Kubernetes’ extraordinary resilience tends to change the emphasis of monitoring from alerting to resource and performance management.
You are here
How to mitigate against your IT monitoring software being hacked
With the news breaking over the weekend of a large hack in the IT network monitoring world, we asked Rob May, VP of Engineering and Information Security at Opsview, for his thoughts:
"It's only suspected at this stage that the hack experienced by the SolarWinds Orion product is that of a nation state attack. These have been a growing threat for years, you only need to look back at WannaCry back in 2017 to see the wide hitting impact that these attacks can have on organizations and their customers.
"Malware enumerates accounts and systems when it infects a machine, so spreading to servers is expected. Servers are more consistently available on the network than workstations and infected systems need to be powered down quickly to mitigate the effect of the attack. Then you need to identify all backups and have them removed from the networks so the backups themselves don't get encrypted. Internal education continues to be the biggest protection against third party attacks. Phishing and other social engineering emails are one of the most common ways to gain access to internal systems so training staff not to click on unknown or malicious emails remains imperative.
"Another key point is to ensure that you are operating the latest product versions. All software vendors constantly run vulnerability scans and patch any vulnerabilities that are identified. If you are on an out-of-date version, there's a possibility you may have a security risk. In addition to performing vulnerability scans, most vendors will have penetration testing for new code. This is undertaken by an accredited third party. Opsview's penetration testing conforms to NCSC CHECK standard. Some engineering teams will also have peer review of code commits, another set of eyes for additional security. At Opsview, our engineering is on shore, we do not outsource our software development to third parties."
More like this
Here are three reasons why sysadmins should implement 'Read Only Fridays' and avoid making large-scale changes at the end of the week.
If you're a dissatisfied Nagios user who is ready to make the switch to Opsview, here is a guide on how to execute a migration that will result in...