I am very excited about VMware’s new security solution AppDefense. When this was announced at VMworld 2017 I had to immediately learn more about it. Security is always at the top of the list in any data center and it is always at the top of my list when I have discussions with customers. It has become even more important in 2017 with these next generation wave of attacks in the form of ransomware. The WannaCry and Petya attacks in the earlier half of this year literally crippled data centers worldwide.
There are some great solutions out there to help prevent the spread of these types of attacks. For example, effective distributed firewall rules in VMware NSX (microsegmentation) can literally limit the spread of these attacks on the internal infrastructure by completely blocking specific ports exploited by the attacks.
Secondary storage and effective backup strategies were another way to quickly recover your data that had been hijacked. I am a big fan of Rubrik, Cohesity and Veeam and what they have been doing to help customers combat ransomware and quickly recover their mission critical data. These solutions are like the DeLorean from Back to the Future for your data. Quickly roll back time for your data to the exact point in time before the data was compromised by ransomware.
Again, all of these solutions were fantastic for helping you either recover or prevent the spread of the attack but nothing actually prevented this type of attack from happening. I truly believe VMware AppDefense is the next generation security solution to solve the threat of ransomware.
What does AppDefense do differently compared to other security solutions out there? First things first, the solution has a completely different approach to security. Security solutions for years have been designed to “squash the bug” in the data center. They are designed to target the known bad. The problem with that is you had to rely heavily on security definitions to be pushed down to your security solution. If it did not know about the “new bug” well there was a window of opportunity there for that bug to do some damage before it became a known issue.
AppDefense completely FLIPS the security approach. Instead of constantly chasing the BAD in the datacenter it simply focuses on one thing…THE KNOWN GOOD!
It is an application-centric security solution that is designed to understand “the intended state” of your application(s). From within the vSphere hypervisor it has an “authoritative understanding” of how your application (endpoints) are supposed to perform. If that application ever deviates from this “known good” state an alarm is triggered and the application process is forced to stop! This is all performed dynamically as a precise, automated threat response. It immediately blocks the process, a snapshot is taken for further analysis and you can also configure a response to either suspend or completely shutdown the VM that has been compromised.
Another problem that I have observed with Ransomware was the backup systems being compromised as well. If your backup server was running a version of Windows Server it is simply a major RISK. This created a major dilemma when it came to recovering data if your backup server was also compromised. You do not have that problem with AppDefense because it is part of the vSphere hypervisor. Therefore, it is completely ISOLATED. It operates in its own protected environment; completely separated from any VM that could become compromised.
Do you want that next generation security solution to protect you from these rapidly evolving next generation security threats? Combine AppDefense and NSX and your virtual data center will be hardened like never before.