Hidden Threats of Powered Off VMs

The “WannaCry” ransomware worm made news over last weekend and this week as well, sending IT professionals rushing to apply patches that they should have applied months ago. The lax habit of not keeping patches up-to-date came back to bite many of those who left a hole in data center defenses.

Looking into the data center often points to OS instances that may need to be patched, but many VMs are turned off and may not get the required patch. These may become the potential source for future spreads of malware and security threats when they are powered back on. Knowing the OS inventory, and the editions deployed, is critical to the IT professional. VMware offers some quick solutions for this problem with network fencing, isolation, and the ability to scan powered-off VMs. However, if you are prepared for these means of resolution, you are most likely also prepared for managing the threat before it begins.

If you follow VMware’s best practices around network security and isolation, you already use micro-segmentation. But VMs that cross boundaries or have threatened ports open should be assessed. This is your first job—but how do you handle those parts of the infrastructure that are no longer powered on?

Powered off VMs will remain an issue in the data center. Patching the workloads will require you to power up or manage the base images. Take the time, run a report on all the VMs which are currently powered off, and move them to an isolated network before you start your patch process.

While all Microsoft OS editions are on the targeted list, you can do your part by patching guests and hosts, staying on top of anti-malware/anti-virus software, backing up, and managing the virtual network according to best practices.