Innovative Approach to Application Behavior Monitoring
Troy Mayes | TrustRadius Reviewer
July 26, 2019

Innovative Approach to Application Behavior Monitoring

Score 10 out of 10
Vetted Review
Verified User
Review Source

Overall Satisfaction with VMware AppDefense

The response is immediate. The people are easy to understand and they are properly trained. Everybody I have worked with is very committed to the success of this product.
Currently NAES has been deployed at the corporate headquarters with plans to roll out to remote offices and subsidiaries. Our initial use is to gain visibility into our east-west traffic in preparation for implementing NSX. We also use it to alert us to anomalous behaviors.
  • I think that the AppDefense approach is clever and sets it apart from other products. Having a baseline of normal behavior that I can see is something I haven't seen in another product before.
  • AppDefense doesn't overload my systems with performance draining agents.
  • AppDefense integrates with VMWare products I have or plan to purchase.
  • Access to AppDefense support has been better than any other VMWare products.
  • The installation and update process is time consuming and requires too many reboots.
  • Bare metal support is very badly needed.
  • Reporting is weak. I need to pull information out that shows regulatory compliance requirements are being satisfied.
  • When I whitelist or blacklist a process there are no fields to track why that decision was made.
  • Blacklisting doesn't do what I thought it was doing.
  • Some basic AV should be included to satisfy regulatory requirements.
  • Going from no visibility into this area, we have mostly gained positive impacts. So far the only security issues we have seen were on one of the few bare metal systems that we have.
There has been a real push from management to put traditional AV on my servers. What they were proposing would be a major drain on performance and a nightmare to manage. I, so far, have been able to fight that off by explaining what this product does. At the moment we have not had any anomalous activity inside the VMWare environment.
Visibility gives you a few benefits. First, you can see what established behavior looks like. You are able to see exactly what your applications are doing and gain possible insight into performance issues. Second, if another admin makes changes or adds software, you will be aware of it right away. You also gain insight to what patches and upgrades actually do and the documentation may not reveal. We also expect that when problems occur with applications, this will be a potential troubleshooting tool.
We have had no incidents, but I have worked with support on some minor issues. They are easily accessed and they stay on the issue until it is fully resolved.
The 2 biggest advantages are where the product sits in the VMWare Stack and the approach to detecting anomalous behavior. When I compare this to ExtraHop or NetScout, They sit outside and collect a ton of data and offer not much assistance in evaluating the data. We dont need a FTE or a consultant to comb through all of the data because we establish the norm. They are also much more expensive and require approvals from people who dont understand technology. It easier to get funding for AppDefense and vRNI than it is to get $100k for an appliance that also needs more money up front for a consultant to decipher data.
I believe that the product is priced well enough that a small business that is concerned with data center security can justify using the product. My environment hasn't scaled up very far yet, but I am a little concerned that when we get to a certain point, the management console will get full and be more difficult to track. An enterprise customer might see that as a problem.