A new service from VMware, announced Monday at the 2017 VMworld conference, could make it easier for businesses to secure apps and data running in virtualized and cloud environments. VMware AppDefense relies on intent-based security, and can automate a security response if something is wrong.
Tom Corn, senior vice president of security products at VMware, told TechRepublic that the security team at VMware has been working on AppDefense for two years. The product aims to shift the focus of security from servers and infrastructure to applications and data.
The idea stems from one central question: “Can you look at the infrastructure through the lens of the application–what you’re really trying to protect?” Corn said.
The solution works in three distinct steps: Discover, detect, and respond. Leveraging the virtualized infrastructure, AppDefense starts by figuring out the provisioned state and run state of the applications, and also discovers the intended purpose or behavior of that app as well, Corn said.
“A security model concentrating on appropriate application behavior can help shrink the attack surface and improve the ability to pinpoint real threats,” said Jon Oltsik, senior principal analyst at ESG, in a press release.
After the service has discovered the intended state and behavior of the app, it can measure that against how it is operating and detect any inappropriate behavior. If it seems that the application or OS has been manipulated, AppDefense automates a response with the help of vSphere and NSX.
For example, Corn said, possible responses “could be to snapshot it, it could be to quarantine it, it could be to reimage it, it could be to insert some new control.”
At launch, partners IBM Security, RSA, CarbonBlack, SecureWorks, and Puppet will all be offering integrations with AppDefense. An AppDefense subscription will cost $500 per CPU, per year.
“What microsegmentation did for the network, this is really trying to accomplish for compute,” Corn said. “To be able to say, for a given application, these are the things that should be able to happen and nothing else.”
The 3 big takeaways for TechRepublic readers
- VMware AppDefense uses intent-based security to help companies automate responses to threats against apps and data in virtual environments.
- The service discovers the app’s intended state and then measures that against the run state to make sure it is behaving as it is supposed to.
- Partner companies like IBM Security, RSA, and CarbonBlack will be offering new solutions based on AppDefense as well.