VMware

Long list of questions. Thanks everyone! Punch line is: AppDefense+CB Defense without NSX? Agent vs Agentless?

One of my customers is displacing their current vendor and is seeking a new solution. They refuse to purchase NSX due to cost, but insists on solutions in the hypervisor for AV, Application Whitelisting, and whatever else they can get their hands on. Currently On-Prem, but will be moving to Azure next year.

My current mission is to gather all the data I can to either get them to buy NSX or use a mature solution such as Symantec, McAfee, or Trend Micro.

My overarching question is: Without NSX, is AppDefense+CB Defense worth spending money on? Consider On-Prem, SaaS, and Cloud (Azure/AWS).
I know it’s a lot, so I hope y’all don’t rattle me too much for asking a litany of questions 🙂

The Doc page has a lot of information, but there are gaps in information or there weren’t answers.
I apologize for the litany of questions, but it’s a new product and I want to make sure it will do what my customer expects it to do. Thanks everyone!
I know the CB Defense Connector uses threat reputation and can stop processes. My questions are:

* Can AppDefense+CB Defense run on vCenter alone? 
* Can AppDefense+CB Defense run agentless without NSX?
* How effective is application whitelisting on an agentless endpoint?
* How does AppDefense+CB Defense handle unknown file reputations? Does it have self-approval?
* How does it handle Windows Patch Weekend? Windows Updater likes to spawn unsigned powershell scripts in different directories. Making it really hard to isolate to whitelist the process stream.
* Does it offer Memory Protection? 
* Is there an inventory function? 
* How effective is AppDefense+CB Defense agentless with NSX vs vCenter + Guest Module Agent? 
* Does the AppDefense SaaS offering run agentless? Does it require NSX?
* How does the effectiveness/performance compare to other vendors such as Symantec EP, McAfee ENS/App Control, Trend Micro Deep Security? 


View Reddit by distantgeekView Source

Related Articles

3 Comments

  1. No matter what they chose they will be vulnerable to fileless atracks if they don’t have agent in the vms. Hypervisor only Solution can only scan disk, not memory. My guess that their concern is performance right, scan storms, etc? Deep security will be the most powerful and the most efficient due to being dedicated server solution and having HIPS and application control.

    PS nothing can run agentless without NSX, the host requires guest introspection drivers for agentless and they only are available if NSX manager is setup. Also basic/standatrt? NSX is free I believe for anti-malware capabilities.

  2. take a look at fortinet and sophos solutions; even without nsx you can protect vm networks and what runs inside vm’s in several ways with a bit of creativity in the design and also automate reactions for various events

    It takes more work to get it done properly and a lower budget

Leave a Reply

Your email address will not be published. Required fields are marked *

Close