Ed Snowden says that VMs are "a big step up" against persistent threats. That matches our experience.
To avoid forensics, malware on hardened systems is often volatile. It disappears when you reboot. But an attack can leave a backdoor.
Some malware hides itself in BIOS, device PROMs, etc. Even reformatting and reinstalling the OS doesn't help. This malware is a type of APT, an Advanced Persistent Threat.
Until attackers have cracks to break out of a VM and are willing to use them, a properly configured VM is good protection.
When a reboot isn't enough, you can recreate the machine anytime with all data intact. This is much cheaper and easier than replacing hardware.
The tradeoff is increased attack surface (hypervisor, host system). But attackers have to break out of the VM first. Virtual machine attacks are still rare.
An APT persists until you reboot. Data on writable media that survives a reboot is a risk.
A successful attack on a host that just runs a VM behind a firewall is less likely because the host has almost no attack surface of its own.
At least for now, VMs can stop many APTs. If we find escalation vulnerabilities before the attackers and fix them fast, VMs may be a good long term solution.