VMware App Defense – Secure the Front Door of your Business

More often than not we see and hear news of data breaches and I am sure that this weighs heavily on the minds of IT leaders. But security has been around for decades and IT leaders have put safeguards into place. They execute best practices by layering security in their environment. They have firewalls at the perimeter, limited access to systems, have monitoring in place, update and patch system regularly, automation to reduce user errors, network segmentation between lab, test, dev, prod, DMZ environments, micro-segmentation to shrink the footprint even more, run internal audits to verify processes and execute penetration testing. Even when all the aforementioned, and more that I have left out, is executed at a near perfect rate… I want to say that again, executed at a near perfect rate… It may not be enough, check that, it IS not enough. Enter App Defense.

App Defense is an application that learns how your app is built, deployed and runs. It understands what services are running, what executables are used, systems it is communicating with, and over what network ports. I highly recommend the video at: https://goo.gl/bSSHu3 . This video was part of a keynote at the 2017 VMworld in Las Vegas. To save you some time I have the cliff notes below. If you want to go right to the Demo, which is also highly recommended, go to the 20 minute mark. If you have never seen how easy it is for an experienced hacker to gain access to your systems, even with layered security in place, it is eye opening.

In the video, Tom Corn does a brilliant job of drawing the parallel between your first child and an application. While on the surface this seems like a stretch but it does make sense as he steps through it.

The Phases:

  • Planning Phase
  • Development Phase
  • Functional testing
  • GA

Yes, there are counterpoints from the child perspective here but let’s just move forward with the analogy.

After GA/birth, there is day two operations. It’s that sinking feeling when you load your child and wife into the car and drive home at 5 miles an hour with the flashers on. There is no manual or run book on how to raise a child.

Panic sets in and you start to worry about all of the threats that you see and hear about.

  • News
  • Social Media
  • WebMD

To alleviate this you:

  • Baby proof the house (build a safe environment)
  • Get a new crib (apparently the one I put my kids in ~20 years ago were not safe)
  • You don’t put them where they can be exposed (bring them to a sick relative) – put your DB on the Internet.

You monitor your child, get to understand them by their (analytics):

  • Appetite
  • Temp
  • Mood
  • How often they rest
  • Behavior


You learn more by collaborating with your doctor (security team).

As you can see the parallels now we transition to APP Defense…

Since environments are distributed, networking, storage, compute, the attack surface is even greater. Of course we can shrink this with hardware, by restacking everything and putting firewalls up on every network port, but that would incur considerable CapEx and OpEx expense. But the best approach is to leverage a software solution that shrinks the footprint through layering security and leverages least privilege by known good.

App Defense is built on the concept of Capture, Detect and Respond.

Screen Shot 2017-11-02 at 8.57.47 AM

Capture – Discover and capture intended behavior of all VM activity associated with the application, servers and regulatory scope. This is done with collections from vCenter, Infrastructure provisioning systems (vRealize, Puppet, Chef), App frameworks (Ansible, Jenkins) and machine learning at the Hypervisor.

Detect – Monitor what is running, compare what is intended. Applications are protected in an isolated zone monitoring guest manifests. There are partners in this space to enhance the detection as it will continue to change.

Respond – Leverage the SDDC automate action via orchestrated responses. There is a library of orchestrated responses that will continue to grow. For example, suspend, shutdown, or quarantine in the event of a detection. Can be automated or manual operation.

This is the point where the demo would be. I am not going to highlight the demo because it is a must see.

To summarize, App Defense is another security tool to enhance your overall security platform. It brings the IT security team closer to the application side of IT (typical to see a majority of security focused on infrastructure – which is understandable). If you understand data security you know there is no one tool or process that will address all threats. However, I will leave you with this thought. Think of your Application as a door to your environment. Not having App Defense is the equivalent to not having security on your datacenter or sever room door. People have to enter the room but you know what they are doing and what they are taking out. Or at least you should.

HOL Recommendation: HOL-1842-01-NET

As indicated on my website, thoughts are my own and do not reflect those of my employer.