Extending Traditional Security to VDI: Are Your ... - Trend Micro

Security Risks of Extending Traditional SecurityOne of the core benefits of implementing VDI is the ability to quickly generatea virtual desktop image instead of installing each instance from scratch. If ITdepartments simply extend traditional security to virtual desktops, duplicateimages will inevitably update their security software or initiate full systemscans at the same time, leading to a bandwidth problem known as “resourcecontention” or a “security storm.”Common but improper work-arounds include randomizing or disabling antivirusscanning and updating. When IT administrators disable security functions atthis level, they are, in effect, entrusting desktop security to network firewallsand intrusion detection systems (IDSs).“With VDI, numerous desktops sharethe host’s hardware resources, often ata ratio of 60 to 1 or higher.”— Trend Micro,“Securing YourVirtual DesktopInfrastructure”In such a situation, the unprecedented speed by which cybercriminals createmalware—3.5 new threats every second—render virtual desktops vulnerable toattacks.Unlike virtualized servers, virtual desktops comprise a broader attack surfacebecause each instance is a potential entry point. User behaviors such asindiscriminately downloading programs and documents, surfing the Web, andclicking links do not help. Without protection for even a small amount of time,VM images can inadvertently introduce threats to corporate networks.Zero-Day Exploits and the “Zero-Day Effect”Zero-day exploits are deployed in the wild by cybercriminals or used in targetedattacks to exploit unpatched or unknown software vulnerabilities. Resourcecontention work-arounds that turn off protection or delay security force ITadministrators to effectively face the same zero-day risks even if patches arealready available and despite deploying security products.Widely used applications from Microsoft, Adobe, and even Apple have all beenfound to carry software vulnerabilities that are crucial to cybercrime attacksbecause these allow automatic command execution. 4Customized Highly Targeted AttacksAdvanced persistent threats (APTs) target companies and organizations inorder to steal confidential information. These campaigns frequently begin withsocial engineering attacks as mundane as sending out customized emails withexploit attachments.After monitoring APTs for one month, Trend Micro found that the mostexploited Microsoft Office software was Microsoft Word (see Figure 2). 5Furthermore, both relatively new (e.g., CVE-2012-0158) 6 and old (e.g.,CVE-2010-3333) 7 vulnerabilities have been leveraged.Figure 2. Most exploited Microsoftsoftware by targeted attacks in April 2012Exploits for vulnerabilities in Adobe Acrobat Reader and Flash Player have alsobeen used in various APT campaigns such as LURID, 8 SYKIPOT, 9 and IXESHE. 104 http://blog.trendmicro.com/2011-in-review-exploits-and-vulnerabilities/5 http://blog.trendmicro.com/snapshot-of-exploit-documents-for-april-2012/6 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-01587 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-33338 http://blog.trendmicro.com/trend-micro-exposes-lurid-apt/9 http://blog.trendmicro.com/the-sykipot-campaign/10 http://blog.trendmicro.com/taking-a-bite-out-of-ixeshe/EXTENDING TRADITIONAL SECURITY TO VDI 2

TREND MICROTrend Micro Incorporated (TYO: 4704; TSE: 4704), a global cloudsecurity leader, creates a world safe for exchanging digital informationwith its Internet content security and threat management solutions forbusinesses and consumers. A pioneer in server security with over20 years’ experience, we deliver top-ranked client, server and cloudbasedsecurity that fits our customers’ and partners’ needs, stopsnew threats faster, and protects data in physical, virtualized andcloud environments. Powered by the industry-leading Trend MicroSmart Protection Network cloud computing security infrastructure,our products and services stop threats where they emerge—from theInternet. They are supported by 1,000+ threat intelligence expertsaround the globe.TRENDLABS SMTrendLabs is a multinational research, development, and supportcenter with an extensive regional presence committed to 24 x 7 threatsurveillance, attack prevention, and timely and seamless solutionsdelivery. With more than 1,000 threat experts and support engineersdeployed round-the-clock in labs located around the globe, TrendLabsenables Trend Micro to continuously monitor the threat landscapeacross the globe; deliver real-time data to detect, to preempt, and toeliminate threats; research on and analyze technologies to combat newthreats; respond in real time to targeted threats; and help customersworldwide minimize damage, reduce costs, and ensure businesscontinuity.©2012 by Trend Micro, Incorporated. All rights reserved. Trend Micro and the Trend Micro t-balllogo are trademarks or registered trademarks of Trend Micro, Incorporated. All other productor company names may be trademarks or registered trademarks of their owners.