This week at VMworld, VMware announced market availability of a new security technology called AppDefense. AppDefense is an application-layer security control designed to profile applications, determine “normal” behavior and then provide a series of least privilege controls for applications and options for security incident remediation.
Now, in some respects, AppDefense is a lot like application whitelisting/blacklisting, which can be very effective for limiting the attack surface, but the historical problem with application controls is operational overhead. If you want to implement whitelisting, you have to know what workloads are running and what they are allowed to do, and then implement controls to restrict unanticipated application behavior. This can become quite cumbersome when servers run multiple applications with dynamic development cycles and changing behavior.
Copyright 2017 NETWORKFIGHTS.COM