You are here

How to mitigate against your IT monitoring software being hacked

Network Monitoring Hack

With the news breaking over the weekend of a large hack in the IT network monitoring world, we asked Rob May, VP of Engineering and Information Security at Opsview, for his thoughts:

"It's only suspected at this stage that the hack experienced by the SolarWinds Orion product is that of a nation state attack. These have been a growing threat for years, you only need to look back at WannaCry back in 2017 to see the wide hitting impact that these attacks can have on organizations and their customers.

"Malware enumerates accounts and systems when it infects a machine, so spreading to servers is expected. Servers are more consistently available on the network than workstations and infected systems need to be powered down quickly to mitigate the effect of the attack. Then you need to identify all backups and have them removed from the networks so the backups themselves don't get encrypted. Internal education continues to be the biggest protection against third party attacks. Phishing and other social engineering emails are one of the most common ways to gain access to internal systems so training staff not to click on unknown or malicious emails remains imperative.

"Another key point is to ensure that you are operating the latest product versions. All software vendors constantly run vulnerability scans and patch any vulnerabilities that are identified. If you are on an out-of-date version, there's a possibility you may have a security risk. In addition to performing vulnerability scans, most vendors will have penetration testing for new code. This is undertaken by an accredited third party. Opsview's penetration testing conforms to NCSC CHECK standard. Some engineering teams will also have peer review of code commits, another set of eyes for additional security. At Opsview, our engineering is on shore, we do not outsource our software development to third parties." 

If you're concerned about your current IT monitoring software, talk to your vendor or you can contact Opsview at sales@opsview.com.

Get unified insight into your IT operations with Opsview

hcarroll's picture
by Helen Carroll,
VP of Marketing
Helen joined Opsview in October 2018 as their VP of Marketing. She has nearly 20 years of IT marketing experience, having worked for the likes of Sun Microsystems, BMC Software and Pitney Bowes Software. Helen has a passion for integrated marketing, ensuring that the customer's business issues are fully understood. When not working, she loves to travel, but only to sunny climates.

More like this

Automation
Blog
By John Jainschigg, Technical Content Marketing Manager

/solutions/automationDevOps is about accelerating delivery of new products and services at scale, reliably and affordably. Doing this requires IT ...

Nagios vs the competion
Blog
By Opsview Team, Administrator

If you're a dissatisfied Nagios user who is ready to make the switch to Opsview, here is a guide on how to execute a migration that will result in...

New Basics Tutorials on Kubernetes.io
Blog
By John Jainschigg, Technical Content Marketing Manager

Kubernetes’ extraordinary resilience tends to change the emphasis of monitoring from alerting to resource and performance management.