Today’s primary attack vectors for delivering malware in to modern environments is through browsing the web. There are lots of sophisticated and expensive proxies and monitoring solutions that produce voluminous “alerts” that try and catch all the rapidly changing and evasive techniques that hackers use but typically result in creating investigator fatigue, allowing attacks to slip through amongst all the noise.
What can be done to improve our ability to defend against browser and HTTP-based attacks?
Thankfully VERDE has a solution. We are offering a different approach, not mutually exclusive to proxies and such, but at least we provide an option to dramatically reduce the risk of infection from browsing activities, and lower the cost of this protection, by setting up secure browsing enclaves.
By creating a pool of browser instances in a virtual desktop enclave, we are able to terminate the http in a secure network and pass the page results over to the requesting user’s UI/desktop via a remote display protocol which contains no actual execution code or data, only pixels over the wire.
This architecture insulates the organization from web and HTTP-based attacks.
Another benefit of using VERDE for a secure desktop infrastructure is that VERDE is impervious to persistent malware infections in general as a result of our dynamic desktop provisioning architecture that effectively installs a pristine copy of the latest Windows or Linux image, as maintained by the administrator, each time a user logs in. Every time a user logs out, the “stateful” version of the OS is flushed from memory. The next time the user logs in, they are provisioned with from the professionally-maintained Gold Master associated to their roles and needs.
No wonder VERDE is a favorite amongst security conscious organizations.