This week at VMworld, VMware announced market availability of a new security technology called AppDefense. AppDefense is an application-layer security control designed to profile applications, determine “normal” behavior and then provide a series of least privilege controls for applications and options for security incident remediation.
Now, in some respects, AppDefense is a lot like application whitelisting/blacklisting, which can be very effective for limiting the attack surface, but the historical problem with application controls is operational overhead. If you want to implement whitelisting, you have to know what workloads are running and what they are allowed to do, and then implement controls to restrict unanticipated application behavior. This can become quite cumbersome when servers run multiple applications with dynamic development cycles and changing behavior.
What VMware has done with AppDefense is marry application controls to machine learning in order to automate the whole enchilada. AppDefense discovers all the applications, monitors their behavior and then creates a manifest of known behavior for each application.
Armed with this knowledge, the cybersecurity team can build rules and processes that can be triggered when application behavior suddenly goes haywire. Potential actions could include coordination with application development and DevOps teams to see if new applications components were added, quarantining applications using NSX, or even sharing AppDefense telemetry with SIEM or EDR solutions for more thorough analysis.
How VMware’s AppDefense improves application security
AppDefense isn’t a revolutionary way to do things, but it certainly has the potential to help CISOs really improve application security, as these features illustrate:
1. AppDefense’s automation and machine learning trumps manual product deployment and customization. In case anyone forgot, we are in the midst of a global cybersecurity skills shortage. According to ESG research, 45% of organizations have a “problematic” shortage of cybersecurity skills today. CISOs know that decreasing the attack surface is synonymous with risk reduction, but many organizations don’t have the resources to assess, plan, deploy and operate application controls. As previously stated, AppDefense applies machine learning algorithms to alleviate this operational burden while delivering the risk-mitigating goodness of least privilege.