Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security //

Automation

8/28/2017
12:30 PM
Craig Matsumoto
Craig Matsumoto
News Analysis-Security Now
50%
50%

VMware Offers App Security From the 'Goldilocks Zone'

Making good on a theme pitched by Martin Casado and Tom Corn, VMware launches AppDefense to put the hypervisor at the heart of application security.

LAS VEGAS -- VMworld 2017 -- Touching on the "Goldilocks Zone" concept that Martin Casado brought up in 2014, VMware is making a play for the application security market, saying the hypervisor provides the proper place to spot trouble as virtualized applications spin up.

The AppDefense service, which is being announced here today, isn't about network security -- firewalls and the like. Rather, it's about application security, monitoring the apps themselves to make sure nothing is going awry.

VMware has believed for years that it has a place in this kind of security. That was the gist of the Goldilocks Zone concept that Casado -- a figurehead of the SDN movement who joined VMware through the Nicira acquisition -- and colleague Tom Corn began presenting in 2014. They argued that the hypervisor was the proper place to host security functions.

Their logic went like this: Infrastructure-based security, such as a firewall, can't fully understand aspects of context, such as who an application's user is and where the data is intended to go. And host-based security lacks isolation; once the host CPU is breached, every application becomes an open book to the attacker, they argued. In a virtualized environment, the hypervisor knows all the context and can provide isolation.

AppDefense follows up on that idea. "You can use the unique properties of virtualization to have a completely different twist on security," said Corn, now VMware's senior vice president of security products, during a pre-VMworld press conference Sunday evening.

The service is available now for on-premises VMware installations. It's going to eventually extend into VMware environments on Amazon Web Services (AWS) as well, through the VMware Cloud on AWS service. Officials aren't giving a timeframe for that yet.

AppDefense's operations can be categorized into three steps. First, it uses VMware's vCenter management to track what applications are being spawned in the network and what they're supposed to be doing. The latter part gets discerned through provisioning and orchestration tools such as Puppet, Chef, and Ansible (or VMware's own vRealize).

It's important to tap those tools, because they provide "authoritative" information, Corn said, "allowing us to look at what was intended there before that machine was even spun up."

Second, AppDefense stores the intended state of the network, so it can compare the apps that are actually running to what's supposed to be running. Finally, it uses vSphere and NSX to take action -- shutting down a misbehaving virtual machine, for instance.

The approach is similar to whitelisting -- an approach where the network blocks any activity that isn't specifically permitted by policy. But whitelisting can be "a pretty brittle model" that can trip up as processes spawn new processes, Corn says. AppDefense goes further because of that first step -- tapping "authoritative" information from developer tools.

That process also makes AppDefense useful for getting applications teams and security operations teams aligned, Corn said.

"It's much like a doctor and a parent are working together in the care of a child, because one knows the child and the other knows maladies and remedies," he said. "We're creating a system that allows those teams to collaborate."

— Craig Matsumoto, Editor-in-Chief, Light Reading

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises Are Assessing Cybersecurity Risk in Today's Environment
The adoption of cloud services spurred by the COVID-19 pandemic has resulted in pressure on cyber-risk professionals to focus on vulnerabilities and new exposures that stem from pandemic-driven changes. Many cybersecurity pros expect fundamental, long-term changes to their organization's computing and data security due to the shift to more remote work and accelerated cloud adoption. Download this report from Dark Reading to learn more about their challenges and concerns.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-23599
PUBLISHED: 2022-01-28
Products.ATContentTypes are the core content types for Plone 2.1 - 4.3. Versions of Plone that are dependent on Products.ATContentTypes prior to version 3.0.6 are vulnerable to reflected cross site scripting and open redirect when an attacker can get a compromised version of the image_view_fullscree...
CVE-2022-0395
PUBLISHED: 2022-01-28
Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
CVE-2022-21721
PUBLISHED: 2022-01-28
Next.js is a React framework. Starting with version 12.0.0 and prior to version 12.0.9, vulnerable code could allow a bad actor to trigger a denial of service attack for anyone using i18n functionality. In order to be affected by this CVE, one must use next start or a custom server and the built-in ...
CVE-2022-23598
PUBLISHED: 2022-01-28
laminas-form is a package for validating and displaying simple and complex forms. When rendering validation error messages via the `formElementErrors()` view helper shipped with laminas-form, many messages will contain the submitted value. However, in laminas-form prior to version 3.1.1, the value w...
CVE-2021-4160
PUBLISHED: 2022-01-28
There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS 1.3 default curves. Impact was not analyzed in detail, because the pre-requisites for attack are considered unlikely and include reusing private keys. Analysis sug...