Foglight 6.0.0 - Security and Compliance Guide

Customer data protection on appliances

The following measures are implemented to protect access to customer data:

Restricted access to sensitive captured data

Appliances can be configured to hide, mask, or discard (not store) sensitive data found in hit details and in the body of HTML pages.

IMPORTANT: There is a special Foglight user role, called APM Sensitive Data Viewer, that allows users to view sensitive data in views and replay. Customers can restrict users with this role from viewing some types of sensitive data by selecting the Always Sensitive option when defining a sensitive data rule.

IMPORTANT: Applying sensitive data rules at capture time can degrade capture performance significantly.

Foglight® implements its sensitive data rules using two types of user-defined rules: Sensitive Hit Details and Sensitive Content Expression. Sensitive hit details refer to private information, such as login names and passwords, that are contained within request fields, request headers, response headers, and cookies. Sensitive content refers to private information located in the body of HTML pages, such as credit card numbers, social security numbers (or other government identification numbers), and passwords. When defining the rules, customers identify the sensitive data, specify whether the data is hidden or masked, and specify whether the data should be considered Always Sensitive. For more information, see the “Managing Security Policies” topics in the Foglight APM Administration and Configuration Guide.

When customers want to discard sensitive data before storing a hit in the Archiver, they define the sensitive data rules and define a hit analyzer with a Do not store storage policy set. The policy determines whether the entire hit is discarded or only the details or content marked Always Sensitive. For each hit that matches the hit analyzer condition, Foglight evaluates the sensitive data rules and applies the storage policy. For more information, see “Defining Hit Storage Restrictions for Hit Analyzers” in the Foglight APM Administration and Configuration Guide.

Secure data storage in the Archiver database

Content, metrics, and other details captured from the monitored Web traffic are stored in a distributed Archiver database. The port through which the database is accessed is not open, and no tools that would allow access to this data are available to non-root appliance users. The only way to access the data is through controlled queries from the APM > Search dashboards.

By default, captured data is stored until an Archiver determines that it needs more space. The Archiver deletes the oldest data in the system to make room for new data. However, customers who require that data be stored for a limited time can configure the Archivers to remove data based on a maximum retention duration setting (for example, 48 hours or one week).

If customers need to decommission an appliance, they have the option to reset its database and verify that data is securely deleted before withdrawing the appliance from active service. For detailed instructions about purging the appliance database, see the Foglight® APM Administration and Configuration Guide.

Secure data transfer between software components

Some top-level APM dashboards require that metrics and details be sent from the Archiver database to the Foglight database repository at regular intervals. This data is encrypted before being sent. For more information, see Layer 4: Apache Tomcat server configuration.

For the capture subnet, data is sent in the clear from a Sniffer component to an Archiver component through a custom-built TCP protocol over the dedicated port 7623. When these components are located on separate physical appliances, isolate the capture subnet using a crossover cable or a dedicated private switch. For virtual appliances, use a separate virtual capture network to keep this traffic from being generally available to all virtual machines in the customer’s environment.