Most folks understand that applications and databases are only as secure as the operating system they run on. But there seems to be less awareness that operating systems are only as secure as the virtualization infrastructure they run on.
If your organization uses VMWare you need to be monitoring security events from both vCenter and the actual ESXi hyper visor hosts. Leave out either one and you will be blind to crucial security events.
In this real training for free ™ webinar I'll show you how to enable audit logging for ESXi hosts as well as the vCenter servers which control them. I'll show you what the logs look like and the challenges in collecting, archiving, monitoring and reporting on VMWare audit events.
I'll identify what types of security activity comes from vCenter. Things like:
- Permission and role changes
- vCenter security configuration changes
- Copy and downloads of virtual disks
- Brute force attacks against the vCenter directory
And I'll show you other security events you can only get by monitoring the syslog feeds of ESXi hosts such as:
- Attempts to bypass vCenter authentication and authorization policies and access ESXi hosts directly
- Attempts to bruteforce the root account on ESXi
- Host level security configuration changes
While VMWare does a good job of recording security events, additional tools are needed to gain visibility into and analyze VMWare audit logs and to alert you when important security events occur. EventTracker is kindly sponsoring this real training for free ™ event and I will be using their EventTracker SIEM solution during my demonstrations of how to analyze the VMWare audit logs and what you should be monitoring.