VMware AppDefense is a data center endpoint security product that protects applications running in virtualized environments. Rather than chasing after threats, AppDefense understands how applications are supposed to work and monitors for changes to that intended state that indicate a threat. When a threat is detected, AppDefense automatically responds.
AppDefense doesn’t produce a lot of alerts, but when it raises the alarm it’s smart to listen. The authoritative alerts generated by AppDefense coupled with automated response capabilities allow the SOC to focus on catching and eradicating threats from their environment, rather than sifting through noisy data and investigating threats that aren’t there.
In the world of modern application development, applications are launched, changed, and decommissioned rapidly. By the time a security team learns of the existence of a new application, it has often already changed. AppDefense creates a common source of truth between application teams and the security teams, streamlining the security review and readiness process.
From inside the vSphere hypervisor, AppDefense has an authoritative understanding of how data center endpoints are meant to behave and is the first to know when changes are made. This contextual intelligence removes the guesswork involved in determining which changes are legitimate and which are real threats.
When a threat is detected, AppDefense uses vSphere and VMware NSX to automate the correct response. AppDefense can automatically:
• Block process communication
• Snapshot an endpoint for forensic analysis
• Suspend or shut down the endpoint
Because AppDefense is installed in the vSphere hypervisor, it has an isolated, protected environment from which to continually monitor data center endpoints. This reduces the chance of AppDefense itself being compromised.