One of the exciting announcements that was made out of VMWorld was the release of AppDefense. This security product helps to bolster what VMware NSX can do from a security standpoint and augment those features and extend the capabilities and proactive actions that can be taken when a security event happens. What is VMware AppDefense and what can it do for an organization from a security standpoint?
What is VMware AppDefense?
VMware AppDefense builds on the security foundation of VMware NSX. NSX allows organizations to implement microsegmentation into the environment at the hypervisor level so that only network resources that need access will gain access to certain resources in the environment. This extends beyond simple IP access rules as policy can be built from dynamic groups comprised of Active Directory users as well as based on the machine name or OS version, etc.
AppDefense takes the security posture of NSX one step further and provides the functionality to secure the endpoint if anything malicious makes it through the network defenses. AppDefense proactively detects anything that makes it through the network defenses and automatically triggers responses from a vSphere perspective. The automatic responses can include:
- Blocking process communication
- Snapshotting a VM for forensic analysis
- Suspending or shutting down a VM if malicious software is detected
The core of AppDefense focuses on protecting applications that are running on virtualized or cloud environments. It creates a least privileged environment on the compute stack. With any given system, you see lots of processes running behind the scenes. Malicious are constantly targeting running processes to manipulate, add, or alter them. AppDefense enforces the model of least privilege. It watches the processes running and makes sure they continue to run as they initially were intended to run.
Provisioning AppDefense is simple. You turn it on and it plug into the hypervisor and starts learning about the environment. You simply tell the system what you want to happen if what is running doesn’t match what was intended to run. This helps to shrink the attack surface overall. When thinking about the possibilities of utilizing AppDefense for security, this adds tremendous value to the 3rd party ecosystem utilizing AppDefense and they can tap into the power of AppDefense with their products, etc.
AppDefense has built in defenses to protect itself as well. It is part of the VMware hypervisor and has a special, isolated, protected process that runs to continually monitor virtual machines. This drastically reduces the likelihood of AppDefense being compromised.
What is VMware AppDefense? As shown, it is a powerful new tool introduced to take the security of NSX a step further by implementing and enforcing least privilege for running processes and ensuring those processes are still running as they were intended to run without manipulation. AppDefense will help to extend the partner ecosystem with security products now being able to tie into the power of AppDefense with NSX and continue to enforce the integrity of production workloads.