We’ve reached a point where we expect to be able to work anywhere—a practice made possible by virtual desktop infrastructure (VDI). We can now easily access everything we need, whichever device we’re on. This is great for the typical user, but it’s not so great for IT security professionals.
But why?
VDI offers users more flexibility, is simple to manage, and is cost-efficient. Accommodating many simultaneous application sessions on as few virtual server resources as possible creates significant savings.
However, all these benefits can be overshadowed by an incompatibility with signature-based antivirus, making the solution ineffective and unable to detect the numerous and evolving types of malware at the endpoint.
Traditional antivirus software recognizes known (bad) files based on their external characteristics (‘file hashes’). Given the quantity of “bad” files found over the years, any antivirus relies on an enormous database that lists both bad and reliable files.
Naturally, such a database is only valuable if it remains up to date—and therein lies the problem.
Every time a new VDI session starts, the database becomes obsolete and should be updated. Typically, while this happens, the user can’t do anything else, wasting time and resources.
When the (non-persistent) VDI session is closed at the end of the day, the updated antivirus base is discarded again. Of course, this process repeats the next day, for each session, every day.
Though it may only be half a minute wasted per session, that time adds to a huge resource waste and frustration.
Naturally, this level of inconvenience leads people to cut corners. CISOs regularly reduce the security measures on their VDI servers to avoid going way over budget by buying extra server capacity, enabling users to get on with their work simply.
But it’s not just the ‘nice to have’ security features that are being dropped, either.
People are knowingly lowering their organisation’s level of protection because these updates are so problematic, giving attackers an easier route.
Some people even turn off all antivirus protection, which is high-risk. Others buy more server capacity, a high-cost option that undermines VDI’s cost-saving benefits.
Neither is a good option.
Traditional antivirus fails to protect from unknown threats. What good is a solution that tracks only known threats when so many attacks come from unknown sources?
You naturally have to question the benefit of keeping a database of “bad” files, when most attacks are file-less!
So today, there has been a rapid shift towards Endpoint Protection Platforms (EPP) - a solution to cope with the ‘next generation’ of endpoint security threats - and the new ways we use and access information systems.
Endpoint security solutions don’t require a database, so they’re always up-to-date.
So there’s no need to sit impatiently drumming your fingers while updates load at the start of each VDI session. Instead, you can bask in the glow of:
It’s a win-win for users and CISOs alike, with no need to compromise.
SentinelOne’s Endpoint Protection Platform (EPP) provides organisations with real-time, unified endpoint protection, unifying prevention, detection, and response on one platform.
SentinelOne EPP leverages advanced machine learning and intelligent automation to prevent and detect attacks across all major vectors, with rapid elimination of threats, fully automated policy-driven response, and complete visibility into the endpoint with real-time forensics.
The independent antivirus research institute (AV-TEST) has awarded SentinelOne EPP the Approved Corporate Endpoint Protection certification for both Windows and OS X, which validates its effectiveness for detecting both advanced malware and blocking known threats - the only next-generation endpoint protection vendor to obtain this certification on both platforms.