Application, Security, and Vulnerability Monitoring
Azure Monitoring monitors the application, threshold, and event management through the alarming system for availability and troubleshooting. It applies to all the production applications, servers, core infrastructures systems components, OS, and network layer.
For more information, please see Azure Monitor overview.
Site24x7 is utilized for monitoring functionality of Privilege Management Cloud instances. Each hosted instance is associated with Site24x7 automatically during the build process. Health checks are performed periodically to ensure each instance is operating correctly. Instances that fail two consecutive health checks are then marked as down and an alert is triggered. Alerts are in the form of both email and notifications on the Site24x7 portal. Multiple geographic locations are utilized to ensure global availability.
ELK (Elasticsearch) Logging
Application level logs are sent to an ELK instance maintained by the cloud operations team within the Azure infrastructure. The purpose of the ELK system is to collect application level logs to aid in troubleshooting by the support teams. Logs are retained for up to 30 days and then overwritten. No customer data is stored as part of application level logging.
Security & Vulnerability Monitoring
BeyondTrust uses an agentless vulnerability management solution to provide full visibility across BeyondTrust’s cloud accounts and all resources within. The solution utilizes a side-scanning technique that ingests itself into the snapshot process, assesses the snapshot for security threats, and provides contextual data and alerting based on criticality. The solution alerts both in the native console and into the BeyondTrust SIEM for quick review and action.
The BeyondTrust SIEM also receives security logging from Azure Security center. This includes Ingress authentication logging to track who is accessing what and when from a user perspective, threat analytics to alert us to any questionable software being installed and third-party access detection to notify us if a bad actor is trying to access our environment.
All of the items listed above are alerted to the BeyondTrust InfoSec team, analyzed and actioned based on validity and criticality.