Securing Virtual Desktop Infrastructure (VDI)

By Migo Kedem -

The SentinelOne agent is an efficient solution to secure the growing demand for agent virtualization, including thin clients, layered apps, and other VDI scenarios. It does not require updates and is not dependent on signatures or other legacy antivirus features.

The SentinelOne offering for VDI includes all protection engines and functionality, the same as we support for physical devices, without exceptions.

VDI has been trending in IT for several years for a number of reasons: it reduces IT costs especially for companies who have lots of mobile workers or seasonal waves of new employees and it allows users to connect using any device. The term VDI is often used to refer to any desktop virtualization implementation, but it has evolved to include desktop as a service (DaaS) and terminal services – essentially any means to enable customers to streamline management and costs by consolidating, centralizing, and delivering end-user desktop mobility.


Several vendors offer VDI solutions today, some with a pay-as-you-go approach. It resonates well with the need for reducing costs of deployment and creating networks. In this market, you can see a growing interest of giant vendors offering DaaS (Microsoft Azure, Amazon WorkSpace), while still supporting more traditional approaches of on-premises VDI (where the main players are Citrix with its XenDesktop/XenApp products and VMware with its HorizonView view line of products).

The Need for Securing VDI

Although some would claim VDI is a more secure option, mainly because one can deprecate the VDI instances once done, security for such sessions is clearly needed. Your company is only as strong as its weakest link – and VDI deployments tend to be weak links for many reasons:

  • Patching cycles requires updating the golden image and are therefore not rapid.
  • VDI implementations commonly try to consume as little resources as possible, so administrators try to have as little protection as possible.
  • Users are less aware of security implications when running on VDI sessions.

About SentinelOne VDI support

SentinelOne is pleased to announced the availability of VDI support starting 1.8.4.3704. The main VDI approaches supported by the SentinelOne agent include:

  • Desktop virtualization:  Host a desktop operating system in a VM on a centralized server. Examples of enterprise application virtualization software include Citrix XenDesktop, Microsoft App-V, VMware Horizon, and Systancia AppliDis.
  • Terminal Services:  A server-based computing and presentation virtualization component to access applications and data on a remote computer over a network. Examples include  Microsoft Windows RDP and Citrix XenApp.
  • Desktop as a Service:  Remote desktop virtualization from SaaS Cloud computing. Examples of enterprise Desktop as a Service are VMware’s Horizon DaaS, Amazon’s WorkSpaces.

Key Benefits

1. Stronger security

  • Full spectrum security coverage with reputation engine, local analysis for file-based malware, deep inspection for document based malware, scripts/PowerShell, memory based attacks, and weaponized documents
  • Detect, Prevent, and Response capabilities in one agent/one console architecture
  • Cyber warranty against ransomware attacks

2. Better scalability

The SentinelOne agent uses predictive technologies. You don’t need daily or weekly signature updates followed by a full disk scan.  By reducing the disk IO overhead, we help organizations get more VM density on their virtual infrastructure.

3. Ease of manageability

  • Full visibility of benign and malicious activities
  • Automatically decommission VDI instances that are no longer in use
  • Support persistent and nonpersistent VDI use cases
  • Managed by SaaS console or On-Prem
  • Concurrent license model to save on your security coverage costs

More information on the SentinelOne VDI support, can be found here.