VDI for Information Security

By   ISBuzz Team
Writer , Information Security Buzz | Sep 11, 2014 05:04 pm PST

With enterprises around the world adopting Bring Your Own Device (BYOD) initiatives, mobile security is becoming increasingly important. IT and management teams are working hard to understand and address the different methodologies and technologies available both for security and device management purposes on iOS and Android.

FREE Download: CISO Data Breach Guide

One such security solution is the Virtual Desktop Infrastructure (VDI). VDI creates a setup where devices act as a remote workstation unit, thus preventing data from being stored locally on an endpoint device. This arrangement enhances a user’s security against data theft.

At Lacoon Mobile Security, we’ve been investigating VDI threats for some time. It was the subject of Lacoon’s presentation at Blackhat in Las Vegas and the topic of discussion in a recent podcast. In these research efforts, we looked into both the potential threats and the methods of mitigation when employing any and all VDI solutions. We also considered different attack vectors that malicious actors could use to bypass VDI solutions to steal sensitive corporate information.

Threats Against VDI Solutions

There are two main categories of threats that endanger an enterprise that is using VDI:

MRATs – Mobile Remote Access Trojans. MRATs are mobile surveillance software installed on a device that become privy to all mobile-based data and communications. They also have the capability to manipulate various resources on the device. MRATs come in many different shapes and sizes; they vary according to intelligence, resilience and chosen vector of attack.
Man-in-the-Middle (MitM) – Attacks that target unsecure communications between two devices or a device and a server. The MitM threat has always been a concern for mobile devices that are not on trusted networks.

Combating Threats to VDI

On the one hand, VDI can help protect against data theft. On the other hand, VDI solutions cannot prevent advanced persistent threats. So what should enterprises do?

I recommend the following:

– Examine all the threat vectors that malicious actors could use to exploit employee mobile devices in order to ensure that nothing goes undetected.

– Accurately classify low level threats (that have no implication on corporate assets) and more targeted advanced threats to enable appropriate responses and effective risk mitigation.

– Provide proactive threat remediation as part of a Risk Based Mobile Management (RBMM) approach.


At the end of the day, the point is to recognize that VDI depends on the integrity of the host system. This means that as long as the device is uncompromised, the solution protects the data. On the flip side, in order to undermine the security of a VDI solution, it is enough for an actor to target the device itself. Clearly, with BYOD becoming an integral part of the workplace, enterprises need to take a layered approach to mobile security.

For a more in-depth look into VDI, as well as for some insights on how you can integrate VDI solutions into a comprehensive mobile security strategy, I recommend reading the full whitepaper at Lacoon.com.

By Yonni Shelmerdine, Mobile Security Trends Analyst, Lacoon

Yonni_LacoonYonni is the lead Mobile Security Trends Analyst at Lacoon. Yonni brings five years of experience in Datacom & GSM network security analysis from an elite unit in Israel’s Intelligence Corps. Yonni heads the analysis of mobile attack trends where he researches new attack vectors and identifies major mobile malware attack patterns. Juggling university, work and football isn’t easy, but Yonni is a master of multi-tasking.

Notify of
0 Expert Comments
Inline Feedbacks
View all comments

Recent Posts

Would love your thoughts, please comment.x