Virtually secure: AppDefense and VMware

20 September 2017

Last week Daren Vallyon - our data centre solutions architect - got to meet VMware supremo Pat Gelsinger. I'll let Daren recount his adventures at VMworld Barcelona, but meanwhile I wanted to focus on a theme of Gelsinger's August keynote speech at the Las Vegas event.

One of his key points was that the security landscape is crowded with vendors offering targeted, often worthy, solutions, which operate in silos. The net effect is that it's hard to get an overall security picture, which is in itself a risk. As Gelsinger introduced a new virtual-machine-whitelisting product AppDefense, he explained that the industry as a whole needed to deliver more security.

"We have to do more core security functions in the underlying infrastructure," he said, and for VMware environments that's where AppDefense [sic] comes in. It compares VM behaviour to a list of what's expected or allowable, and if there's a deviation it can deploy automated responses.

A certain arrogance?

The Register observed 'a certain arrogance' in VMware's plans to partner up with the more significant security vendors to provide validated solutions, and its expectation that this would both improve the overall security picture and shrink the market considerably. To be fair, though, VMware isn't the only company describing a bloated security market in which there are far too many security vendors - it's something that Palo Alto Networks (PAN) has been messaging throughout 2017.

PAN's solution is its Application Framework, a suite comprising cloud APIs, services, compute, and native access to customer-specific data stores. Together these serve as a platform for apps offered by PAN itself and trusted third-party vendors - for more detail, check out my post from Ignite 17. VMware’s AppDefense seems to be following a similar principle within the virtual machine (NSX looks after the overlaying security platform).

In my opinion, there are too many difficult-to-manage point products in the security world, so reducing their number has to be a good thing. If AppDefense and the VMware security platform are managed correctly - ensuring established players are properly integrated without locking out innovative new challengers - it should increase the level of protection afforded to end-user organisations.

Like many in the security industry I believe that the current level of spending is unsustainable, so for me, Gelsinger’s vision is pragmatic and positive, rather than arrogant.


Need to get a grip on security in your virtual environments and beyond? We offer a range of solutions and expertise - discover more about our security portfolio, or get in touch for advice.

Image: Jan Jablunka/Flickr, Creative Commons