New Updates in AppDefense 2.3

The release of VMware AppDefense 2.3 brings lot of new exciting features in the product. This release delivers a major update to AppDefense plug-in in vCenter. Notably, this release includes OS Integrity features, Behavior Analysis functionality, and an entire suite of vulnerability assessment capabilities. In particular, the vulnerability capabilities are notable because they are available in vCenter only (not SaaS) and they are built specifically for the vAdmin.

In this blog post I am going to focus on new features which have been added in the AppDefense plug-in in vCenter server. These new features require outbound internet connectivity.

Behavior Analysis with Machine Learning (ML)

This feature provides the ability to analyze network behavior on-premise. With assistance from the App Verification Cloud, AppDefense gathers information about the network activity of known processes and determines if the behavior is trusted with its machine learning (ML) algorithms. That’s right, now Machine Learning models are available on-premise without SaaS subscription. AppDefense only requires outbound internet access.

AppDefense ML Analysis

OS Integrity

OS Integrity verifies operating system (OS) of the virtual machine (VM) and integrity of all installed drivers, including the guest agent drivers. Integrity alerts are applicable only for the Windows VMs. vCenter Server administrator is alerted when security events are triggered, prompting additional investigation. On by default, these features prevent against major technique categories in the MITRE ATT&CK Framework, including persistence and defense evasion. AppDefense appliance only requires outbound internet access.

AppDefense OS Integrity

Vulnerability scanning and risk prioritization

This feature delivers full suite of capabilities around vulnerability assessment. AppDefense enumerates vulnerabilities on vSphere components, Operating Systems, as well as the applications running on top. As processes execute, AppDefense determines the vulnerabilities associated with that software. This feature requires outbound internet access. In addition to enumerating the vulnerabilities in your environment, AppDefense prioritizes every vulnerability using real-time threat information collected from sensors around the world. AppDefense ingests this feed from Kenna Security, the leader in vulnerability prioritization, to determine the overall risk for your environment.

As a vCenter Server administrator, you always want to minimize the emergency downtime. You can now monitor all data center vulnerabilities from the AppDefense plug-in. To enable the vulnerability assessment feature, you should make sure that AppDefense Service (SaaS) subscription and the AppDefense Appliance are connected to AppDefense Service (SaaS).

AppDefense Vulnerability Assessment

 

In my previous post, Working with VMware AppDefense without SaaS subscription, I have covered other features in AppDefense plug-in in vCenter. These include features available with/without outbound internet access and in non-SaaS mode.

Summary

As you can see, AppDefense is continuing to make improvements in various ways. VMware is always prioritizing how we can best improve the security of applications and establish security as an intrinsic component for all your workloads. Furthermore, AppDefense plug-in in vCenter servers allows vSphere Administrators to easily monitor and collaborate with Security Teams to create an even more secure and efficient virtual infrastructure.

AppDefense is delivered as part of vSphere Platinum, so please reach out to your account teams for more information or visit the vSphere Platinum test drive today.