VMware AppDefense Basics
The security climate is ever-changing, a constant game of "cat and mouse," where the good guys are always trying to stay one step ahead of the bad guys. This traditionally has been in the form of adding additional security in small blocks, which continue to stack-up like Legos in my daughter's room. While this approach has been successful in the past, the attackers and attacks have become more sophisticated and evolve in many ways faster than we can keep up. So what if we could change that, or at least augment our existing methods? What if we took another approach to security, such as having the ability to ask ourselves, "What should this application look like under good and normal working conditions?" If we know what it should look like when everything is working as it should, then it becomes easier to identify abnormalities, which can then have an automated action ran against it.
With VMware AppDefense, we have that ability - the ability to define the desired state of an application, and if that desired state changes, we can alarm on that via Application-Centric alerting for the Security Operations Center (SOC). This process allows the automation of eliminating, or at a minimum containing the threat and reducing the blast zone.
AppDefense is apart of vSphere Platinum, and since it's embedded into the hypervisor, it can remain securely segmented. By residing in the hypervisor, AppDefense has the ability to directly integrate into NSX to block malicious communications, conduct a snapshot for forensic analysis, or even suspend or shutdown the compromised endpoint.
Of course, this is a great way of providing security, and we believe anything we can do to automate the process of securing our customer's data is very important and can eliminate a tremendous amount of "footwork". However, ensuring proper security guidelines have been defined, training employees on these, constant checks and validations, and the many other layers of security help to maintain an easy to use, yet secure environment for organizations to operate on.
If your company would like a security assessment, our experts would be happy to help.