Protecting virtual desktops

The mass transition of office employees to remote work has sparked the interest of companies in related technologies and security solutions. Many organizations have begun migrating their work processes to Virtual Desktop Infrastructure (VDI) environments. Using VDI enables employees to connect to corporate resources from any device (either remote or office-based), and processing data within the corporate infrastructure also solves a number of security issues.

VDI has been in use for several years already; the technology isn’t new. In some areas, such as medicine, it is commonplace. Thanks to VDI, for example, doctors have ready access to patient data from anywhere, which can be critical when moving a patient within a facility or on home visits. At the same time, VDI maintains data’s confidentiality in the hospital’s data center. As such, medical institutions are especially open to transferring their employees’ work to virtual desktops.

However, from a security perspective, we do not view VDI as a panacea that protects the corporate infrastructure against any attack. Sure, the technology reduces the attack surface, but many cyberthreats remain a danger to virtual desktops.

As is often the case, people are the weak link — a virtual machine operator who connects through VDI might open a malicious e-mail attachment or download something from a website that infects the operating system. Although rebooting the virtual machine automatically destroys any malware, there may be time for it to wreak havoc prior to disconnection.

The recent Zerologon vulnerability provides a striking example. If a user inadvertently infects a virtual machine with this malware, and it takes over the domain controller, then cybercriminals can remain in the company’s network even after the session is finished.

Protecting virtual machines is complicated by conventional security solutions’ unsuitability for the task—they overload the virtualization platform and eat up resources required for other work. Fortunately, some solutions are tailored for securing virtual environments.

Kaspersky Hybrid Cloud Security

Our arsenal includes a specialized solution for protecting cloud and hybrid networks: Kaspersky Hybrid Cloud Security. It provides the same level of protection against cyberthreats as our flagship solution, Kaspersky Endpoint Security for Business, without placing an unnecessary burden on the virtual infrastructure. In addition, it reliably defends against the latest malware, including ransomware, exploits, fileless attacks, e-mail and Web threats, and so forth.

We developed the solution with VDI environments in mind. It supports integration with the major VDI platforms (VMware Horizon, Citrix Virtual Apps and Desktops, Microsoft VDI), and is managed through a single console. As part of the latest update of the solution, we also changed the licensing model. Kaspersky Hybrid Cloud Security now supports migration from physical to virtual infrastructures, and it facilitates the VDI adaptation process for clients who already use our solutions. For more details about product features and licensing, please see our Kaspersky Hybrid Cloud Security page.