TheSaffaGeek

My ramblings about all things technical

VMware AppDefense Announced at #VMworld US

3 Comments

At todays VMworld US there are a number of announcements coming out but one of the big ones in my opinion is the announcement of VMware AppDefense.

AppDefense provides an number of features, notably:

  • Application Control: Comprehensive view/grouping of VMs in the datacenter, their intended state and allowed behaviour
  • Runtime anomaly detection and response: Monitor the real time state of the OS and user applications – alert and control process, network, and kernel events
  • Process Analysis: Built-in process analysis engine gives overall process maliciousness as well as specific traits that are potentially suspicious
  • Orchestrate Remediation: Our infrastructure reach provides a more effective way to orchestrate remediation during a security incident

image

Application Scope

  • Security Team View of Intended Application State
  • Security-team owned viewpoint of application infrastructure
  • Provides a lens to evaluate runtime behaviour against known good
  • An abstraction to validate and audit the placement of security policy

image

 

Attesting Runtime Behaviour

  • Writing Rules to Inspect Validate Endpoint Processes and Network Connectivity
  • Enforce behaviour by blocking activity or audit/alerting
  • Evaluate a number of endpoint events from a trusted location:
    • Process network activity (inbound/outbound)
    • Process activity
    • OS Kernel
    • Virtual Enclave

image

 

Built-In Process Analysis

  • Deep Level In-Memory Analysis of Process Capability to Provide Detail on Anomalies
  • Evaluate the in-memory state of a process before/after anomalies are recognized
  • Does not rely on signatures or hashes at all
  • Provides overall risk score and individual traits within the process

image

 

Orchestrating Remediation

  • Blocking Behaviour or Responding on Alarms Through Virtual Infrastructure
  • Each rule can be associated with a recommended remediation workflow
  • Alerts integrate with standard SIEM tools and other notification methods
  • Enforcement can be automated or manual
  • Leverages the mutability of the virtual infrastructure (ESX layer and NSX security policy)

image

AppDefense Architecture

image

 

I’m really looking forward to learning more about AppDefense and seeing how it can fit my customers needs.

Gregg

Advertisements

3 thoughts on “VMware AppDefense Announced at #VMworld US

  1. Pingback: VMworld US 2017 – Pre-Conference Analysis – Virtual Brakeman

  2. Pingback: VMworld Day 1 recap | TheSaffaGeek

  3. Pingback: VMworld Day 2 Recap | TheSaffaGeek

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s