AppNeta uses the latest industry-standard methods of security. We make sure that data transfer and data storage are completely secure. Our products take security into account from start to finish.
These built-in capabilities add to the security of the AppNeta platform:
- Monitoring Points that have been in a Connection Lost state for 365 days and do not have an active license are removed.
- Delivery data from continuous monitoring, diagnostics, voice and video tests are kept for 365 days.
- Path route history is retained for 90 days.
- Experience milestone details are kept for 45 days. Older tests will contain transaction performance and details only.
- Usage data is kept for 90 days with no limit on data size.
- Usage packet captures are kept for 365 days (subject to size limits).
AppNeta Performance Manager is hosted on AWS. We use industry-accepted best practices to secure this installation, including Amazon security groups, firewalled ports, SSH-key based machine logins and key rotation. Data access is restricted solely to AppNeta employees, all of whom are under strict confidentiality agreements. Only key engineers may access production data, and then only as a last resort for debugging data-related issues. In addition, support engineers may access your web console to provide guidance as a result of specific incidents or requests.
AppNeta uses standard encryption practices to make sure that the information in your packet captures is securely transmitted and stored.
Captures are uploaded to the capture server via SSL, where they remain in encrypted form (AES-256). The symmetric key used for encryption is based on a per-appliance, user-defined passphrase, which you set in the web admin. The passphrase is stored on the appliance in a hashed form (SHA-1).
Captures must be decrypted using the symmetric key created from the passphrase. You are prompted for a passphrase once per appliance per login session; the passphrase is cached only for the duration of the login session. The actual download is via SSL.
As part of appliance decommissioning, the web admin clears the passphrase and packet captures that have not yet been uploaded. If the appliance is no longer being used for packet captures, but you aren't decommissioning it, a separate “clear passphrase” function is available.
The sequencer is the process that continuously monitors network performance. It does this by periodically sending out bursts of ICMP packets with a precise inter-packet gap, and then timing the response to each of those packets. Several measurements are taken directly, like latency and jitter, while other measurements are inferred, like total capacity. Timing data is sent back to AppNeta via HTTPS; software packages are downloaded from the upgrade repository via SSL.
The AppNeta Performance Manager measures application performance via multiple instrumentation modes, all of which comply with security and privacy standards including HIPAA and PCI-DSS.
One AppNeta method, delivery network instrumentation, is an active network performance measurement method, which operates by sending and receiving internally generated measurement traffic. No customer device or application data is used in this method of network performance monitoring.
Our user experience monitoring functionality uses a web synthetics technique, where web transactions are executed by AppNeta Monitoring Points. Customers have full control over all actions taken in the synthetic scripts, and no pages or data outside of those explicitly defined in the script will be accessed. When monitoring applications containing PII, AppNeta best practices require customers to use sample or test records for measurement instead of a real user account.
AppNeta’s usage analysis performs deep packet inspection on network traffic to identify the applications in use on the network. This includes the capability to perform packet capture. All packet captures are encrypted in memory on the Monitoring Point with a FIPS 140-2 and PCI-DSS compliant encryption algorithm (AES-256) to ensure data encryption in transit and at rest. The passphrase for this encryption is set by the customer on the Monitoring Point, and is never shared with AppNeta.
Usage monitoring does support optional Active Directory integration for user resolution in the application. If that’s enabled, PII could be logged and passed through secure channels to our cloud platform. This capability is 100% optional, and can be enabled or disabled on a per-Monitoring Point basis.
All communications of any kind from the Monitoring Point up to the AppNeta Cloud Platform or a private deployment are encrypted by default with the AppNeta Performance Manager. This includes data for the product user interface and for the API.
Customers can optionally choose to use our private cloud deployment, which places our technology platform within your network instead of hosting your data within AppNeta’s cloud.