If you’re running a virtualized desktop infrastructure (VDI) environment on VMware Horizon, you’re probably a security-conscious organization.
After all, Horizon’s VDI solution helps to protect your data, prevents unauthorized access to applications and manages your software patches and upgrades more effectively. Even with all that, however, your VDI environment is still susceptible to ransomware—arguably the most dangerous form of malware for most organizations today.
Although the number of ransomware attacks rose slightly in 2015, last year it rose to ridiculous heights. The number of recorded ransomware attacks worldwide went from 3.8 million to 638 million.* That’s not a typo and I didn’t forget a decimal point; there were approximately 175X more ransomware attacks in 2016 than the previous year. And experts expect that number to more than double again this year. In other words, we all have a ransomware problem, and it’s getting worse.
While the global cybercriminal community has quickly learned how to make a small fortune from ransomware, we as individuals and employees still haven’t learned how not to click on phishing emails or bogus websites that download malware onto our devices. And that’s a problem whether your “device” is a physical laptop or a virtual desktop.
Let’s consider for a moment a typical ransomware attack:
- A desktop user (or, increasingly, a mobile device user) unwittingly clicks on an email or website containing a ransomware attachment.
- The ransomware is downloaded to the physical or virtual hard drive and (often within minutes) contacts a remote command and control (C&C) server to receive a special encryption key.
- The ransomware begins encrypting local data using the special key, in many cases spreading laterally to other devices or servers.
- Once the ransomware completes encryption, it displays a message to the user with instructions on how to pay the ransom (typically via bitcoin).
The risk of ransomware is potentially more devastating in a VDI environment, because a single ransomware infection can quickly move laterally through your network layer to reach your servers. So how do you stop ransomware attacks? You don’t. You stop ransomware from getting to the next step. And the best way to do that is through network microsegmentation.
You can think of microsegmentation as dividing your network into thousands of secure compartments, each protected by its own virtual firewall. If a ransomware attack breaks the network, the virtual firewalls prevent it from spreading further, in effect smothering the ransomware attack before it can catch fire.
VMware Horizon users have a powerful ally in the fight against ransomware: VMware NSX for Horizon. NSX is a network virtualization solution that also provides microsegmentation for virtualized environments. Unlike traditional firewalls, which are cost- and time-intensive to set up and maintain, NSX can create dynamic, virtual firewalls instantly as new virtual desktops are created. NSX security policies follow virtual machines and applications automatically as they move to different servers, creating a honeycombed network.
With NSX, it’s simple to create a single security policy (or group of policies) that can be instantly applied to thousands of virtual desktops in your network. For example, if you want to equip every new virtual desktop with the same security policies, you just need to write the policy once in NSX.
You don’t need to virtualize your network to get the security benefits of NSX and, if you’re already running Horizon or vSphere, you don’t need to do anything different from a management perspective because NSX integrates seamlessly with the way you’re already managing your data center. Installing NSX is also easy, if you know the right people.
At Rolta AdvizeX, we’re one of the world’s elite NSX services companies. Most service organizations have only done a handful of NSX implementations. We’ve done so many NSX implementations that VMware subcontracts out to us for their customers. So, if you’re serious about X’ing out ransomware risks in your virtual environment, start with NSX and Rolta AdvizeX. ▪
* Forbes.com, “2016 Saw an Insane Rise in the Number of Ransomware Attacks.”