ptnphotof - Fotolia

Tip

AppDefense adoption reconstructs the virtual admin role

Security is critical to many organizations' planning stages, with virtual admins seeing additional security responsibilities as weaknesses in security teams' capabilities emerge.

Many organizations have historically treated the role of security teams as an afterthought. With the introduction of AppDefense, VMware reintroduced security as a critical step to a company's planning, deployment and support processes, which changes the roles of virtual admins and other IT staff.

VMware AppDefense turns 2 this year. VMware originally pitched AppDefense to middle-market customers rather than large enterprises despite VMware's history of introducing new products at the enterprise level -- AppDefense requires vSphere 6.5 or higher and many enterprise-class organizations have slower upgrade cycles than smaller businesses -- which enabled many SMBs and commercial organizations from all industries to get involved with AppDefense from the start.

Understanding AppDefense

AppDefense focuses on verifying suitable application behavior and looks for anomalous actions based on known good ones. VMware used Carbon Black technology to develop AppDefense's ability to identify suitable workloads versus ones that misbehave. Now that VMware has acquired Carbon Black, this integration continues to deepen and evolve.

AppDefense can trigger responses to issues in a system. For example, if an application or server no longer follows suitable, established behavior patterns, AppDefense remediates the behavior by isolating, removing and redeploying the workload.

Virtual admins normally manage the tasks of system integrity and application control rather than the security team. However, many organizations funnel security tasks such as the ones AppDefense flags to security staff, rather than virtual admins.

AppDefense focuses on verifying suitable application behavior and looks for anomalous actions based on known good ones.

How AppDefense changed virtual admins' security role

VMware's focus on SMBs increased adoption numbers for AppDefense. SMBs don't often have the same access to security groups and silos that large enterprises have, and AppDefense provided SMBs with better ways to operationalize security.

SMB staff members often fulfill multiple roles, but large enterprises tend to silo staff. The renewed emphasis on security has caused many enterprises to reconstruct the operational roles of their employees.

AppDefense provides organizations with a way to bolster their security. However, staff unfamiliar with the software can disrupt its functions. Organizations' security teams understand security and the investigative duties that come with it, but they generally don't have the required in-depth knowledge of infrastructure to maintain the software.

Security staff vs. virtual admins

Security teams should not troubleshoot issues if they don't fully understand how those decisions affect infrastructure and applications. Instead, virtual admins should oversee operational tasks and issues and make decisions based on suitable behavior patterns.

For example, a large business might flag a security team to handle an unpatched workload. Most security teams might opt to shut down the workload, but if the workload is a mission-critical application or piece of infrastructure, an organization might require that workload to remain online. This mindset also applies to hardening environments and workloads; not everything has or requires the same resolution.

Some might argue that organizations overload the virtual admin role. But AppDefense can employ some of the same automation and orchestration methods virtual admins currently use and ease virtual admins' day-to-day work.

AppDefense provides a fundamental piece of VMware's software stack. Virtual admins with a preexisting VMware infrastructure can automatically deploy it at scale and maintain configuration control. This creates a hardened environment that can reduce possible attack exposure.

Dig Deeper on VMware cloud