Welcome back!
Now where did we leave off? Last week, we talked a bit about VMware NSX. Let’s keep the security train rolling and talk about a product that VMware launched at VMworld: AppDefense!
AppDefense is a very interesting product that works based on application least privileges, watches machine and application processes, and learns the normal patterns and behaviors of these processes. It then creates a baseline or intended state and continuously watches for deviations.
If a deviation is found, AppDefense can act automatically, isolating the machine and alerting of the deviation from the normal. As viruses, malware and other threats morph so rapidly, and in many cases autonomously, it’s getting harder for security firms to stay up-to-date on all the variations of these threats. By watching the application for deviation from the norm, rather than hunting for the threats (through virus and malware scanning), compromised applications can be more quickly isolated, investigated and mitigated.
Let’s look at two scenarios.
Imagine it’s a Saturday morning on a long, three-day holiday weekend. Suddenly, at 8:30am, a process never seen before by your virus scanning engine wakes up and begins encrypting all the data on the machine, while simultaneously sniffing out other machines, infecting them and encrypting their data. CryptoLocker strikes again, and your company might not even know this is occurring until people return to work Tuesday morning. By that time, the damage is done.
Now, let’s rewind that weekend and imagine that you had AppDefense. When that process woke up at 8:30am and began doing its thing, AppDefense recognized this was a deviation from its normal operation. It then isolated the machine, maybe even powered it off, and then alerted the security team of the issue. Now what could have been devastating to the business is instead just a small problem isolated and awaiting cleanup.
Yes please, I will take option number two!
In addition, some interesting announcements were made around End User Computing (EUC) device management. One was Hewlett Packard Inc’s announcement that its Device as a Service offering, which is a desktops, notebook, workstation and services monthly pricing subscription, will now incorporate VMware Workspace One to manage devices. This partnership allows for device lifecycle management (deploy, configure, patch, secure, etc.) all included in the monthly, per device pricing model.
As part of the continued Multi-Cloud partnership discussions (remember the announcement of VMware Cloud on AWS in Part 1?), VMware also talked a bit more about VMware Horizon Cloud on Microsoft Azure. Though this was announced earlier in the year, and it didn’t make the headlines like VMware Cloud on AWS did, it is still a very important partnership solution. This partnership allows businesses with existing Azure infrastructure and services to better connect their users to those services.
So much was discussed at VMworld 2017, it would be impossible to recap it all. Containers and container partnerships with Pivitol and Google were announced, lots of End User Computing, environment management, and even a new proactive VMware support offering called VMware Skyline. I hope you enjoyed my recap of VMworld 2017.
Check out more of what happened at VMworld on its video on demand page!