Quantcast
Channel: VMware Communities : Blog List - All Communities
Viewing all articles
Browse latest Browse all 3135

VMWare AppDefense and Carbon Black

$
0
0

As applications have become more distributed and more dynamic, they have become more difficult to secure. Traditional security solutions are not flexible enough to keep up with applications as they change over time, leading to breakdowns in security. Additionally, traditional endpoint security solutions are focused on preventing the infltration step of the kill chain, but threats inside the data center are well past this step -- busy propagating or extracting information from the environment.

 

Attacks in the Data Center Require a New Approach

 

Attacks in the data center use di erent methodologies than end-user attacks. The majority of attacks against data center endpoints hinge on an attacker manipulating the executables, processes, and operating system of the endpoint, itself. They inject new code into application binaries. They introduce new executables. They modify processes for communicating to new things — like their own command and control servers or to other endpoints to spread their malware.   Identifying these threats requires a deep understanding of both intended application behavior and threat behavior, something that traditional endpoint security products don’t possess.

 

So what is the Solution?

 

 

Together, VMware AppDefense and Cb Defense for VMware provide a unique one-two punch for stopping application threats inside the virtualized data center.

 

 

• Shrink the attack surface by enforcing known good application behavior

• Use behavioral threat detection to detect and prevent advanced attacks.

 

Enforcing Known Good - By leveraging the power of the virtual infrastructure, the solution has an authoritative understanding of how data center endpoints are meant to behave and is the rst to know when changes are made. This contextual intelligence removes the guess work involved in determining which application changes and network tra c anomalies associated with processes, executables, and operating systems are legitimate and which indicate real threats.

 

Detecting Unknown Threats

 

Any threat that isn’t prevented by locking down the application’s behavior, is picked up by Streaming Prevention – a next-gen threat detection technology that uses event stream processing to correlate multiple events over time, indicating the presence of a threat.

 

Automated, Orchestrated Response

 

Once a threat is identi ed, the solution again leverages the virtual infrastructure, itself to deliver a library of responses, ranging from suspending or snapshotting a VM, to quarantining the compromised machine and performing forensic analysis.

 

Look for the joint solution from VMWare and Carbon Black to become available in late January


Viewing all articles
Browse latest Browse all 3135

Trending Articles