VMware AppDefense will protect both on-premises and public cloud workloads, which enables organizations to apply...
AppDefense to hybrid environments. AppDefense is a managed cloud-based SaaS application. It's well-suited for protecting VM workloads in a public cloud, such as VMware Cloud on AWS, by design. But AppDefense also deploys a Security Management proxy as an on-premises appliance to protect on-premises VM workloads. This on-premises proxy interfaces with the AppDefense service in the cloud. A similar proxy -- also present in the cloud -- isolates the Security Manager service from the actual cloud infrastructure, guarding it against attack.
AppDefense is a relatively new product that requires vSphere and vCenter for on-premises operation. However, it does not implement any kind of automated remediation or provisioning for on-premises security. An enterprise will need to deploy additional VMware tools, including NSX and vRealize Automation, to execute the kind of automation and remediation capabilities found in the cloud-based service.
It's too early to tell whether AppDefense will eventually support other, non-VMware hypervisors or bare-metal workloads on premises, but it's possible that future releases of AppDefense will build support for other hypervisors and tools. In addition, a security service like AppDefense depends on reliable WAN connectivity. Any disruption in WAN connectivity can cause the AppDefense service -- as well as other public cloud infrastructure -- to become unavailable. It remains unclear exactly how connectivity problems will affect an on-premises proxy or overall application security under AppDefense.
All of this means that potential adopters will need to apply due diligence and perform proof-of-concept projects to verify the suitability and performance of AppDefense for their specific on-premises and public cloud workloads before they apply it to a hybrid environment.
The rapid evolution of security threats and high-profile security breaches has organizations scrambling to strengthen postures without imposing onerous new tools with more complexity. This can require a shift in the way that organizations handle security -- replacing traditional alert logging and manual interventions with a far more automated and orchestrated approach. VMware AppDefense is one emerging service intended to protect applications at the application layer by understanding how they work normally, watching for disparities and automatically orchestrating actions to contain and remediate any events.
Dig Deeper on Using monitoring and performance tools with VMware
Related Q&A from Stephen J. Bigelow
Regression tests and UAT ensure software quality and both require a sizeable investment. Learn when and how to perform each one, and some tips to get... Continue Reading
Learn the meaning of functional vs. nonfunctional requirements in software engineering, with helpful examples. Then, see how to write both and build ... Continue Reading
Just because software passes functional tests doesn't mean it works. Dig into stress, load, endurance and other performance tests, and their ... Continue Reading