VMware Takes Aim At Hackers With AppDefense, Brings Security To The Virtualization, Networking Layers
Joseph F. Kovar
VMware Monday opened its annual VMworld conference with the formal introduction of its long-expected cloud-based and virtual machine-based security offering.
The new offering, formerly known as Goldilocks but now formally known as VMware AppDefense, is focused on protecting customer applications and infrastructure based on the growing VMware NSX software-defined networking platform across multiple clouds, said Chris Wolf, vice president and chief technology officer for global field and industry at VMware.
There are three main elements to VMware AppDefense, Wolf told CRN.
The first is an application focus as customers grow increasingly concerned over growing threats from malware, ransomware and other attacks, Wolf said.
The second is a focus on infrastructure security, an area where traditional approaches to security have been static for some time, Wolf said. "Traditional security can't respond to dynamic threats," he said. "We can provide virtualized applications with full security that scales as needed."
The third is a focus on the overall security ecosystem with the ability for AppDefense to work in conjunction with technology from several dozen security-focused vendors, he said.
VMware AppDefense is very much tied to VMware's NSX software-defined networking platform, Wolf said.
"NSX has been developed as a consistent platform for networking and security," he said. "NSX provides a core set of services that lets our partners provide true differentiation. We let partners extend what we do with our platform so customers can take advantage of NSX and the apps they are used to working with."
The tie between NSX and VMware AppDefense allows AppDefense to provide three powerful capabilities, said Tom Corn, VMware's senior vice president of security products.
The first is the ability to capture and discover applications and determine those applications' behavior because AppDefense is plugged into VMware's vCenter management platform, Corn said. "We're in a unique spot to see everything that's going on," he said.
The second is the ability to detect something going wrong with an application, Corn said. AppDefense uses the hypervisor host as a separate trust domain to create protected zones in vSphere where the "perfect version" of applications are stored to compare changes against.
The third is the ability to respond to attacks on the applications, Corn said. "We can say … if it's running in a way you think it shouldn't run, [here's] what you [can] do about it," he said.
AppDefense takes security from fishing for problems to providing customers with assurance about their security, Wolf said.
"We know the processes needed for applications and how they interface with the network," he said. "We know the known good state of an application. And if there is an anomaly, we can inform users about what is changing, sniff out the changes, and be very proactive so that the app owner can see the security footprint of the app at any time."
The close tie to NSX is key to understanding the known good state of an application, Wolf said. "Instead of waiting for something to go wrong, we look at defining what the app can do right from the start," he said.
VMware AppDefense is always looking at the application profile, including how it interacts with communications ports, said Scott Miller, senior director of the data center business of World Wide Technology, a St. Louis-based solution provider and longtime VMware channel partner.
"If the application is hacked or does something unusual like communicate through Port 80, AppDefense turns it off," Miller said. "There's no other solution working at the network layer that our security team has seen like this."
Miller said his security team is seeing AppDefense as a truly differentiated way to handle security.
"Other applications look at changes, but AppDefense is doing this in the virtualization layer and auto-remedying the issue," he said.
VMware AppDefense was placed into general availability on Monday. Corn said the platform initially is focused on on-premises environments and will be extended to partners' clouds, including that of Amazon Web Services, over time.