Agentless monitoring how we mitigate the risk
In our previous blog post titled "Agentless Monitoring: The Achilles Heel of Credentials," we discussed the challenges of monitoring remote hosts without the use of agents. One such challenge is the need to store credentials in order to authenticate with those hosts. In this blog post, we will delve deeper into this topic and explain how we handle passwords at InfraSonar.
At InfraSonar, we understand the risks associated with storing passwords and the importance of securing them. Therefore, we have implemented strict rules to mitigate these risks as much as possible. These rules are as follows:
Credentials for probes are encrypted and stored close to the process that needs them to perform the queries and are never allowed to leave the boundaries of the monitored environment. In practice, this means that credentials are stored on a monitor appliance in a customer's environment using a unique key for each customer. By storing credentials in proximity to the process that needs them, we reduce the risk of unauthorized access to those credentials. Additionally, by ensuring that the credentials never leave the monitored environment, we limit the potential attack surface.
Credentials for our services, which you can use to monitor internet-facing resources without the need for your own appliance, are encrypted and stored in an isolated environment with no ingress access. In this scenario each monitored environment also uses a unique encryption key that is in no way accessible by any outside process. Credentials are configured in a way that is both secure and intelligent, eliminating the risk of compromise.
In addition to these rules, we also follow strict security guidelines for setting up least privilege accounts. This means that we only grant the minimum level of access required for a process to perform its function. By doing so, we limit the potential damage that could be caused in the event of a breach.
We understand that security is of utmost importance to our customers, and we take it very seriously. Therefore, we continue to monitor the latest developments in security and adjust our practices accordingly. We hope that this blog post has shed some light on how we handle credentials at InfraSonar and has given you confidence in our ability to secure your data.