Virtual Desktop Infrastructure
Mobilizing security for VDI deployments
Organizations and agencies large and small are turning to virtual desktop infrastructure (VDI) to solve one of the most pressing concerns challenging an increasingly mobile, multi-device business environment: security. By housing sensitive information in a data center, rather than on a device that can be stolen or easily compromised, IT security can safely guard the organizational crown jewels.
Security and compliance requirements can slow down the adoption of a virtual desktop infrastructure. A lack of understanding of the requirements for business continuity, integrity, and data protection in a virtualized data center may result in a partial or a complete failure of the virtual desktop deployment or migration project. While the leading virtual desktop products are robust and reliable, they alone cannot resolve all potential desktop security issues. This is where Catbird vSecurity can help. vSecurity adds multi-function, orchestrated network security to VDI environments, supporting compliance enforcement in regulated data centers deploying virtualized desktops. vSecurity is an integral part of VMware’s Reference Architecture for Secure VDI.
Catbird vSecurity performs essential security checks required for secure VDI approval, including:
- Vulnerability scanning and monitoring on the virtual network
- Enforcement of network segmentation
- Enforcement of security isolation between zones
- Assignment of VDI security policy per zone
- Supporting multiple compartments co-resident at the same security level
In addition, Catbird vSecurity provides essential compliance templates for VDI, including HIPAA, SOX, FISMA, PCI, DIACAP, and COBIT. Every mandate contains different sets of technical controls.
In-depth controls for VDI provided by vSecurity include the following:
- Inter-network segmentation
- Intra-network and inter-VM segmentation
- Layer 2/3/4 controls
- Application layers (5-7) controls
- Deep packet controls for most applications
- Botnet command and control server (C&C) controls
- Malware site controls
- Anti-phishing/anti-pharming controls
- Integration with VM configuration
- Zone-based policy controls
- Network change control process
- Block metasploit attack
- Automated workflow
Catbird offers an integrated compliance dashboard that provides security templates allowing for real-time monitoring of the certification process on VDI designs. For example, the Department of Defense Information Assurance Certification and Accreditation Process (DIACAP) requires that risk management is applied on information systems. With the compliance dashboard, VDI customers can analyze and visualize multiple aspects of DIACAP compliance, including boundary defense, remote access for privileged functions, remote access for user functions, access for computing facilities, amongst others.