VMware's security product to emerge in Q3 as 'App Defence'
Project Goldilocks to whitelist VMs' expected behaviour and snuff 'em if they deviate
VMware's long-expected security product will emerge in Q3 under the name “App Defence”, according to senior veep and GM for networking security Jeff Jennings.
Virtzilla has pondered a security play since at least 2013 when NSX Daddy Martin Casado and RSA people started talking about how their respective disciplines - security and network virtualization - might usefully work together. The kernel of the idea that emerged was using hypervisors as a “Goldilocks zone” in which to enforce security controls, because it is isolated from both the end-point and the network.
In the years since, VMware has occasionally mentioned what came to be known as “Project Goldilocks” and in August 2016 VMware showed off working code. As we reported at the time, Goldilocks sees virtual machines issued “birth certificates” that detail the expected executables that will run inside it; network infrastructure the app will touch; the ports it will use to reach that network; and anything else that describes the expected and known safe state for that VM and the applications it runs.
If the VM deviates from those expected behaviours, VMware proposed either flagging it to sysadmins and/or snuffing them out with automation, then putting in place a clean clone VM to pick up the workload of the potentially-compromised VM. Doing so was advanced as a non-disruptive way to isolate potentially-infected VMs before they can do any damage.
VMware is now explaining these ideas to a wider audience at a global roadshow named “Evolve” at which it promises to “Transform Security.” At the Melbourne, Australia, edition of the event, VMware's Jeff Jennings spoke of software that “looks at the context of a virtual machine. We provision a virtual machine and we know what is in it. We are now able to monitor that VM to see does it behave as we expect it to too and if it doesn't, we can raise an alert to you and then based on that alert you can decide what you want to do with it.”
Which sounds a lot like Project Goldilocks. Jennings added, at about the 11:00 mark in the video below, that the idea he discussed “...is a product that will be coming out in Q3. The name of it will be called App Defence.”
According to Jennings, VMware is planning a three-pronged security offering. The first part is already in the market, in the form of its NSX network virtualization product and its ability to create “microsegments” - virtual networks spawned with restricted behaviours and tied to particular applications or VMs. Microsegments are a surprise hit and the dominant use for NSX.
Next comes the contextual analysis piece offered by Goldilocks/App Defence. Last comes automation, so that responses to potential or actual security incidents can happen faster than is often the case. VMware's vRealize Automation looks a likely fit for that part of the company's plans.
Jennings also showed the following slide, which The Register's virtualization desk reckons we'll all see more than once in coming months.
VMware's vision for a security architecture
Jennings didn't address how App Defence will be brought to market or bundled.
Here's how we think it could happen. NSX has become far easier to implement, but putting it to work is still a big effort. So perhaps VMware will bite the bullet and revive previously-abandoned plans to create a version of NSX just for micro-segmentation, which VMware could bundle with App Defence and vRealize to create a more accessible security suite.
This may appeal as a way to bring App Defence to the hordes of mid-range vSphere users who might like the idea of better security, but would struggle to swallow a full-blown NSX and vRealize implementation. A simple-to-adopt bundle would also add value to vSphere.
Alternatively, VMware could offer a less simple bundle and pursue its oft-used strategy of working with the big end of town.
Jennings's mention of a Q3 launch covers both VMworld USA and Europe in late August and mid-September respectively.
And one more thing: Citrix already has something that seems rather similar to App Defence in the form of its Hypervisor Introspection partnership with BitDefender. ?