Published: August 29th, 2017

LAS VEGAS – VMware is looking to secure applications running on virtualized or cloud environments.

The company has unveiled AppDefense, a machine learning-enabled security solution designed to monitor applications against their intended state, detect anomalies, and if needed, automate a response to any malicious activity.

AppDefense runs on vSphere, VMware’s cloud computing virtualization platform, which allows it to see apps and how they run based on context. The solution sets up a library of orchestrated incident responses that will come into effect if it notices something isn’t running like it is intended to, or if there is a cyber attack attempting to manipulate an app. This can significantly reduce the threat of attacks by minimizing the attack surface, making threat identification and response more efficient, and creating a more agile DevOps-friendly model for security.

“The growing frequency and cost of security incidents points to a fundamental flaw in security models that focus solely on chasing threats,” Tom Corn, senior vice president of security products at VMware, says at VMWorld, which is being held in Las Vegas from Aug. 28 to 30. “AppDefense delivers an intent-based security model that focuses on what the applications should do – the known good – rather than what the attackers do – the known bad. We believe it will do for compute what VMware NSX and micro-segmentation did for the network; enable least privilege environments for critical applications.”

Tom Corn, senior vice president of security products at VMware (left), during an executive panel announcing new products at VMWorld in Las Vegas on Aug. 28.

AppDefense employs automation and machine learning to improve existing security features, as well as a more authoritative view of apps and how they function to protect businesses in an increasingly virtualized world.

Apps are some of the largest attack surfaces, Corn explains, and that AppDefense is the product of years of development to architect security into systems to reduce that surface.

He adds that while VMware is not a security company and is not trying to develop an independent security offering, it is leveraging its position in the infrastructure space to design a secure infrastructure that’s not bolted on, but built in.

VMware’s security products leader also points out that AppDefense is meant to better align security teams with app teams, which is key to reducing risk and attack surfaces.

“This new solution allows security and application teams to collaborate faster, easier, and more efficiently,” he explains. “The two teams need to work together to keep a business safe just like how a doctor and a parent collaborate to make sure a child is healthy. The parent knows the child and knows when something might be wrong, and a doctor knows maladies and remedies. App teams know their products and know when something might not be working as intended, and the security teams know how to fix that.”

VMware AppDefense is currently available today for customers in the US using VMware vSphere 6.5, and priced as a subscription at $500 (USD) MSRP per CPU per year.

VMware says AppDefense will soon be available on its Cloud on Amazon Web Services, a solution it also announced at VMWorld, within the next year.

AppDefense also integrates with third-party solutions, which will enable VMware’s partner ecosystem to leverage the platform. Managed Security Service Providers (MSSPs) will be able to build new data centre and cloud security offerings around AppDefense, with initial partners including IBM Security, RSA, Carbon Black, SecureWorks, and Puppet.

Marc van Zadelhoff, general manager at IBM Security, says that as cyber attacks become more sophisticated, it’s important for security analysts “to have full visibility into potential security incidents at every layer of their IT infrastructure, both on-premise and in the cloud.”

He adds that a combination of AppDefense with IBM Security’s technologies “will allow additional analysis of this data by Watson for Cyber Security, which can provide analysts with a clearer understanding of the scope of advanced attacks. It can also help bridge the gap between IT operations and security teams, allowing them to orchestrate incident response and quickly take action to defend their organization.”

Grant Geyer, senior vice president of products at RSA, expresses his excitement in working with VMware to protect enterprises against the next wave of attacks, says AppDefense “arms administrators to take positive control on what’s really running within their virtual datacenter – exactly what is needed in today’s challenging threat landscape.”