To answer all of your questions about vSphere and AppDefense coming together to form vSphere Platinum, we hosted a vSphere Tweet Chat featuring our experts. From the team, Arjun Narang, AppDefense Sr. Product Manager, and Bob Plankers, VMware Technical Marketing Architect, joined us to share their valuable insights. We discussed what vSphere Platinum is and how its services deliver better security. But “no spoilers!” Check out the full chat recap:
A1: I like to think of vSphere Platinum as the fort-knox hypervisor, in that you’re getting the full capabilities of the vSphere hypervisor with the added visibility and security of AppDefense. – Arjun
A1: vSphere Platinum is the solid, secure and mature foundation of vSphere with the application visibility and security that VMware AppDefense brings, using the advantages of the hypervisor and machine learning to secure applications. – Bob
A2: AV only helps with known, existing threats. vSphere Platinum uses AppDefense to understand the intended state and monitor or block any unauthorized changes. vSphere Platinum’s security model enables us to catch known and unknown (zero-day) threats. – Arjun
A2: AV is essentially a curated list of bad things, and it has to be updated constantly in order to be effective. AppDefense flips that around to be a list of things we know are good, and then we can block everything else. – Bob
A2: Want to get past AV? Just recompile your malware or change it a little, and AV has no idea what it is. – Bob
Q3: What about firewalls and micro-segmentation? Won’t they keep all the threats out of our data center? Why would we need vSphere Platinum? #vSphereChatpic.twitter.com/1fDaltbPsL
A3: No solution will solve 100% of your issues. When an attacker breaks through the firewall, you can leverage AppDefense to detect and respond to the abnormal behaviors expressed by attackers. – Arjun
A3: Exactly! Ultimately you need to punch a hole in your firewall to get an application, and as such you give an attacker a path to the inside, such is the fundamental problem with firewalls: eventually someone has to use the thing they’re protecting… – Bob
A3: And AppDefense’s visibility can help you harden those firewall policies by gaining a more complete understanding of your existing behaviors and network connections.
A4: Everything is the best use case for vSphere Platinum! Joking aside, the power of VMware’s offerings is that you get an immense amount of choice around what products to use and what hardware or cloud you run them in. – Bob
A5: Absolutely – you can go very easily between all of the versions of vSphere. AppDefense installation involves an additional virtual appliance to help connect it to the cloud services that power its machine learning. – Bob
A5: Again, lots of choice with VMware products to deploy them so that they fit with what your organization needs. – Bob
A6: AppDefense doesn’t need to use complex algorithms to chase bad behaviors, we only need to monitor the known intended state for any deviations. This, combined with running within the hypervisor, makes for a very minimal overhead. – Arjun
A6: The AppDefense virtual appliance can scale up to be fairly sizeable in a larger environment, but there’s only one of those per cluster. The overall impact on workloads is very small. Most of the processing is done between the appliance and the cloud. – Bob
A6: You also need to consider the overhead that AV takes on your systems. AV isn’t a trivial workload at all and accounts for sizeable percentages of overhead on servers. – Bob
A6: Not to mention immense staff time investments, too. AppDefense is really easy to use and designed to help IT Ops and SecOps work together. – Bob
A6: Helping organizations make the most of their staff time, and making humans’ lives easier, is something that both vSphere and AppDefense share. – Bob
Q7: If compliance does not equal security, what would you recommend we run in the data center to achieve both compliance and security? #vSphereChatpic.twitter.com/8wLWtknyYW
A7: Compliance and security are two sides of the same coin. We’re all very interested in security, but folks tend to have more immediate needs around compliance (an audit, for example). – Bob
A7: Tools like the vSphere Security Configuration Guide and the NIST 800-53 Compliance Kit help immensely as folks try to map compliance needs to actual “nerd-knob” controls in the products, getting security with their compliance work. – Bob
A7: There’s also a good paper from Gartner & VMware: Strategies for Securing the Data Center: From the Foundation to the Application with VMware vSphere Platinum. – Bob
A8: vSphere is the core of VMware Cloud on AWS, and the security and availability features present in the on-premises versions are also available in the cloud, too. AppDefense will also be coming to VMware Cloud on AWS as part of a future enhancement. – Bob
A8: One of the beauties of VMware Cloud on AWS is that it makes the public cloud look exactly like what’s already in your data center, thus eliminating training and retooling. – Bob
A8: Agree 100%. Operations around cloud offerings are just as important as the service qualities, in my book. Example, O365 is a different but similar skill set to Exchange. How much training is required to move to said offering? That is a key aspect for me. – Joe
A8: EXACTLY. It’s huge and often overlooked. Use the power of the public cloud for near-instant hardware elasticity and many AZs, with the apps and software you already have and know. – Bob
A8: The same components AppDefense uses on ESXi and in the VM guest would be transferred up to your machines running on VMware Cloud on AWS… coming soon to a theater near you! – Arjun
Q9: Can you explain the importance of patching and updating passwords? How critical are they to the security of my business applications? #vSphereChatpic.twitter.com/zPc38J1l8K
A9: Patching is extremely important, it removes the fundamental vulnerabilities in our environments. Organizations that can patch quickly don’t have to waste cycles on trying to protect themselves in other ways. – Bob
A9: If there’s something you can do to massively improve your security posture it’s to get to a state where you can apply updates in a very timely fashion. – Bob
A9: Adding defense-in-depth to an environment in the form of AppDefense and NSX micro segmentation is huge, too – it buys some time between when a problem is found and a patch is applied. – Bob
A9: I spoke about all of this at length at Security Field Day. You can see all the videos and content, here. – Bob
A10: Teenage Mutant Ninja Turtles – a great team with all different qualities that band together to defeat evil. And they’re turtles that eat pizza. And we love our VMware Turtles! Heck yeah! TURTLE POWER! – Bob
A10: It has to be The Godfather – the best of all time. – Arjun
A huge shout out to our experts, Arjun Narang (@arjunintech) and Bob Plankers (@plankers) and all the other participants. Stay tuned for our monthly expert chats, and join the conversation by using the #vSphereChat hashtag.
Have a specific topic you’d like to cover? Reach out and we’ll bring the topic to our experts for consideration. For now, we’ll see you in the Twittersphere!
