Monitoring

Site24x7

Site24x7 is used to monitor the performance of Endpoint Privilege Management instances. During the build process, each hosted instance is linked to Site24x7 automatically. Regular health checks are conducted to guarantee every instance functions as expected. If a health check fails twice in a row, the instance is flagged as down and an alert is sent. Alerts come in the form of notifications on the Site24x7 dashboard and emails. Taking advantage of multiple geographical locations, global accessibility is ensured.

Logging

Application-level logs are sent to a dedicated Elasticsearch (ELK) instance maintained by the BeyondTrust Cloud Operations team within the Azure infrastructure. The purpose of the ELK system is to collect comprehensive application-level logs, which are then used by the support teams for troubleshooting purposes. Logs are retained for up to 30 days and then automatically overwritten.

Security and Vulnerability Monitoring

BeyondTrust provides an agentless vulnerability management solution for full visibility across the company's cloud accounts and resources. Using side-scanning, the solution ingests itself into the snapshot process. It assesses snapshots for security threats and gains contextual data and alerting based on criticality. BeyondTrust's solution creates alerts both in the native console and SIEM platform for easy review and action.

The BeyondTrust SIEM receives comprehensive security logging from Azure Security center, such as ingress authentication logging to track user access and activity, threat analytics to detect any suspicious software installations, and third-party access detection to alert BeyondTrust personnel to any potential malicious activities. All such incidents are automatically reported to the BeyondTrust InfoSec team for analysis and appropriate action taken based on the severity and relevance of the alert.