Securing the Virtual Desktop; Breaking into Virtual Worlds

Officials from Citrix Systems, Inc. recently announced an access gateway appliance designed to improve desktop security. In other news, Perimeter eSecurity announced its intent to acquire Edgeos, Inc. to improve its compliance capabilities. In addition, reports of malware are occurring showing it is moving into virtual worlds, where hackers can exploit the community to steal information.

Focal Points:

• Citrix recently announced Version 8.1 of its Access Gateway appliance. This appliance now works with Citrix XenDesktop, and gives IT departments the ability to create virtual desktops, where the system is kept in the data center. The applications and images are sent to the desktop from a central, controlled location. This offering is part of a larger Citrix Delivery Center, which is designed to create a virtual desktop infrastructure. Desktop streaming can either be done to PCs at a main office or to remote locations and branch offices. Officials said Deliver Center should be available in the second half of 2008. XenDesktop is available now. The Access Gateway increases security by allowing administrators to have tight control over what can be done on the desktop system. Starting cost for the Access Gateway is $3500.
• Officials from Perimeter eSecurity said that they were going to purchase Edgeos, Inc. Edgeos provides on-demand vulnerability scanning and PCI compliance services. The company has downloadable software as a service (SaaS) modules, which automate compliance scanning based on the most up-to-date PCI standards and US Federal regulations. Officials said this would help enable carriers, VARs, and other partners to better provide security services in a SaaS model. Perimeter eSecurity has fully integrated the Edgeos managed vulnerability service into its Vulnerability Management Solution Suite. This suite includes desktop and server anti-virus, configuration and patch management, as well as network and CPE-based security services.
• Reports from Panda Security have shown that virtual assets are consistently stolen in the gaming industry, as cyber crooks successfully exploit various gamers. With the increasing involvement of more people in virtual gaming, and environment has been created where people are willing to go to extreme lengths to "succeed" in these virtual environments, including purchasing virtual assets. Hackers take advantage of these positions to get personal information from gamers, which is then used to steal real assets. 

Experton Group believes security managers will need to increase their emphasis on securing virtual environments. While much of the focus today on virtualization is server consolidation, virtualization is occurring on all areas of IT, from virtual desktops to servers and storage, virtual networking, and even virtual gaming and identities. These environments will require new strategies for threat identification and isolation, as well as methods for tracking employee behavior. IT executives should understand the details of all these virtualization areas and what new security threats they may present.