At last week’s VMworld 2017, VMware announced the launch of AppDefense — a solution for securing applications running on virtualized or cloud environments.
AppDefense — formerly known as “Goldilocks” — runs on vSphere, VMware’s cloud computing virtualization platform. The solution starts by figuring out an app’s intended state and behavior — which can then be measured against how the app is operating to detect anomalies. If the solution determines that the application or OS is not running like it is intended to, or has been manipulated by a cyber attack, AppDefense automates a response with the help of vSphere and NSX.
“The growing frequency and cost of security incidents points to a fundamental flaw in security models that focus solely on chasing threats,” said Tom Corn, senior vice president, security products at VMware. “AppDefense delivers an intent-based security model that focuses on what the applications should do — the known good — rather than what the attackers do — the known bad. We believe it will do for compute what VMware NSX and micro-segmentation did for the network; enable least privilege environments for critical applications.”
AppDefense uses automation and machine learning to improve existing security features, as well as a more authoritative view of applications and how they function to reduce the threat of attacks. Corn explains that applications are the largest attack surfaces, and that AppDefense is the product of years of development to build security into systems to reduce that surface. He added that while VMware is not a security company and is not trying to develop an independent security offering, it is leveraging its position in the infrastructure space to design a secure infrastructure that is built in rather than bolted on.
AppDefense also integrates with third-party solutions, which will enable a partner ecosystem to leverage the solution. Managed Security Service Providers (MSSPs) will be able to build new data centers and cloud security offerings around AppDefense. Initial partners include IBM Security, RSA, Carbon Black, SecureWorks, and Puppet.
“As attacks become more sophisticated, it’s more important than ever for security analysts to have full visibility into potential security incidents at every layer of their IT infrastructure, both on-premise and in the cloud. The direct integration of AppDefense with IBM Security technologies will allow additional analysis of this data by Watson for Cyber Security, which can provide analysts with a clearer understanding of the scope of advanced attacks. It can also help bridge the gap between IT operations and security teams, allowing them to orchestrate incident response and quickly take action to defend their organization,” said Marc van Zadelhoff, general manager at IBM Security
VMware AppDefense is currently available for customers in the U.S. using VMware vSphere 6.5, and an annual subscription is priced at $500 per CPU.