Innovative Approach to Application Behavior Monitoring
July 26, 2019

Innovative Approach to Application Behavior Monitoring

Troy Mayes | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User

Overall Satisfaction with VMware AppDefense

The response is immediate. The people are easy to understand and they are properly trained. Everybody I have worked with is very committed to the success of this product.
Currently NAES has been deployed at the corporate headquarters with plans to roll out to remote offices and subsidiaries. Our initial use is to gain visibility into our east-west traffic in preparation for implementing NSX. We also use it to alert us to anomalous behaviors.
  • I think that the AppDefense approach is clever and sets it apart from other products. Having a baseline of normal behavior that I can see is something I haven't seen in another product before.
  • AppDefense doesn't overload my systems with performance draining agents.
  • AppDefense integrates with VMWare products I have or plan to purchase.
  • Access to AppDefense support has been better than any other VMWare products.
  • The installation and update process is time consuming and requires too many reboots.
  • Bare metal support is very badly needed.
  • Reporting is weak. I need to pull information out that shows regulatory compliance requirements are being satisfied.
  • When I whitelist or blacklist a process there are no fields to track why that decision was made.
  • Blacklisting doesn't do what I thought it was doing.
  • Some basic AV should be included to satisfy regulatory requirements.
  • Going from no visibility into this area, we have mostly gained positive impacts. So far the only security issues we have seen were on one of the few bare metal systems that we have.
The 2 biggest advantages are where the product sits in the VMWare Stack and the approach to detecting anomalous behavior. When I compare this to ExtraHop or NetScout, They sit outside and collect a ton of data and offer not much assistance in evaluating the data. We dont need a FTE or a consultant to comb through all of the data because we establish the norm. They are also much more expensive and require approvals from people who dont understand technology. It easier to get funding for AppDefense and vRNI than it is to get $100k for an appliance that also needs more money up front for a consultant to decipher data.
I believe that the product is priced well enough that a small business that is concerned with data center security can justify using the product. My environment hasn't scaled up very far yet, but I am a little concerned that when we get to a certain point, the management console will get full and be more difficult to track. An enterprise customer might see that as a problem.