Product Announcements

VMware AppDefense Breaks Down Silos in Latest Release

vSphere Platinum Shield

It’s an exciting time for the VMware AppDefense team. We are making tremendous progress in our mission to help secure our customers’ data centers, and today we have great news to share. First, I’m proud to announce that we have released new functionality in VMware AppDefense that significantly breaks down the silos that exist between infrastructure and InfoSec teams – most notably the introduction of risk-based vulnerability reporting within VMware vSphere Platinum.

We’re also formally announcing the acquisition of the team and technology behind Intrinsic, a highly innovative security startup that has been focused on protecting native cloud applications, as we look to expand security to the public cloud. Customers see a lot of value in the AppDefense approach to securing critical applications and infrastructure and have asked us to provide support for environments outside of vSphere. This acquisition allows us to begin the process of expanding workload protection into a variety of environments, including public cloud, containers, and serverless applications. The Intrinsic team brings years of experience in developing and helping secure native cloud applications, and look forward to expanding our vision with them on board.

As emphasis on information security grows within organizations, security teams are increasingly looking towards infrastructure teams to help operationalize security. One of these areas is vulnerability management, where the critical task of vulnerability remediation increasingly falls to vSphere admins. This is a serious burden, as vSphere admins often don’t have the broader context to understand the relationships, dependencies, and state of the whole stack, from vSphere through to the workloads themselves, nor do they have a good mechanism to prioritize those vulnerabilities.  Remediating systems and applications without a deeper insight into relationships, relative risk, and without prioritization of issues often leads to outages and internal conflict–yet stopping to analyze these factors takes time, and taking time means critical vulnerabilities go unpatched.

To deal with these challenges, VMware AppDefense now delivers risk-adjusted vulnerability reports for the entire stack: vSphere itself plus the guest operating systems and the applications & workloads running within them. This vulnerability reporting is provided directly inside vSphere Platinum and fully available inside the vSphere Client itself. In addition, we have also added click-to-enable integrity checks for the Windows OS kernel within vSphere Platinum, allowing vSphere Admins to easily provide hypervisor-driven protection from rootkits and kernel manipulation.

Last, vSphere Platinum gains per-VM visibility and anomaly detection with automated reputation analysis for processes and network behaviors, powered by the AppDefense App Verification Cloud. To help deliver this functionality, VMware is collaborating with Kenna Security to provide some of the risk-based vulnerability data into the App Verification Cloud.

“Our collaboration with VMware enables us to integrate Kenna’s vulnerability intelligence with AppDefense’s modern, automated approach to security. VMware brings customer app context-based prioritization, while Kenna provides risk-based vulnerability prioritization. Combining the two gives vSphere Admins the whole picture so they can best address true risk in their data centers,” said Karim Toubba, CEO of Kenna Security. “Working together to support the vSphere Admin in today’s ever-changing security landscape is a vital part of our strategy. Our customers need transparency, flexibility and risk-based application security to stay ahead of today’s threats.”

We have also added some significant new capabilities to aid in managing and securing applications that are protected by AppDefense. These capabilities include:

  • Severity-based remediation actions, such as killing processes and network connections, which allows the App Verification Cloud to first score an event’s maliciousness before taking action
  • Rebootless installation and upgrade of AppDefense on guest operating systems
  • Support for the use of Fully Qualified Domain Names (FQDNs) within an allowed behavior definition
  • Remediation actions using VMware NSX-T

These additions provide immense new value to our customers both today and in the future and will help make significant strides towards securing the modern data center.