markrubens - Fotolia
VMware AppDefense will protect both on-premises and public cloud workloads, which enables organizations to apply...
AppDefense to hybrid environments. AppDefense is a managed cloud-based SaaS application. It's well-suited for protecting VM workloads in a public cloud, such as VMware Cloud on AWS, by design. But AppDefense also deploys a Security Management proxy as an on-premises appliance to protect on-premises VM workloads. This on-premises proxy interfaces with the AppDefense service in the cloud. A similar proxy -- also present in the cloud -- isolates the Security Manager service from the actual cloud infrastructure, guarding it against attack.
AppDefense is a relatively new product that requires vSphere and vCenter for on-premises operation. However, it does not implement any kind of automated remediation or provisioning for on-premises security. An enterprise will need to deploy additional VMware tools, including NSX and vRealize Automation, to execute the kind of automation and remediation capabilities found in the cloud-based service.
It's too early to tell whether AppDefense will eventually support other, non-VMware hypervisors or bare-metal workloads on premises, but it's possible that future releases of AppDefense will build support for other hypervisors and tools. In addition, a security service like AppDefense depends on reliable WAN connectivity. Any disruption in WAN connectivity can cause the AppDefense service -- as well as other public cloud infrastructure -- to become unavailable. It remains unclear exactly how connectivity problems will affect an on-premises proxy or overall application security under AppDefense.
All of this means that potential adopters will need to apply due diligence and perform proof-of-concept projects to verify the suitability and performance of AppDefense for their specific on-premises and public cloud workloads before they apply it to a hybrid environment.
The rapid evolution of security threats and high-profile security breaches has organizations scrambling to strengthen postures without imposing onerous new tools with more complexity. This can require a shift in the way that organizations handle security -- replacing traditional alert logging and manual interventions with a far more automated and orchestrated approach. VMware AppDefense is one emerging service intended to protect applications at the application layer by understanding how they work normally, watching for disparities and automatically orchestrating actions to contain and remediate any events.
Dig Deeper on Using monitoring and performance tools with VMware
Related Q&A from Stephen J. Bigelow
Learn how load balancing in the cloud differs from a traditional network traffic distribution, and explore services available from AWS, Google and ... Continue Reading
Access management is critical to securing the cloud. Understand the differences between AWS IAM roles and users to properly restrict access to AWS ... Continue Reading
Containers have rapidly come into focus as a popular option for deploying applications, but they have limitations and are fundamentally different ... Continue Reading