Battlefield DaaS : vDesktops for Cyber Defense
Session Details
Session Abstract
In this talk we discuss the use of the non-persistent desktop virtualization model for cyber defense purposes, drawing on my experiences working with the US Federal Government and my partners in the Defense sector, SAIC and the Isreali Cyber Defense Institute.
The idea of using a 'disposable' cloud desktop for cyber defense was first floated back in early 2010 within the National Nuclear Security Administration, as a series of discussions between CyberSec teams at Los Alamos National Laboratory and Lawrence Livermore National Laboratory.
A 'disposable' desktop is a Windows 7 virtual desktop that we host on our cloud and deliver to you over the WAN for one-time use only.
The hosted virtual desktop is 'disposable' in the sense that it is for one time use only and any changes a user makes to the desktop do not carry through from one user session to the next.
When a user logs into their desktop, we instantly create a brand new one and when the user logs out of their desktop it is destroyed and that resource is returned back to the cloud for use by others.
We call this kind of virtual desktop a non-persistent one and my company tuCloud was the first to bring this model to market and deploy it into production at Lawrence Livermore National Laboratory for use by almost all of their 5000 internal employees.
Our pilot and deployment have been a huge success, we have just completed our first year of service at the NNSA who are extremely happy, our desktop users are happier still and in this session I will explain why.
We have seen this 'disposable' desktop model ripple through the Federal government and military/defense industries, its easily the fastest growing cloud VDI use case I can see right now, one that is rapidly gaining traction and its use is beginning to filter down into those industries with valuable IP to protect.
Cyber attacks plague the largest organizations in the Western world and typically these attacks come in the form or the advanced persistent threat against the individual user, who is attacked through personal webmail or social networking websites.
Providing your users with an externally hosted 'disposable' desktop upon which they conduct their 'risky' internet facing activity, provides you with a way of locking down internet access to your internal desktops, decreasing the attack surface of your organization and funneling potential intrusions into an isolated environment where they can be best dealt with.
We complete the model by combining deep packet/content inspection technologies with intrusion detection technology which provides for '360 Degree Battle-Space' awareness over the disposable desktop estate, the most likely place to be attacked and breached 90% of the time.
Throughout the talk I will provide insights from Federal cybersec professionals working on and around this kind of non-persistent virtual desktop platform and also tales from the battlefield.
In the meantime, to learn more about this model please visit the following links.
The Non-Persistent Model Webcast & Article : http://bit.ly/HJ4K34
Virtual Desktop Cybersec Strategies with the Israeli Cyber Defense Institute : http://bit.ly/HJ4Szs
Speaker
