CimTrak for Hypervisors

Monitoring Hypervisors with CimTrak

Dashboard RESTORE MODE

WHAT WE MONITOR

Key Features of CimTrak for
Hypervisors/ESXi

  • Detect and monitor changes to host file configuration and privilege escalations

  • Detect changes to vSwitch and other network settings

  • Restore to a known and trusted state of operation after malicious or accidental changes

Security and Compliance for Hypervisors

CimTrak examines critical core hypervisor configurations such as user/host access permissions, active directory realms, network settings, integrated 3rd party tools, and advanced user configurations. This gives organizations the ability to protect critical applications and ensure the security and continuity of operations. 

Managing Configurations

CimTrak for Hypervisors/ESXi provides the fundamental capability of continuously monitoring and managing configurations for cloud and virtualized computing environments which is a critical component to meeting operational, security, and compliance requirements. CimTrak automates and simplifies the process of configuration management to ensure security and operational needs are met and aligned throughout the lifecycle of a provisioned host or guest machine. CimTrak also ensures that compliance requirements and regulatory mandates are continuously maintained and aligned with security best practices and hardening standards (CIS Benchmarks).

CimTrak will constantly audit and assess the virtualized environment for configuration and integrity drift and provide the necessary process/workflow to remediate any unwanted, unexpected, and unauthorized changes that would negatively impact the security, operational, or compliance posture of any virtualized product.

Take VMware ESX/ESXi Monitoring to the Next Level

Active monitoring of VMware ESX hypervisor configurations is an important aspect in the process of IT security as well as overall best practices in an administrative environment. Many VMware ESX configuration monitoring products monitor the VMware hypervisor using VMware’s application programming interface. Unfortunately, tools utilizing this method are limited to capturing only information exposed by the VMware hypervisor.

CimTrak takes VMware ESX/ESXi monitoring to the next step by monitoring the configurations of the VMware Hypervisor directly at the source. CimTrak interfaces directly with VMware to securely capture actual configuration data files from the Hypervisor host. Capturing the actual configuration data files allows a complete analysis of the VMware Hypervisor and the host operating system running the Hypervisor. Additionally, CimTrak’s method of detection provides administrators the capability to manually roll back configurations using the authoritative copy of configurations stored within CimTrak’s Master Repository.

A few examples of how traditional security tools would not detect or identify a problem resulting from malicious change(s) to Hypervisors/ESXi hosts:

Action: The threat actor gains access to a compromised root account of a production ESXi host.

Impact: The threat actor is able to access all settings and configurations for the entire host which can affect your production. 

Action: The threat actor logs into vSphere Web Console and powers off and deletes multiple production virtual machines.

Impact: When the threat actor deletes the virtual machines, those systems are gone forever and no longer accessible on the network and not doing their jobs. 

Action: The threat actor changes the virtual network adapter configuration.

Impact: When the threat actor changes the virtual network adapter configuration, this can cause the remaining virtual machines to no longer be on the network and no longer able to communicate. 

Action: The threat actor changes the setting "COW.COWMaxHeapSizeMB" to 1MB.

Impact: When the threat actor changes the "COW.COWMaxHeapSizeMB" to 1MB, this causes virtual machines with snapshots to no longer start up, as their memory heap will be exhausted with such a low buffer. 

Action: The threat actor creates a new virtual machine.

Impact: When the threat actor creates a new virtual machine, this system could be used to do nefarious things like consume all host resources and cause downtime or maybe even to infiltrate and steal data from the network/users/systems now that they are on the "inside".

Try the most powerful file integrity monitoring solution.

Discover why companies like Zoom, NASA and US Air Force prevent cyberattacks with CimTrak.

Request a Customized Demo
Download Technical Summary
nasa|zoom|usaf