My customer refuses to purchase NSX, but insists on solutions in the hypervisor for AV, Application Whitelisting, and whatever else they can get their hands on. Currently On-Prem, but will be moving to Azure next year.
My overarching question is: WIthout NSX, is AppDefense+CB Defense worth spending money on? Consider On-Prem, SaaS, and Cloud (Azure/AWS).
The Doc page has a lot of information, but there are gaps in information or there weren't answers.
I apologize for the litany of questions, but it's a new product and I want to make sure it will do what my customer expects it to do. Thanks everyone!
I know the CB Defense Connector uses threat reputation and can stop processes. My questions are:
- Can AppDefense+CB Defense run on vCenter alone?
- Can AppDefense+CB Defense run agentless without NSX?
- How effective is application whitelisting on an agentless endpoint?
- How does AppDefense+CB Defense handle unknown file reputations? Does it have self-approval?
- How does it handle Windows Patch Weekend? Windows Updater likes to spawn unsigned powershell scripts in different directories. Making it really hard to isolate to whitelist the process stream.
- Does it offer Memory Protection?
- Is there an inventory function?
- How effective is AppDefense+CB Defense agentless with NSX vs vCenter + Guest Module Agent?
- Does the AppDefense SaaS offering run agentless? Does it require NSX?
- How does the effectiveness/performance compare to other vendors such as Symantec EP, McAfee ENS/App Control, Trend Micro Deep Security?