VDI Growth Brings Need for Endpoint Protection for Virtualization

"Our existing customer base and every customer we talk to is doing some sort of virtualization," says Piero DePaoli, director of Product Marketing for Endpoint, Messaging & Web Security at Symantec. "They don't want to buy another security solution to do that. But a security solution that is not optimized for virtualization can end up backfiring because it can dramatically affect performance."

"As a Symantec technology partner, one of the trends that continues to persist among our customers is the growing adoption of virtualization technology," adds Feris Rifai, founder and CEO of Bay Dynamics, an information security and risk management firm with strong OEM ties to Symantec. "Virtual servers and desktops are becoming more than just a novelty, they are changing the way businesses function. With a vast amount of benefits-including cost-savings and greater efficiency&#8212more and more businesses are increasing their investment in virtualization deployments."

VDI Market Growing?

It may be growing, but VDI remains an immature segment of the overall virtualization market, says Jon Olstik, senior principal analyst with Enterprise Strategy Group (ESG). So what's behind the interest in supporting it? Symantec, after all, is actually a late-mover among its competitors: Trend Micro has OfficeScan with a plug-in along with Deep Security Agentless Protection; McAfee offers McAfee Management for Optimized Virtual Environments (MOVE); and Kapersky has Kapersky Security for Virtualization.

"It's important for a couple of reasons," Olstik says. "The competition is going that way and you don't want to be the one vendor that's asking to continue to put an agent on every virtual machine. And we do see people starting to require this technology. They want to maximize and tune the performance for their applications. It's a better architecture for virtualization."

"While [the desktop virtualization market] is not real mature, what is true is that large organizations are finding a niche where it makes a lot of sense," Olstik adds. "People who carry around laptops, power users, those people aren't virtualized and probably never will be. But for people who are tethered to a desktop, it makes sense. That has a lot of momentum."

Mixed Environments Create Security Headaches

Mixed environments-with large numbers of physical machines and some portion of virtualized desktops (or even point-of-sale and similar devices)-are making management of security in these organizations a serious headache.

"Virtualization presents a particular challenge as businesses are looking to secure both physical and virtual environments simultaneously; previously, this would require organizations to implement and manage a slew of point products to address their security needs," Rifai says.

And those products could take a drastic toll on performance in virtual environments. Two issues affect performance in virtual environments: resource contention and disk I/O. For instance, imagine six virtual machines running on the same piece of hardware, each running a security scan-often of the same files. At the same time, you can't ignore security on virtual desktops. Virtual machines have the same security issues as physical machines. Both kinds need antivirus protection and more advanced protections, like host and network intrusion prevention systems (IPS).

As a result, even large, sophisticated organizations that have implemented desktop virtualization in portions of their business have been slow to adopt virtual security controls, preferring to manage virtual desktops as they do their physical machines, Olstik says.

"They really have stuck to physical controls," Olstik says. "But I think that era is coming to an end because of the density of virtual servers and virtual desktops."

The various virtualization-optimized endpoint protection solutions seek to resolve those problems. For instance, SEP implements one feature called Shared Insight Cache, which is essentially file scan deduplication that checks each file to be scanned against a scan cache. That way, SEP only scans a file once, drastically reducing the total number of files scanned.

"By integrating with vShield Endpoint, Symantec Endpoint Protection 12 offloads antivirus and anti-malware agent processing to a dedicated secure virtual appliance which streamlines deployment and monitoring in VMware environments," explains Michael Marfise, director of Product Management for Symantec Endpoint Protection. "Bottom line: Symantec improves your consolidation ratios."

The upgrade, immediately available to all existing customers free of charge, integrates SEP 12 with VMware vShield Endpoint.

Symantec says it has also made improvements to its SONAR behavioral engine-increasing the number of behaviors monitored for out-of-the-ordinary activity from 400 to nearly 1,400-to improve protection against zero-day threats. Additionally, Symantec has added new management capabilities that allow IT administrators to automatically remove existing security software and then use client wizards to seamlessly deploy SEP. Symantec has also added platform support for Windows 8, Windows Server 2012 and OS X Mountain Lion.

Thor Olavsrud covers IT Security, Big Data, Open Source, Microsoft Tools and Servers for CIO.com. Follow Thor on Twitter @ThorOlavsrud. Follow everything from CIO.com on Twitter @CIOonline and on Facebook. Email Thor at tolavsrud@cio.com

Read more about security in CIO's Security Drilldown.

Join the CSO newsletter!

Error: Please check your email address.

Tags securitydesktop virtualizationIT administratorEndpoint ProtectionTechnology TopicsendpointVDITechnology Topics | Securityvirtualizationmcafeesymantec

More about CacheFacebookIPSIT SecurityKaperskyMcAfee AustraliaMicrosoftSymantecTrend Micro AustraliaVMware AustraliaWeb Security

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Thor Olavsrud

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place