by: Jacob Perry

ESP secures your VDI (Virtual Desktop Infrastructure)

The case for Improving Security for Remote Workers

There is an influx of work from home employees due to Covid-19 and some organizations have decided it to be more cost-effective to work 100% from home moving forward. Working from home increases exposure to cyber risks. Two common solutions being leveraged are Remote Desktop Services (RDS) and Virtual Desktop Infrastructure (VDI). These solutions come with several advantages, like how you're able to access your work remotely from anywhere or how sensitive company data is protected from physical theft, however with this added mobility and access come drawbacks.

One piece of this puzzle is security and how policies are implemented. Without accurate reporting software or if you are unable to see what the network configuration is in real-time, then making important security decisions about how to protect your network is severely impaired. Even though we're changing the way we work, what does not change is the need to be secure as well as being able to monitor our security posture. This is where Elemental Cyber Security fills the gap. At Elemental we work tirelessly to combine several key security and compliance features for a well thought out enterprise cybersecurity software platform.

Even though where and how we work have changed, what we work on has not and how we secure our endpoints hasn't either. A computer whether as a virtual instance or hardware, is still a computer that needs to have security policies deployed to it and be managed by a security expert. You will still need firewalls both physical and virtual and you will still need to manage the implementation of your security policies and be able to prove compliance of those policies to auditors or stakeholders.

Figure-1: Dynamic Security Groups mapping your VDI pools to deploy consisently a pre-defined security policy

Elemental Security Platform ties each of these needs together under one powerful tool. When utilizing the Elemental Security Platform (ESP) you can actively check on the security policies of your entire virtual network, a specific dynamic security group, or an individual virtual desktop machine. With ESP's live update system, you will receive security posture updates from every agented virtual machine on the network as well as gain visibility into all other machines communicating over the network. This functionality leads to increased visibility that allows you to find rogue outlier machines and cut them off from possibly propagating malicious software across your virtual desktop instances by severing their contact with any other dynamically managed security group. When you leverage custom defined dynamic security groups you can stop lateral movement of malware from one virtual desktop instance (or group) to another or you can isolate a VDI pool that might have fallen below your predefined policy compliance threshold. That means that when their security posture has been compromised their communication with other instances gets automatically disabled.

Figure-2: Control access among VDI pools, VDI instances or other ESP Security Groups centrally throughout the organization

Create and deploy custom policies using automated CIS controls to harden your virtual desktops. This ensures the policies you have developed with active directory or a GRC tool are being implemented correctly and paired with the live updates ESP provides.

When scaling up or building a Virtual Desktop Infrastructure (VDI) security issues might arise. By building out this capability for your employees to work from home you are in turn opening their access to the data center or servers that previously they were fire-walled off from. This creates a need for a new more secure level of network segmentation. As many companies before might have managed a single firewall filtering traffic from outside into the network, now you are allowing connections to the very heart of the network where there no longer exists a network perimeter. To mitigate this issue, you will need host-based logical segmentation that blacklists all non-essential communication or whitelists only what is necessary. This logical segmentation would need to be meticulously managed for every instance added to the network.

Figure-3: Implement Adaptive Micro-Segmentation - write policy once, enforce everywhere!

Elemental solves this issue by automatically adding each agented machine to a dynamically managed group and deploying packet filtering rules that will either allow or disallow traffic with other virtual desktop groups. This enables appropriate virtual desktop pools to be isolated (segmented) from the more vulnerable areas of the network. Not only can these rules be monitored for adherence, but the Elemental Security Platform (ESP) system will also notify you when any part of your security policy falls out of compliance. However, this notification is more of a courtesy call since ESP has already taken action to segment a non-compliant instance into a quarantine group based on a threshold of acceptable risk you have predefined. We are bringing security to life 24/7/365!

Benefits to using Elemental's ESP in your VDI enviroment:

• - ESP continuously measures and reports on the security posture of the entire VDI environment;
• - ESP actively manages and enforces security of all VDI instances across the network following your baseline security policy;
• - Elemental goes beyond traditional firewalls to bring you a more secure VDI environment by allowing you to micro-segment VDI pools potentially blocking ongoing attacks.

In conclusion, Elemental Cyber Security is going beyond traditional network segmentation to provide invaluable active security expertise in the realm of compliance and threat mitigation to Virtual Desktop Infrastructure deployments. Elemental is changing the way cybersecurity is done towards a better and more secure workplace for all.