SAN FRANCISCO — VMware AppDefense now secures containerized workloads, and it added an integration with Aqua Security — two moves that show VMware is charging ahead when it comes to containers and cybersecurity.
The company first launched its security product at last summer’s VMworld conference. It initially supported applications running on vSphere-based virtualized and cloud environments. Today at the RSA Conference 2018, VMware announced the product added container security for Kubernetes, Docker, RedHat OpenShift, and Pivotal Container Service (PKS) workloads running across virtual machines (VMs), bare metal servers, and cloud platforms.
AppDefense protects workloads by monitoring them against their intended state. It leverages the hypervisor to monitor runtime behavior and uses machine learning to detect attempts to manipulate applications.
“One of the things we’ve heard when we talk to our customers is they are looking for this approach to be applied more broadly, not just across VMs but other environments,” said Chris Corde, senior director of security product management at VMware. “Containers has been a pretty constant theme.”
AppDefense connects into native runtime environments like Kubernetes or Docker, which allows it to understand the container’s intended state.
“For the enforcement of runtime container behavior — how do we stop a container from doing something it shouldn’t be doing — we allow our partner ecosystem to hook into AppDefense,” Corde said.
AppDefense doesn’t run directly in these container platforms; instead it exposes an API to accept workload context from container orchestration systems. This also configure rules that are enforced by container security vendors running within the runtime environment.
“Our partners can be orchestrated by the AppDefense policy, and they can send you alerts when they see AppDefense being violated,” Corde explained.
Container Security Partners
Aqua Security is the first container security partner. The company provides runtime assurance for containers and will send container context — called “runtime profiles” — to AppDefense. It supports container stacks from Docker, Kubernetes, Mesos, CoreOS, Microsoft, Red Hat, and VMware for both on-premises deployments as well as on Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform, and other public clouds.
Aqua will also feed enforcement alerts into the AppDefense console for management and remediation. This integration will be generally available to AppDefense customers in VMware’s second quarter of fiscal 2019.
The company plans to add additional container security partners soon. “We are going to open this up to vendors like Twistlock and others in the container security space shortly after, and for our own environments like PKS we will offer native support,” Corde said.
AppDefense Expands to Europe
VMware also announced AppDefense will be available to customers in Europe via European-based data centers beginning in fiscal Q2. This includes data centers in the U.K. and mainland Europe.
In addition to its soon-to-be-built-out container security ecosystem, AppDefense already integrated with a number of endpoint security, security information and event management (SIEM), and security operations center (SOC) analytics products. These include IBM Security, RSA, Carbon Black, SecureWorks, and Puppet.
In December, VMware and Carbon Black co-developed a new security product that automates threat detection and remediation by combining AppDefense with Carbon Black’s Cb Defense.