'Intent-based' security model protects applications
VMWare has introduced AppDefense, a security solution designed to protect applications running on VMware vSphere-based virtualised and cloud environments.
AppDefense leverages the virtual infrastructure to monitor running applications against what they are supposed to be doing, detecting and automating responses to attacks that attempt to manipulate those applications.
The solution employs a model based on least privilege, to ensure users connected to enterprise applications have only as much access as they need to perform their functions. This lowers the risk of damage should a hacker compromise the user's account.
Tom Corn, senior vice president, security products at VMware, says the growing frequency and cost of breaches highlights a fundamental flaw in security models that focus solely on chasing threats.
He says AppDefense delivers an intent-based security model that focuses on what the applications should do, the known good, as opposed to what the cyber criminals do, the known bad.
"We believe it will do for compute what VMware NSX and micro-segmentation did for the network; enable least privilege environments for critical applications." NSX is VMware's network virtualisation and security platform.
According to him, an intent-based security model is made possible through increased use of automation in application and infrastructure provisioning and use of application frameworks that provide richer and more authoritative views of intended state.
In addition, Corn says the application of machine learning enables the ability to reason about state and behaviour across large populations, and by using more virtualisation and cloud, provides greater application context and isolation.
AppDefense enables customers to improve the effectiveness of existing security controls, such as endpoint security, and security information and event management, which are able to integrate with AppDefense to gain application context, leverage the virtual infrastructure for remediation, and protect their own position on the endpoint.
The product has several additional features, he says. It is in a unique position to see rich application context, irrespective of whether run state or provisioned state, and it can leverage the hypervisor to create a protected zone from which to store intended state and monitor runtime behaviour.
Finally, the solution has the ability to leverage vSphere and NSX to automate and orchestrate response, meaning that AppDefense can significantly reduce the attack surface, making threat identification and response more efficient, and creating a more agile DevOps-friendly model for security.