Press Releases

5 Starting Steps to Protect Your Virtual and Cloud Environments

More and more is coming out about the attack from a MacDonald’s that left an organization crippled for a bit of time. The final tally was that the recently fired employee was able to delete 15 VMs before either being caught or he gave up. On twitter, it was commented that the administrator must not have been a powershell programmer because in the time it takes to delete 15 VMs by hand, a powershell script could have removed 100s. Or perhaps the ‘Bad Actor’ was trying to not be discovered. In either case, this has prompted discussions across the twitter-sphere, blog-sphere, and within organizations about how to secure from such attacks.

To help with these discussions I will reiterate some of the discussions I have had and how you can protect your data from such an attack in the future. Some of these will come out at the VMworld Session: SEC2284 Securing Government Virtual Environments: Part II (Twitter hashtag: #SEC2284)

Continually monitor your system. Employ tools that will look at your system for configuration changes and major changes every 5 minutes or less. Be sure to respond to any and all alerts. A simple monitor of whether or not a crucial node still exists and is running should be part of any such monitoring tool. There are hundreds of tools, but not all understand the virtual environment, so I would look at tools like Zenoss.