Leveraging AI for Virtualized Desktop Infrastructures

To understand why we would want to implement an artificial intelligence (AI) solution instead of a traditional antivirus (AV) solution, we must first look at what has historically been done on Virtualized Desktop Infrastructure (VDI) images.

AV solutions are installed on the golden image of a virtual machine (VM). A golden image is a template for a VM, virtual desktop, or server that is cloned to quickly deploy additional machines to the organization’s environment.

After the initial installation, the AV solution does a full scan of the entire image to look for malware before sealing the image. This will be the final image that gets copied for deployment.


In this video, we demonstrate how to configure your CylancePROTECT® agent on your VDI.

The Problems

While this process seems straightforward, the problem lies in the general principle that traditional AV solutions are based on signatures to identify malware. The result is that whenever the signatures are updated, you need to do another full image scan. This creates a highly degraded performance and user experience due to the required CPU, RAM, and disk I/O resources.

Areas of the image that are excluded from scanning for the sake of performance can then cause a security risk. There a quite a few well-written articles on how to configure these exceptions and optimize the performance, but the fact remains that there are tradeoffs. Not putting in these exceptions requires that these scans happen during low usage change control windows.

On a rare occasion, you may come across an admin that says that having VDI is their endpoint security strategy, as opposed to traditional desktops. Please delicately ask them to consider reading this article by Brian Madden.

While having VDI can improve aspects of their security, it does not solve security challenges. It will only give them an easier way to deploy and manage new machines.

Enter CylancePROTECT

AI solves a huge number of the problems caused by traditional AV on VDI. The CylancePROTECT agent does not require security tradeoffs for performance, such as the exclusions to mitigate resource usage from updating signatures and doing scans, because it is AI-based and does not use signatures to include protection for newly introduced threats in the wild.

The CylancePROTECT agent running on the endpoint provides us with hooks into the operating system for added security capabilities like memory exploit protection. Because we’re local to each cloned image, performance is a top priority and our agent has low system impact.

We have several internal VDI ‘best practice’ documents when you are ready to deploy Cylance in your VDI environment. CylancePROTECT in particular is able to solve the duplicate device registration problem that comes from spinning images up and then spinning them down again.

Next Steps

Using CylancePROTECT is a good way to enhance and secure your VDI environment. As always, test on a few machines before deploying to the rest of your endpoints.

As next steps, you can contact Cylance sales, support, or your preferred Cylance partner to learn more about configuring CylancePROTECT for your VDI environment. 

Thank you for reading and happy deploying!