AppDefense is a security product for protecting your organization’s workloads. Built in to the infrastructure, AppDefense ensures that applications are behaving only as intended, monitoring, and preventing anomalies that can attack on the environment. Unlike traditional application control solutions, AppDefense leverages an offsite verification engine to pre-analyze every deviation so that it only sends alerts that matter to the security team. AppDefense is simple and easy to insert, leveraging existing lifecycle management workflows, resulting in a true agentless experience.
AppDefense provides four basic functions:
- Application control: AppDefense provides application control by first assigning virtual machines to a scope and a service. A scope is the representation of an application. A scope is made up of multiple services. A service represents an application tier. All VMs within a service are expected to be homogeneous and have the exact same allowed behavior/rules. Scopes and their services are the foundational components that establish what the intended state (allowed behaviors) of an application or virtual machine (VM) in the data center. Scopes can also be integrated and dynamically created from automation tool integrations such as Puppet.
- Process analysis: Once AppDefense has established the known state and allowed behaviors for the application, AppDefense verifies that the learned behavior is ‘known good’ with an autonomous verification engine.
- Anomaly detection: After creating the intended state, AppDefense monitors for deviation to that state, alerting and preventing anomalies that can be attacks on the environment. Examples include unknown process execution, unknown command-line arguments, unknown network connections, or open ports.
- Response and remediation: When an anomalous event occurs and the application's behavior deviates from the known state, AppDefense responds to potential threats by triggering a response. The response is configurable, with responses ranging from a simple alert, to isolating the VM, to shutting it down completely. AppDefense includes an orchestration capability that can remediate threats in real time with no administrator oversight.
AppDefense Manager User Interface (UI)
When you log in to the AppDefense Manager, AppDefense Manager Home page appears. Click the AppDefense () icon and view the Home page. The left navigation pane displays alerts and provisioned or added scopes. Click the filter () icon and narrow down the search results.
|Alerts||Click Alerts and view the list of all alerts. Click the filter () icon on each column heading and narrow down search results in the table.|
|Settings icon||The Settings icon appears at the bottom of the left navigation pane. You can go to the following pages using the Settings icon.