Whats New (October, 2019)

AppDefense announces a significant feature release with version 2.3.0. Most notably, we have expanded the capabilities of the

AppDefense Plugin in vCenter to include vulnerability assessment, OS integrity, and behavior analysis with Machine Learning.

That’s right, we’re bringing Machine Learning models on premise.

On the SaaS side, we release a slew of features that have been top customer asks, including severity-based process kill (using

the cloud to make prevention decisions), our first RBAC capabilities, and rebootless install/upgrade so that you can start

protecting your VMs without rebooting them.

Process Kill

AppDefense adds the ability to retroactively kill processes that the App Verification Cloud determines are untrusted. Instead of

blocking everything immediately, “process kill” enables customers to operate in a semi-restrictive state—preventing only

suspected bad behavior while allowing everything else to run. Select “kill process” from the dropdown list in the service rules.

Behavior Timestamps

With the “behavior timestamps” feature, AppDefense now reports on when a behavior was last executed within a service. This

allows customers to clean up old behaviors that an app no longer needs, as well as determine an app’s most recent executions.

The “last seen” field is exposed in the AppDefense Manager at the service card-level, as well as at the individual behavior-level.

Alert Classification Enhancements

AppDefense now lowers the severity of an alert based on its overall similarity to the existing allowed behaviors for that service.

This improvement allows the service behaviors to be more flexible and means less work for the operator.

AppDefense now also defines a list of known processes that warrant further investigation. Deviations from processes in this list

result in higher severity alerts.

SaaS User Roles

AppDefense now defines two user roles for the operation of the SaaS Manager—“Admin” and “Analyst.” Admins have

full privileges, including user configuration and remediation settings (block, suspend, kill, etc). Analyst is the default user

role and cannot change remediation settings. For a complete breakdown of responsibilities, consult the user guide.

Rebootless Install and Upgrade

The AppDefense guest module can now be upgraded without requiring a reboot. This is a major improvement in usability and

operationalization for the solution. This feature is available if your guest module is 2.2.1 or higher.

Domain Name Support for Allowed Behaviors

AppDefense can now create allowed behaviors based on DNS records, as opposed to IP addresses. This is a major improvement

in determining robust manifests for a service, resulting in fewer behaviors to monitor and fewer deviations from the manifest.

Severity-based Remediations

All remediation actions, except for block, now only get triggered by critical alerts. All other events (serious, minor, and info) will

simply alert. This enhancement should increase comfort with deploying remediation actions, as only the most critical deviations

will generate an action on the guest.

Support for NSX-T

AppDefense now supports integration with NSX-T for quarantine remediation. AppDefense will continue to support the existing

NSX-V integration.

Proxy Support

AppDefense adds SOCKS4 and SOCKS5 Proxy support for the AppDefense Appliance, in addition to the existing HTTP Proxy

support.

Health Monitoring for AppDefense Components

If a host or guest module becomes unreachable, AppDefense proactively collects host and guest logs for

immediate troubleshooting. This setting is available in the Appliance UI.

Upgrade Improvements

AppDefense announces a number of usability improvements to make appliance upgrades simpler and more seamless. One such

feature is the ability to automatically roll the appliance back to a stable state in case of failure. Automatic reversion increases

comfort with turning on “auto upgrade.” This feature is available in appliance versions 2.2.1 and onward when you partition an

additional 60GB of disk space for the automated snapshot.

Increased Scale Targets

Appliance scale targets are increased again to 250 Hosts and 3000 VMs (per vCenter).

Intelligent Wildcarding

With this release, AppDefense curates a list of process CLIs that have higher wildcarded thresholds. This feature gives users

greater control over key software in their environment.