August 28th, 2017 by Adam Armstrong
VMware Introduces AppDefense Security For Virtualized & Cloud Environments
Today at VMworld 2017 in Las Vegas, VMware Inc. introduced VMware AppDefense, what it is calling a breakthrough solution for securing applications running on virtualized or cloud environments. The new solution monitors running applications against their intended state by leveraging virtual infrastructure. In doings so, AppDefense is able to detect and automatically respond to outside attacks against those applications it is monitoring.
AppDefense is less of a standalone security measure and more of an additional layer that improves existing security. The solution integrates with endpoint security, security information and event management (SIEM), and Security Operations Center Analytics to gain context that helps it leverage the virtual infrastructure for remediation and protect customers’ position on the endpoint. What’s more, Managed Security Service Providers can build build new data center and cloud security offerings around AppDefense.
An intent-based security model is made possible through:
- Increased use of automation in application and infrastructure provisioning
- Use of application frameworks that provide richer and more authoritative views of intended state
- Application of machine learning that enables the ability to reason about state and behavior across large populations
- Increased use of virtualization and cloud, which provides greater application context and isolation
AppDefense leverages VMware vSphere to gain several unique capabilities. It can see rich application context; both run state and provisioned state. The solution leverages the hypervisor creating a protected zone to store intended state and monitor runtime behavior. Leveraging both vShpere and NSX, AppDefense can automate and orchestrate a response to threats. When combining these capabilities the solution can significantly reduce the attack surface, making threat identification and response more efficient.
Initial partners for AppDefense include:
- IBM Security: AppDefense plans to integrate with IBM's QRadar security analytics platform, enabling security teams to understand and respond to advanced and insider threats that cut across both on-premises and cloud environments like IBM Cloud. IBM Security and VMware will collaborate to build this integrated offering as an app delivered via the IBM Security App Exchange, providing mutual customers with greater visibility and control across virtualized workloads without having to switch between disparate security tools, helping organizations secure their critical data and remain compliant.
- RSA: RSA NetWitness Suite will be interoperable with AppDefense, leveraging it for deeper application context within an enterprise's virtual datacenter, response automation/orchestration, and visibility into application attacks. RSA NetWitness Endpoint will be interoperable with AppDefense to inspect unique processes for suspicious behaviors and enable either a Security Analyst or AppDefense Administrators to block malicious behaviors before they can impact the broader datacenter.
- Carbon Black: AppDefense will leverage Carbon Black reputation feeds to help secure virtual environments. Using Carbon Black's reputation classification, security teams can triage alerts faster by automatically determining which behaviors require additional verification and which behaviors can be pre-approved. Reputation data will also allow for auto-updates to the manifest when upgrading software to drastically reduce the number of false positives that can be common in whitelisting.
- SecureWorks: SecureWorks is developing a new solution that leverages AppDefense. The new solution will be part of the SecureWorks Cloud Guardian portfolio and will deliver security detection, validation, and response capabilities across a client's virtual environment. This solution will leverage SecureWorks' global Threat Intelligence, and will enable organizations to hand off the challenge of developing, tuning and enforcing the security policies that protect their virtual environments to a team of experts with nearly two decades of experience in managed services.
- Puppet: Puppet Enterprise is integrated with AppDefense, providing visibility and insight into the desired configuration of VMs, assisting in distinguishing between authorized changes and malicious behavior.
VMware intends to allow integrations with third-party solutions with AppDefense, taking all of the benefits of AppDefense and allowing a partner ecosystem to take advantage of them.
Availability and Pricing
VMware AppDefense is available today in the U.S. for customers using VMware vSphere 6.5. AppDefense is priced as a subscription at $500 MSRP per CPU per year.