Security

    What you are going to learn:

  • The details on security measures at Okbio

At Obkio, security and privacy are very important to us, and we incorporate security mechanisms at every step of our development and operation processes in order to ensure that our solution is protected against the various types of attacks and vulnerabilities. This article will go through a list of topics related to security and privacy to help IT security teams assess Obkio's solutions.

Monitoring Agent Communications
Monitoring Agent Communications

The Obkio Monitoring Agent is installed either as a software or hardware appliance (learn more on Agent Types). A monitoring agent is like an end-user in your network that is continuously measuring application and network performance. The monitoring agents must be able to communicate with:

A detailed list of ports and urls to open is available at Firewall Configurations. As explained in the article, a list of IP to whitelist is not available.

It is possible to configure an ACL on the switch port on which the agent is connected in order to restrict the traffic flows of the monitoring agents.

Monitoring Agent Automatic Updates
Monitoring Agent Automatic Updates

The agent’s software is updated automatically whenever a new update is available, ensuring that the latest security patches are always applied. No action is required by the users.

Multi-Factor Authentification
Multi-Factor Authentification

MFA/2FA is available to all users on all Subscription Plans. When enabled, the MFA code is always required to login to the App.

Allowed IPs
Allowed IPs

IP restriction can be used to allow only a subset of public IP addresses to interact with Obkio App and API. The list of allowed IPs can be set by the user by going to the Organization settings (Menu -> Company Name), clicking on Change Organization's Advanced Parameters, inserting the list of public IP addresses, separated by a coma ,, under Allowed IPs and clicking on Save.

No Packet Capture
No Packet Capture

To measure network and application performances, there are two types of solutions on the market. Some companies perfer to capture real traffic to analyze it. At Obkio, for the sake of simplicity, security and privacy, we decided to work with synthetic traffic. This means that the Obkio Monitoring Agents send their own traffic to measure the performance. Obkio's solutions don't capture any real user traffic.

Data Encryption
Data Encryption

Our data is securely encrypted both at rest (when stored on disk) and in transit (during communications).

Cloud Infrastructure
Cloud Infrastructure

The Obkio production infrastructure is hosted at Amazon Web Services (AWS) in the Northern Virginia (us-east-1) region across multiple availability zones. Each service runs in its own containerized environment with restricted access to only the required resources and information. The deployment of new releases and software patches are done through our secure continuous integration process.

Hardware Agent Operating System
Hardware Agent Operating System

For the hardware and virtual appliances, we use the BalenaOS operating system in order to simplify our application deployments and to ensure that the OS is always secure and up-to-date. In order to perform device maintenance, we set up an OpenVPN tunnel to the device on BalenaCloud, which gives a few select people from Obkio SSH access to the device. This SSH access is used for troubleshooting and maintenance only. If OpenVPN is blocked by the firewall, the Obkio solution will work correctly but no OS updates will be available and the Support Team will not be able to troubleshoot the hardware and virtual appliances.