April 10-12 | Austin, TX
See how Zenoss fits into your IT ecosystem.
Start MAPPING NOW
Learn how Huntington consolidated from 37 tools to a single monitoring solution.
Customer Support Portal
Zenoss & Cisco: Changing IT with service assurance for hybrid data centers.
Zenoss Partner Portal
Become a Partner
BBC Success Story
The BBC chose Zenoss for three key reasons: scalability, flexibility and value for money.
Zenoss provides complete visibility into physical, virtual, cloud and converged environments.
Request a Demo
More and more is coming out about the attack from a MacDonald’s that left an organization crippled for a bit of time. The final tally was that the recently fired employee was able to delete 15 VMs before either being caught or he gave up. On twitter, it was commented that the administrator must not have been a powershell programmer because in the time it takes to delete 15 VMs by hand, a powershell script could have removed 100s. Or perhaps the ‘Bad Actor’ was trying to not be discovered. In either case, this has prompted discussions across the twitter-sphere, blog-sphere, and within organizations about how to secure from such attacks.
To help with these discussions I will reiterate some of the discussions I have had and how you can protect your data from such an attack in the future. Some of these will come out at the VMworld Session: SEC2284 Securing Government Virtual Environments: Part II (Twitter hashtag: #SEC2284)
Continually monitor your system. Employ tools that will look at your system for configuration changes and major changes every 5 minutes or less. Be sure to respond to any and all alerts. A simple monitor of whether or not a crucial node still exists and is running should be part of any such monitoring tool. There are hundreds of tools, but not all understand the virtual environment, so I would look at tools like Zenoss.