What is VMware AppDefense, and what benefits does it provide?

Improving security is a core goal for many organizations. Traditional perimeter security techniques are no longer effective, nor are they suited for modern, dynamic enterprises. This challenges IT professionals and business leaders to reconsider security tools and technologies in order to find an implementation that offers a mix of security, flexibility, manageability and cost. AppDefense, the latest addition to the VMware network security strategy, is one possible option to help guard mission-critical applications rather than face the convoluted security implications of low-level infrastructure components, such as routers and servers. Let's take a closer look at VMware AppDefense and see how it's used in the enterprise.

One of the ongoing problems with enterprise cybersecurity is that security is often viewed and implemented as an infrastructure issue. This is a powerful viewpoint, but it's also extremely complex. An IT infrastructure can involve many servers, switches, routers and other devices, as well as myriad different tools, including firewalls, antimalware, intrusion detection/prevention systems, threat detection mechanisms and more.

You must configure each of these components and tools with extensive rule sets to handle access control and data protection policies for the entire enterprise and all of its users. When an application, device, user, policy or other element changes, you must -- ideally -- check and update every rule to maintain security. Any missed configuration or overlooked change can open a security vulnerability that puts the enterprise at risk.

VMware AppDefense follows a different paradigm that foregoes low-level infrastructure-based rule sets and instead focuses on high-level application behaviors -- guarding the applications rather than the underlying infrastructure.

VMware AppDefense follows a different paradigm that foregoes low-level infrastructure-based rule sets and instead focuses on high-level application behaviors -- guarding the applications rather than the underlying infrastructure.

In theory, such an approach is well-suited to accommodate the demands of modern enterprise applications, which are often distributed and impose dynamic resources. For example, a modern application is often deployed in a VM provisioned from a pool of shared resources within the infrastructure. Those resources can vary and scale dynamically over time.

An application security platform, such as AppDefense, seeks to identify all of the hardware and software elements involved in an application, view those elements as a collective group and then implement defenses around that collection of elements. More importantly, the defenses should move and change as the application changes. For example, if an application's VM migrates to another server and its traffic passes through different network devices, a security platform, such as AppDefense, must be able to recognize and adjust automatically to the changes.

From a more practical standpoint, AppDefense is a cloud-based SaaS product hosted on Amazon Web Services. AppDefense works through the hypervisor to monitor the application running within the VM, assess the application's normal behaviors against unusual or unexpected behaviors -- which might indicate an attack or infiltration -- and then apply remediation to restore normal behavior or contain the threat until further action can be taken.

AppDefense emphasizes the ideas of least privilege and microsegmentation. Least privilege limits user access rights to each application, helping to ensure that a user has only the minimum actions needed to do their job and no more. This makes it harder for attackers to gain access to an application, change processes or intercept/alter traffic. Microsegmentation works to divide the infrastructure into smaller protected pieces. This makes it easier to manage the infrastructure components applications use and helps to contain attacks or infiltration if it occurs. This makes it harder for attackers to get around and gain access to other elements or applications.

VMware AppDefense became available in August 2017 and is intended as a service for enterprise vSphere 6.5 users. Initial pricing is reported to be $500 per CPU per year, but pricing, availability and requirements may vary over time.