*** This is a Security Bloggers Network syndicated blog from Frontline Sentinel authored by Matthew Pascucci. Read the original post at: http://feedproxy.google.com/~r/frontlinesentinel/qMCv/~3/6XEL-RnMMVU/vmware-appdefense-how-will-it-address.html
VMware recently added a new service called AppDefense to their cybersecurity portfolio that aims to lower false positives and utilize least privilege in order to secure endpoints living on the host. VMware also has NSX to create microsegmentation on the network layer, which can integrate into AppDefense. However, with AppDefense, the security of the systems is taken down a layer to the endpoints.
The first major benefit of having VMware AppDefense is that it understands what the endpoints were provisioned to do and their intended behavior. The AppDefense service is in the hypervisor and has a detailed understanding of what’s normal within the endpoints. If something changes, such as malware reaching a system, then it’s able to detect that the endpoint is doing something outside of what it was designed to do.
This feature helps to reduce false positives within your network and enables overworked security teams to focus on the alerts that truly matter. By creating alerts to monitor the system’s behavior and to make sure they are operating properly, the alert time for analysts is reduced. Since VMware AppDefense recognizes that detecting and responding to incidents is key, these alerts help security teams focus on what is important.
Utilizing least privilege is a security staple, and using it whenever possible is always recommended. With AppDefense, you’re able to build off of what VMware NSX started and drop least privilege down from the network layer to the endpoint. This further increases the ability to lock down your systems to only what’s needed and limit your threat exposure.
When alerts within AppDefense are found, it’s possible to kick off a response from NSX to take action and to block communications, take snapshots for forensics, or even shut down the endpoint. This detailed control of what can occur after an alert has been found with AppDefense enables endpoints to be isolated and for remediation to occur quickly and efficiently. The automation of AppDefense and the integration of NSX enables in-depth security and an added layer of visibility into workloads that might have been overlooked in the past.
With the creation of NSX and AppDefense services, VMware has been making big strides in security by focusing on the fundamentals. By giving analysts the visibility into their networks and endpoints using least privilege, an understanding of a behavior change enables a quicker incident response time. I’m excited to see how VMware continues to evolve on its own.
My article at: http://searchsecurity.techtarget.com/answer/VMware-AppDefense-How-will-it-address-endpoint-security