DSW recently setup their SPMA (Systems Performance Monitoring & Alerting) system for one of our customers and to be honest, they didn’t quite understand what they would get out of it. After the system was running for less than 1 week, it showed some strange peaks in CPU and network usage.
DSW investigated this which turned out to be a Brute Force attack on their system to try and hack their Administrator password. Their systems were safe as DSW had already advised the customer to disable the Administrator account and use another administrator account for their day to day admin work.
The graphs produced for the customer also included the uptime of the server which showed for this customer that the server had been running for over 200 days. DSW questioned this with the customer as it was a Windows server and we would have expected a monthly reboot for patching. This has highlighted an issue with the WSUS server at the hosting company.
What the customer learned with SPMA is that it will show them a normal profile for the standard system usage but will highlight unusual usage which should be investigated.