategy, IT teams also have the option of using thin clients running Dell Wyse ThinOS, which don t need any form of antivirus software because they have no published APIs and offer zero attack surface. Therefore, thin clients running Wyse ThinOS are the intrinsically most secure endpoints that can be used in VDI environments. Dell Data Protection Endpoint Security Suite Enterprise (ESSE): This can be used to protect persistent virtual desktops running Windows as well as all VDI endpoints. In addition to offering antivirus protection, ESSE is available with features such as data encryption, authentication and centralized management. Citrix XenApp and XenDesktop: Citrix has been at the forefront of desktop virtualization from its inception and has developed many of the technologies and innovations that have defined best practices in desktop virtualization security. These include application virtualization; centralization of functions such as patches, hotfixes, and application and configuration updates; two-factor authentication; containerization for mobile applications; network and host segmentation; and many others. Application virtualization: With Citrix, organizations can leverage both desktop virtualization and application virtualization through a complete solution that provides centralized control and management, flexible delivery schedules, granular policy-based access control, endpoint protection and compliance support. The core of the solution is Citrix XenApp for app virtualization and Citrix XenDesktop, which integrates the full power of XenApp for ondemand delivery of virtual Windows apps and desktops complemented 4

by application delivery control, secure access control and clientside virtualization and encryption. Conclusion Security is one of the main reasons organizations are turning to desktop virtualization. The ability to keep all applications, data and desktops under lock and key in the corporate vault is an inherent advantage of VDI environments. But that doesn t mean there aren t risks, and those risks must be addressed through an overall VDI security strategy that extends all the way from the edge to the data center. For more information on how your organization can close your VDI security gaps, please visit Dell at Dell.com/wyse/shield. * Based on Dell internal testing, November 2016 As part of that end-to-end security strategy, IT and security professionals must be aware of areas where there may be hidden gaps, such as thin clients running Microsoft WES or Windows virtual desktops. New solutions may be necessary to close these gaps. One such solution is Dell Data Protection Threat Defense. When used as part of an endto-end security strategy incorporating solutions from Dell, Citrix and Microsoft, Threat Defense can significantly reduce the threats of attacks from all clients, including thin clients using the Microsoft WES operating system. The combination of Dell, Citrix and Microsoft not only closes such gaps, but is best positioned to enable IT teams to address all potential VDI security challenges, without compromising flexibility or diminishing the user experience. 5 Ultrabook, Celeron, Celeron Inside, Core Inside, Intel, Intel Logo, Intel Atom, Intel Atom Inside, Intel Core, Intel Inside, Intel Inside Logo, Intel vpro, Itanium, Itanium Inside, Pentium, Pentium Inside, vpro Inside, Xeon, Xeon Phi, and Xeon Inside are trademarks of Intel Corporation in the U.S.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback