Still a young product with big potential. This is the future of security.
July 29, 2019

Still a young product with big potential. This is the future of security.

Anonymous | TrustRadius Reviewer
Score 7 out of 10
Vetted Review
Verified User
Review Source

Overall Satisfaction with VMware AppDefense

The product is still quite new, and there seems to be a lack of technical information available for both the E.U. and support staff. That being said, the support staff that I have worked with have always been very knowledgeable and ensure that they see a ticket through to completion.
VMware AppDefense is being used across the organization to protect internal assets from lateral movement in case of a breach. We have a mixed environment of virtual machines. We have virtual machines dedicated to our clients, in addition to server virtual machines that provide services to all of our employees and clients.
  • Provides detailed process and command-line information.
  • Provides visibility into what connections are being made to/from a specific server/service.
  • Ability to group multiple VMs into service groups for proper correlation.
  • No ability to display network owner information in alerts (i.e. AS number/Network owner name of a public IP).
  • No ability to resolve IP addresses for display in alerts.
  • Setup, classifying, and configuring all of the requisite process rules is tedious.
  • Due to the amount of time VMware AppDefense has been in use at my company, this cannot yet be quantified.
This is a huge benefit to our organization as we have always been of the opinion that constantly scanning for threats that you may not even be aware of was a futile way of protecting assets. As with the current model, a threat can only be recognized if its signature was added to the respective scanner's database.

Whitelisting processes has always been the preferred methodology, as we already mostly know what to expect for incoming and outgoing connections, which is where VMware AppDefense really comes into play
We have benefited greatly by having complete visibility into the running processes and the connections they are making. This has allowed us to address holes in our security posture and make necessary adjustments to ACLs.
I see it as a positive that thus far, we have not identified any threats with VMware AppDefense. We have, however, been able to confirm our expectations of what various server processes are doing and the resources they are connecting to. We are still tweaking and tuning the automatic remediation and rules, so this portion of the VMware AppDefense service is still ramping up in our organization.
VMware AppDefense appears to be well suited for environments where the number of expected applications in use and network connections remains fairly static (i.e. highly secured environments). Even in our case, our processes are mostly static but still required a lot of initial input to get rules set up correctly.

VMware AppDefense does not currently seem well suited for environments that have a lot of dynamic processes and network connections.