VMworld 2017 Announcement – AppDefence

Data management and security is a big issue for most organisations, whatever the size of your organisation the way data is managed and secured has never been under more focus.  Data breeches have far reaching consequences for organisations and individuals.  As organisations relay more and more on digital information, spending more on security products, it remains true that data breaches still occur with alarming frequency.  When they do occur invariably it is headline news, with far ranging repercussions for the breached organisations.

VMworld 2017 Announcement – AppDefence

Of the first announcements to catch my eye today, is the release of AppDefense. Released and labelled as an endpoint security solution, AppDefence is effectively embedding threat detection and automatic response into the virtualisation layer.

Working in harmony with the hypervisor to understand how a workload should be behaving, what the correct state is, what is the endpoints ‘known good’.  AppDefence is ideally situated to recognise and respond to deviations from this ‘known good state.

Being situated alongside, but isolated, from what it is monitoring enables AppDefence to pinpoint deviations from the ‘known good’ state and respond/flag those to security teams.  By understanding the ‘known good’ state of the endpoint, false positives can also be reduced.  By being isolated from the monitored endpoint reduces the chance of compromising AppDefence, if the endpoint where to be compromised.

Being situated on the Hypervisor means that AppDefence can be the authority for the reality of your application.  Whatever is configured up or down the stack, at the application layer AppDefence will know exactly what is configured and happening.  Providing authoritative alerting to your Security Operations Centre.

Being located next to the application creates a shared source of truth that both the applications and security teams can work from to streamline security review processes.  Given the rate of application change this can only be a good thing!

Security teams will be used to the term ‘defence in depth’, many environments will be configured with ‘second skin firewalls’ or additional isolated networks for high value applications and data.  AppDefence is the natural progression of this.

For the enterprise user, I can’t imagine that AppDefence is about revolution and replacing existing capability, it is the evolution and extension of that capability.  For the SMB user, AppDefence is providing functionality that might well have been inaccessible or cost prohibitive in the past.

Looking forward to many more announcements over the coming days.

Simon