Virtualization Technology News and Information
Hysolate 2020 Predictions: Virtualization Advancements Truly Protect Enterprise Endpoints in 2020

VMblog Predictions 2020 

Industry executives and experts share their predictions for 2020.  Read them in this 12th annual series exclusive.

By Tal Zamir, founder and CTO, Hysolate

Virtualization Advancements Truly Protect Enterprise Endpoints in 2020

Endpoints are a favorite target for cyberattackers. They're also the Achilles heel of any enterprise's security strategy. As we head into 2020, that's not going to change. As studies show, endpoint vulnerabilities are only getting worse as attackers get more sophisticated and employees unwittingly expose their devices to risk.

Here's what enterprises will be doing in 2020 to minimize the impact of these attacks and keep sensitive corporate and customer information safe:

  • Growth of OS-level sandboxing: Even though the security industry keeps investing in securing operating systems, OS vulnerabilities/breaches will continue to be as strong as they ever were. This includes critical OS and application vulnerabilities across Windows, Linux, macOS and mobile operating systems like iOS and Android. As a result of the OS no longer being a barrier for cyberattackers, the industry will move towards a stronger adoption of VM-based isolation solutions as opposed to container/kernel namespace isolation.

The isolation-by-virtualization trend will evolve from browser (e.g., Fire Glass) and application-level sandboxing (e.g., Bromium) to OS-level sandboxing in which the entire OS on the user's device is isolated. This is because both browser and application approaches only focus on stopping malware from infiltrating endpoints via the particular browser or applications that the IT team isolates. They leave other vectors completely exposed.

For example, cyber criminals can easily trick users into downloading and running malware from email. In fact, some studies show that 92% of malware is delivered this way. Attackers can also target the end-users' OS directly, external hardware like USBs, and applications and browsers that aren't covered by the pinpointed solution. 

These kinds of attacks can't do much damage with OS isolation. CISOs and IT leaders will increasingly use this isolation approach to split each end-user's device into multiple, fully separate virtual operating systems, where one VM is locked down and used only for privileged access or sensitive information, and another VM is open for internet and email. Any malware that gets into the open VM will not be able to penetrate the sensitive VM or even see that it exists.

  • Software-defined expansion: The software-defined-X revolution will move from virtualizing compute, storage and networking into endpoints. Applying the same virtualization principles locally on endpoints will create software-defined endpoints: the next generation of endpoints that provides enterprises with superior flexibility and complements what they achieved on the data center and the cloud. This will dramatically improve security, productivity, agility and privacy on user devices. 
  • More virtual desktop use cases: Organizations will further embrace virtual desktops to enable access to Windows legacy apps and to secure enterprise access, either by using desktops in the cloud (via DaaS), on-premise (via hosted VDI) or locally on the device (via software-defined endpoints).

As Windows 7 approaches end of life with Microsoft stopping support in January 2020, enterprises will use OS isolation to continue running applications in Windows 7.  The Windows 7 VM will likely be locked-down, network-wise, so that it can only access the enterprise's legacy apps/servers. It would not have full Internet access, where most malware originates. Alongside the Windows 7 VM, enterprises will also run a Windows 10 VM that can be unlocked, enabling end-users to access the resources they need to do their jobs.


About the Author

Tal Zamir, Founder, CTO, Hysolate

Tal Zamir 

Tal is a 20-year software industry leader with a track record of solving urgent business challenges by reimagining how technology works. An entrepreneur at heart, he has pioneered multiple breakthrough cybersecurity and virtualization products. Before founding Hysolate, Tal incubated next-gen end-user computing products in the CTO office at VMware. Earlier, he was part of the leadership team at Wanova, a desktop virtualization startup acquired by VMware. Tal began his career in an elite IDF technology unit, leading mission-critical cybersecurity projects that won the prestigious Israeli Defense Award. He holds multiple US patents as well as an M.Sc. degree in Computer Science, and the honor of valedictorian, from the Technion.
Published Thursday, November 07, 2019 7:44 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<November 2019>