1 Introduction
Endpoint protection is becoming an increasingly important factor, when it comes to securing both end users and organizations. Viruses, worms and malware including ransomware are threatening client workstations and mobile devices of all kinds. Apart from that they are an increasing danger also to crucial server infrastructure both on-premises and in the cloud.
With the increasing digitization and the associated changes in corporate communications, more and more employees and defined, authorized external parties (such as business partners, consultants, prospects and customers) gain access to the network. On the one hand, this is made possible directly via the Internet via a large number of devices, software components and access paths. But also the classical access vectors, such as e-mail attachments or worms, which spread from one computer to another via their communication ports, are entry points for unwanted software and the source of undesirable behavior of systems in networks. Finally, despite many trainings and awareness-raising measures, social engineering and phishing are still one of the central access points for malicious actors and thus of unwanted software of all kinds on client and server systems.
Endpoint security is thus becoming an increasingly critical element for enterprise networks. As soon as attackers have crossed traditional network boundaries and the firewall and infiltrated a workstation or server through attack scenarios between phishing and malware, it is necessary that endpoint security systems take over the defense. A large number of manufacturers are investing heavily in implementing powerful methods to protect these systems and to increase the barrier to overcome in an attack.
Traditional application control is usually achieved by means of blacklists and whitelists and real-time monitoring technology operating in parallel on the protected systems. This ensures that only those applications that are considered safe are active on a system. Other aspects of endpoint security are covered by anti-malware solution, virus scanners and Data Leakage or Data Loss Protection (DLP) tools.
With the changing topology of enterprise networks, the integration of cloud infrastructures and the disappearance of the obvious network perimeter, it is becoming increasingly difficult to draw a clear boundary between the inside and outside of a network. The scope of the endpoints to be considered as part of an efficient corporate security strategy is thus constantly increasing, the task of protecting endpoints, detecting threats and adequately responding has become the daily challenge of security architects, operations teams, networks security operation centers and to some extent also the end user.
VMware is a US company listed on the NYSE, with EMC as the major shareholder. VMware is still primarily perceived as vendor of virtualization solutions. They provide large scale enterprise virtualization and cloud infrastructure solutions. Identity and Access Management, Access Governance and endpoint application delivery across devices and operating system paradigms have since been added to a growing portfolio aiming at positioning themselves as a one-stop-shop for cloud infrastructure, virtualized and software defined data centers, security and desktop application delivery.
The idea behind the concept of VMware AppDefense is a dramatic increase in security for virtualized endpoint systems, no matter whether they are client systems, server systems or other types of IT infrastructure. This is achieved by making endpoint security part of the virtualization infrastructure.
AppDefense acts as an integral part of the hypervisor, providing a comprehensive view of all the information that each guest operating system and its resources provide at runtime to the central administration component in virtualization. Unlike traditional endpoint security systems, AppDefense does not actively search for signs of known threats. Rather, the system understands how applications are supposed to work, what kind of behavior they should show at runtime, and monitors this behavior by watching for deviations that may indicate a threat.