Overall Satisfaction with VMware AppDefense
Currently NAES has been deployed at the corporate headquarters with plans to roll out to remote offices and subsidiaries. Our initial use is to gain visibility into our east-west traffic in preparation for implementing NSX. We also use it to alert us to anomalous behaviors.
- I think that the AppDefense approach is clever and sets it apart from other products. Having a baseline of normal behavior that I can see is something I haven't seen in another product before.
- AppDefense doesn't overload my systems with performance draining agents.
- AppDefense integrates with VMWare products I have or plan to purchase.
- Access to AppDefense support has been better than any other VMWare products.
- The installation and update process is time consuming and requires too many reboots.
- Bare metal support is very badly needed.
- Reporting is weak. I need to pull information out that shows regulatory compliance requirements are being satisfied.
- When I whitelist or blacklist a process there are no fields to track why that decision was made.
- Blacklisting doesn't do what I thought it was doing.
- Some basic AV should be included to satisfy regulatory requirements.
- Going from no visibility into this area, we have mostly gained positive impacts. So far the only security issues we have seen were on one of the few bare metal systems that we have.
The 2 biggest advantages are where the product sits in the VMWare Stack and the approach to detecting anomalous behavior. When I compare this to ExtraHop or NetScout, They sit outside and collect a ton of data and offer not much assistance in evaluating the data. We dont need a FTE or a consultant to comb through all of the data because we establish the norm. They are also much more expensive and require approvals from people who dont understand technology. It easier to get funding for AppDefense and vRNI than it is to get $100k for an appliance that also needs more money up front for a consultant to decipher data.