VMware AppDefense | February 2019
What's New (February, 2019)
Release Overview
This release of the AppDefense service provides allowed behavior and alert management enhancements. With this release, AppDefense introduces a completely new Scope Dashboard which summarizes application events with easy-tounderstand, real-time data visuals. Last but not least, we made security operations and behavior management significantly easier by automatically adjusting allowed behaviors. These new capabilities further ease security operation and allow user to make informed decisions based on real-time results and data points.
Scope Level Dashboard
With this release, AppDefense has introduced the newly designed scope level dashboard, providing a real-time snapshot of your application scopes. The visual information allows users to see the protection status of your applications, understand quickly if there are any behaviors that need addressing, and also provides an overview of the security validation checks that AppDefense has performed. It simplifies application-specific summaries into the following 4 sections:
- Process burndown chart: The process summary info in a graphical representation
- Process reputation: Summary of the process reputation information from various sources.
- Behavior risk analysis: Behavior risk analysis summary based on machine learning.
- Integrity check status: Integrity status summary to show the overall health of the Org.
Adaptive Allowed Behavior
AppDefense has added the ability to adjust allowed behavior automatically by adapting to security events that have been classified as normal by the AppDefense Verification Engine. This ability to automatically de-classify alerts and dynamically adjust the allowed behavior tremendously reduces ongoing operational tasks and improves operational efficiency.
Monitoring Events
AppDefense adds the Monitoring Event support to distinguish observed deviation from malicious behaviors which are categorized as critical alerts. Monitoring Events will be classified by AppDefense Verification Engine into three severities: Serious, Minor, and Info. Separating Monitoring Events further increases operational efficiency by allowing customers to focus on the alerts that matter the most.
Usage Counters Improvement
This release also improves usability by adding the following usage counters:
- Allowed Behavior count for each service
- Connection Count for each process
With these usage counters, users can easily evaluate the health of the application and have a glance at how many allowed behaviors and connections are protected and monitored by AppDefense.
