KuppingerCole Report
Executive View
By Matthias Reinwarth

VMware AppDefense

Fully integrated protection of virtual machines as part of the software defined data center. From capturing expected behavior to efficiently responding to detected threats: Intelligent endpoint security technology leveraging the insight, control and automation available within virtualized environments.

1 Introduction

Endpoint protection is becoming an increasingly important factor, when it comes to securing both end users and organizations. Viruses, worms and malware including ransomware are threatening client workstations and mobile devices of all kinds. Apart from that they are an increasing danger also to crucial server infrastructure both on-premises and in the cloud.

With the increasing digitization and the associated changes in corporate communications, more and more employees and defined, authorized external parties (such as business partners, consultants, prospects and customers) gain access to the network. On the one hand, this is made possible directly via the Internet via a large number of devices, software components and access paths. But also the classical access vectors, such as e-mail attachments or worms, which spread from one computer to another via their communication ports, are entry points for unwanted software and the source of undesirable behavior of systems in networks. Finally, despite many trainings and awareness-raising measures, social engineering and phishing are still one of the central access points for malicious actors and thus of unwanted software of all kinds on client and server systems.

Endpoint security is thus becoming an increasingly critical element for enterprise networks. As soon as attackers have crossed traditional network boundaries and the firewall and infiltrated a workstation or server through attack scenarios between phishing and malware, it is necessary that endpoint security systems take over the defense. A large number of manufacturers are investing heavily in implementing powerful methods to protect these systems and to increase the barrier to overcome in an attack.

Traditional application control is usually achieved by means of blacklists and whitelists and real-time monitoring technology operating in parallel on the protected systems. This ensures that only those applications that are considered safe are active on a system. Other aspects of endpoint security are covered by anti-malware solution, virus scanners and Data Leakage or Data Loss Protection (DLP) tools.

With the changing topology of enterprise networks, the integration of cloud infrastructures and the disappearance of the obvious network perimeter, it is becoming increasingly difficult to draw a clear boundary between the inside and outside of a network. The scope of the endpoints to be considered as part of an efficient corporate security strategy is thus constantly increasing, the task of protecting endpoints, detecting threats and adequately responding has become the daily challenge of security architects, operations teams, networks security operation centers and to some extent also the end user.

VMware is a US company listed on the NYSE, with EMC as the major shareholder. VMware is still primarily perceived as vendor of virtualization solutions. They provide large scale enterprise virtualization and cloud infrastructure solutions. Identity and Access Management, Access Governance and endpoint application delivery across devices and operating system paradigms have since been added to a growing portfolio aiming at positioning themselves as a one-stop-shop for cloud infrastructure, virtualized and software defined data centers, security and desktop application delivery.

The idea behind the concept of VMware AppDefense is a dramatic increase in security for virtualized endpoint systems, no matter whether they are client systems, server systems or other types of IT infrastructure. This is achieved by making endpoint security part of the virtualization infrastructure.

AppDefense acts as an integral part of the hypervisor, providing a comprehensive view of all the information that each guest operating system and its resources provide at runtime to the central administration component in virtualization. Unlike traditional endpoint security systems, AppDefense does not actively search for signs of known threats. Rather, the system understands how applications are supposed to work, what kind of behavior they should show at runtime, and monitors this behavior by watching for deviations that may indicate a threat.

2 Product Description

This takes into account that in the case of traditional security analytics the attack surface in comparison to (few) known and (many) yet unknown atta ...

Login Get full Access

3 Strengths and Challenges

Building upon its decade-long expertise in virtualization, extended by strong security knowledge in the area of software defined networks, VMware prov ...

Login Get full Access

4 Related Research

Advisory Note: Firewalls Are Dead - How to Build a Resilient, Defendable Network - 72163
Executive View: VMware Identity Manager - 71455
Advisory Note: Plant Automation Security - 71560
Advisory Note: Sustainable Infrastructures through IT Compliance - 72025
[Leadership Compass: Enterprise Endpoint Security: Anti-Malware Solutions - 71172](Leadership Compass: Enterprise Endpoint Security: Anti-Malware Solutions - 71172)


©2021 KuppingerCole Analysts AG all rights reserved. Reproduction and distribution of this publication in any form is forbidden unless prior written permission. All conclusions, recommendations and predictions in this document represent KuppingerCole´s initial view. Through gathering more information and performing deep analysis, positions presented in this document will be subject to refinements or even major changes. KuppingerCole disclaim all warranties as to the completeness, accuracy and/or adequacy of this information. Even if KuppingerCole research documents may discuss legal issues related to information security and technology, KuppingerCole do not provide any legal services or advice and its publications shall not be used as such. KuppingerCole shall have no liability for errors or inadequacies in the information contained in this document. Any opinion expressed may be subject to change without notice. All product and company names are trademarks™ or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.

KuppingerCole Analysts support IT professionals with outstanding expertise in defining IT strategies and in relevant decision-making processes. As a leading analyst ompany, KuppingerCole provides first-hand vendor-neutral information. Our services allow you to feel comfortable and secure in taking decisions essential to your business.

KuppingerCole, founded in 2004, is a global, independent analyst organization headquartered in Europe. We specialize in providing vendor-neutral advice, expertise, thought leadership, and practical relevance in Cybersecurity, Digital Identity & IAM (Identity and Access Management), Cloud Risk and Security, and Artificial Intelligence, as well as for all technologies fostering Digital Transformation. We support companies, corporate users, integrators and software manufacturers in meeting both tactical and strategic challenges and make better decisions for the success of their business. Maintaining a balance between immediate implementation and long-term viability is at the heart of our philosophy.

For further information, please contact clients@kuppingercole.com.