How application performance management is used for security (sponsored)
Hackers are getting smarter and nimbler these days as evidenced by breaches that occurred at Target (2013), Michaels (2013), LinkedIn (2012), and the Sony PlayStation Network (2011). There are a number of solutions used to read application and system log files and correlate the data. One of the challenges with some of the tools used today is that they are designed to look for patterns of events. To find anomalies, it could take a lot of time. However, application performance management tools can help security professionals save time.
Application performance management tools can track the time of actions, where actions start, and where the actions land. The actions can start from the front-end of the website or through the database. Performance data is sampled on almost every query, which can be used for security purposes. The data contains the total time for an action and actual commands issued through each tier. This timing information could be used for showing unusual actions. Security professionals also need to know how applications are accessed and what is access down the processing path. This is because most hackers try to get somewhere else from the entry point. For example, hackers may enter from a vulnerable point and attempt to penetrate a credit card database. A pivot attacker enters a web server on a corporate network and then uses the compromised web server to attack other systems.
Sometimes attacks in an application can change performance timings. The attack can slow down applications or speed it up. SQL injection attacks cause databases to query more than it should or timeout. Sometimes hackers insert malware that latches onto application and calls back to a command center on foreign servers, usually in a different country.
There are a number of procedures that New Relic uses to protect your information from unauthorized users. New Relic reviews performance metrics from applications and systems and uploads the metrics to the New Relic backend. Application performance information is presented through a secure website.
From there, New Relic lets users run applications in a data center, cloud, or hybrid environments. The New Relic agent is installed in applications and/or servers. Performance metrics are sent to the New Relic service. The New Relic service aggregates and stores performance data in a Type 2 SSAE 16 SOC 1 certified data center. New Relic collects performance data for the applications and servers where the New Relic agent is installed only. This includes the time measurements for application transactions and web page loading. New Relic does not collect data used or stored by a monitored application — if a monitored application collects and stores credit card information, New Relic does not store it.
What New Relic collects is: application request activity, database query activities, activity views, requests that case errors, memory processes, and CPU usage. The aggregate metric data summarizes calls to specific methods in an application and how many times each one was called. It also shows various response time statistics (average, minimum, maximum, and standard deviation). New Relic displays the class and method names along with aggregated metrics. New Relic Pro customers can have the application monitoring agency review application errors and transaction traces. The safeguards that New Relic offer brings your business to the right level of security.
This article was sponsored through a partnership between Pulse 2.0 and New Relic For Mobile. If you are interested in a partnership series with Pulse 2.0, please contact Amit Chowdhry or Shan Sadiq at firstname.lastname@example.org.This article was written by Amit Chowdhry. You can follow me at @amitchowdhry or on Google+ at +AmitChowdhry