by Thor Olavsrud

VDI Growth Brings Need for Endpoint Protection for Virtualization

Dec 03, 20125 mins
Data and Information SecurityDesktop VirtualizationMalware

Aiming to help IT administrators manage security for physical and virtual desktops from a single pane of glass, Symantec joins the ranks of enterprise security providers optimizing their endpoint security offerings for virtual desktop infrastructure (VDI).

With an eye toward the growing market for virtual desktop infrastructure (VDI), Symantec this week released Symantec Endpoint Protection (SEP) 12.1, a free upgrade that’s designed to optimize the enterprise security package for VMware vShield virtual environments and enables seamless, single-pane-of-glass management of physical and virtual desktops.

“Our existing customer base and every customer we talk to is doing some sort of virtualization,” says Piero DePaoli, director of Product Marketing for Endpoint, Messaging & Web Security at Symantec. “They don’t want to buy another security solution to do that. But a security solution that is not optimized for virtualization can end up backfiring because it can dramatically affect performance.”

“As a Symantec technology partner, one of the trends that continues to persist among our customers is the growing adoption of virtualization technology,” adds Feris Rifai, founder and CEO of Bay Dynamics, an information security and risk management firm with strong OEM ties to Symantec. “Virtual servers and desktops are becoming more than just a novelty, they are changing the way businesses function. With a vast amount of benefits—including cost-savings and greater efficiency—more and more businesses are increasing their investment in virtualization deployments.”

VDI Market Growing?

It may be growing, but VDI remains an immature segment of the overall virtualization market, says Jon Olstik, senior principal analyst with Enterprise Strategy Group (ESG). So what’s behind the interest in supporting it? Symantec, after all, is actually a late-mover among its competitors: Trend Micro has OfficeScan with a plug-in along with Deep Security Agentless Protection; McAfee offers McAfee Management for Optimized Virtual Environments (MOVE); and Kapersky has Kapersky Security for Virtualization.

“It’s important for a couple of reasons,” Olstik says. “The competition is going that way and you don’t want to be the one vendor that’s asking to continue to put an agent on every virtual machine. And we do see people starting to require this technology. They want to maximize and tune the performance for their applications. It’s a better architecture for virtualization.”

“While [the desktop virtualization market] is not real mature, what is true is that large organizations are finding a niche where it makes a lot of sense,” Olstik adds. “People who carry around laptops, power users, those people aren’t virtualized and probably never will be. But for people who are tethered to a desktop, it makes sense. That has a lot of momentum.”

Mixed Environments Create Security Headaches

Mixed environments—with large numbers of physical machines and some portion of virtualized desktops (or even point-of-sale and similar devices)—are making management of security in these organizations a serious headache.

“Virtualization presents a particular challenge as businesses are looking to secure both physical and virtual environments simultaneously; previously, this would require organizations to implement and manage a slew of point products to address their security needs,” Rifai says.

And those products could take a drastic toll on performance in virtual environments. Two issues affect performance in virtual environments: resource contention and disk I/O. For instance, imagine six virtual machines running on the same piece of hardware, each running a security scan—often of the same files. At the same time, you can’t ignore security on virtual desktops. Virtual machines have the same security issues as physical machines. Both kinds need antivirus protection and more advanced protections, like host and network intrusion prevention systems (IPS).

As a result, even large, sophisticated organizations that have implemented desktop virtualization in portions of their business have been slow to adopt virtual security controls, preferring to manage virtual desktops as they do their physical machines, Olstik says.

“They really have stuck to physical controls,” Olstik says. “But I think that era is coming to an end because of the density of virtual servers and virtual desktops.”

The various virtualization-optimized endpoint protection solutions seek to resolve those problems. For instance, SEP implements one feature called Shared Insight Cache, which is essentially file scan deduplication that checks each file to be scanned against a scan cache. That way, SEP only scans a file once, drastically reducing the total number of files scanned.

“By integrating with vShield Endpoint, Symantec Endpoint Protection 12 offloads antivirus and anti-malware agent processing to a dedicated secure virtual appliance which streamlines deployment and monitoring in VMware environments,” explains Michael Marfise, director of Product Management for Symantec Endpoint Protection. “Bottom line: Symantec improves your consolidation ratios.”

The upgrade, immediately available to all existing customers free of charge, integrates SEP 12 with VMware vShield Endpoint.

Symantec says it has also made improvements to its SONAR behavioral engine—increasing the number of behaviors monitored for out-of-the-ordinary activity from 400 to nearly 1,400—to improve protection against zero-day threats. Additionally, Symantec has added new management capabilities that allow IT administrators to automatically remove existing security software and then use client wizards to seamlessly deploy SEP. Symantec has also added platform support for Windows 8, Windows Server 2012 and OS X Mountain Lion.

Thor Olavsrud covers IT Security, Big Data, Open Source, Microsoft Tools and Servers for Follow Thor on Twitter @ThorOlavsrud. Follow everything from on Twitter @CIOonline and on Facebook. Email Thor at