Detect and monitor changes to host file configuration and privilege escalations
Detect changes to vSwitch and other network settings
Restore to a known and trusted state of operation after malicious or accidental changes
CimTrak examines critical core hypervisor configurations such as user/host access permissions, active directory realms, network settings, integrated 3rd party tools, and advanced user configurations. This gives organizations the ability to protect critical applications and ensure the security and continuity of operations.
CimTrak for Hypervisors/ESXi provides the fundamental capability of continuously monitoring and managing configurations for cloud and virtualized computing environments which is a critical component to meeting operational, security, and compliance requirements. CimTrak automates and simplifies the process of configuration management to ensure security and operational needs are met and aligned throughout the lifecycle of a provisioned host or guest machine. CimTrak also ensures that compliance requirements and regulatory mandates are continuously maintained and aligned with security best practices and hardening standards (CIS Benchmarks).
CimTrak will constantly audit and assess the virtualized environment for configuration and integrity drift and provide the necessary process/workflow to remediate any unwanted, unexpected, and unauthorized changes that would negatively impact the security, operational, or compliance posture of any virtualized product.
Active monitoring of VMware ESX hypervisor configurations is an important aspect in the process of IT security as well as overall best practices in an administrative environment. Many VMware ESX configuration monitoring products monitor the VMware hypervisor using VMware’s application programming interface. Unfortunately, tools utilizing this method are limited to capturing only information exposed by the VMware hypervisor.
CimTrak takes VMware ESX/ESXi monitoring to the next step by monitoring the configurations of the VMware Hypervisor directly at the source. CimTrak interfaces directly with VMware to securely capture actual configuration data files from the Hypervisor host. Capturing the actual configuration data files allows a complete analysis of the VMware Hypervisor and the host operating system running the Hypervisor. Additionally, CimTrak’s method of detection provides administrators the capability to manually roll back configurations using the authoritative copy of configurations stored within CimTrak’s Master Repository.
Impact: The threat actor is able to access all settings and configurations for the entire host which can affect your production.
Impact: When the threat actor deletes the virtual machines, those systems are gone forever and no longer accessible on the network and not doing their jobs.
Impact: When the threat actor changes the virtual network adapter configuration, this can cause the remaining virtual machines to no longer be on the network and no longer able to communicate.
Impact: When the threat actor changes the "COW.COWMaxHeapSizeMB" to 1MB, this causes virtual machines with snapshots to no longer start up, as their memory heap will be exhausted with such a low buffer.
Impact: When the threat actor creates a new virtual machine, this system could be used to do nefarious things like consume all host resources and cause downtime or maybe even to infiltrate and steal data from the network/users/systems now that they are on the "inside".