search
BOOK A DEMOLogin

Security and Data Protection

AimBetter is committed to the security of our customers’ data and the safety of the whole environment.

AimBetter’s services provide our customers with information about the performance of their applications and systems. Our specialized on-site agent collects data, consolidates, and transmits it over secure channels into our proprietary servers.

How we are Secure-by-Design

Single Installation

  • Installation in only one of the Company’s servers
  • This server is called the Agent Server
  • A Windows service is created: the AimBetter Agent
  • This service user has restricted READ-ONLY permissions

Minimal permissions

  • The Agent service user has minimal permissions
  • Data collected: Metadata, Statistics, and Performance metrics (no access to Database content, cannot select/update/delete)
  • One-way transmission: Data is pushed out with no VPN
  • Proxy configuration possibility

Secure transmission

  • No back transmission
  • The Data is compressed, encrypted, and sent via secure SSL Protocol TLS 1.2.
  • Our domain is Cloudfare protected
  • Option to restrict parameters transmission

Secure user access

  • Login blocked after 5 failed login attempts
  • Two-factor authentication (2FA)
  • IP restricted
  • Session protected
1

Single Installation

  • Installation in only one of the Company’s servers
  • This server is called the Agent Server
  • A Windows service is created: the AimBetter Agent
  • This service user has restricted READ-ONLY permissions
2

Minimal permissions

  • The Agent service user has minimal permissions
  • Data collected: Metadata, Statistics, and Performance metrics (no access to Database content, cannot select/update/delete)
  • One-way transmission: Data is pushed out with no VPN
  • Proxy configuration possibility
3

Secure transmission

  • No back transmission
  • The Data is compressed, encrypted, and sent via secure SSL Protocol TLS 1.2.
  • Our domain is Cloudfare protected
  • Option to restrict parameters transmission
4

Secure user access

  • Login blocked after 5 failed login attempts
  • Two-factor authentication (2FA)
  • IP restricted
  • Session protected

AimBetter acts strictly as an observer – it cannot change anything!!

As part of our commitment to the security of our customer’s data and the safety of the whole environment, we use a variety of leading-edge security technologies and procedures to help protect your information from unauthorized access, use, or disclosure.

    • AimBetter’s role is to observe activity on designated servers. It cannot update data or interfere with normal operations in any way.
    • The Agent, when installed, has restricted functionality by design and authority, allowing only observation of executing procedures and metrics. It cannot change anything.
    • Data movement happens in an encrypted format to the AimBetter Data center via secure ports using standard high-security protocols.
    • AimBetter Data Center operates on Tier-3 standard, equivalent to banking and insurance. Data is fully secured both physically and logically.
    • User access to the results of the AimBetter monitoring process is restricted to users with credentials, and can further be limited to specific IP addresses.

Our Solution Architecture

Data can only flow in one direction – there is no possibility of feedback into or interference with the customer’s domain.

Click here for more details about the above diagram
  • The Agent is installed on one of the customer’s servers to monitor servers in a local data center, cloud, or hybrid environment.
  • Our Agent collects and transmits monitored data to our remote servers via secure SSL-encrypted channels.
  • AimBetter servers aggregate and analyze the server performance information and data in our secure Datacenter.
  • The resulting server performance reporting is made available via AimBetter’s password-protected website.
  • The only data the AimBetter Agent collects is about the performance metrics and Database architecture – no access to the Database content.

 

Unique AimBetter Security Features

As illustrated in the graphic, there are three primary areas in which the AimBetter product operates. We have introduced specific and unique procedures and technologies inside these, as well as in the movement of data. Combined, these produce an impenetrable shield around the whole operation, guaranteeing the integrity and privacy of your data and the safety of your own IT process.

Customer domain – AimBetter agent

The installation of the agent requires the creation of a specific user inside the customer’s own domain. This user has strictly limited access – cannot query/change/drop/create any table or object data on monitored servers.
AimBetter user itself needs only access to its program folder and specific permission on the single-host server. The script that creates this user grants specifically restrictive rights (VIEW) on the database and the server. As well, the roles allocated are reader-only. This user cannot make any changes to data or infrastructure. You can check our instructions to create a user with minimal permissions for Windows, Linux, MSSQL, Oracle, and Amazon RDS.

Movement of data

AimBetter monitor pushes information out in a one-way stream from the agent. As a further level of security, there is the option to block inward requests. All data is compressed and encrypted, then transmitted via SSL-secured ports through our firewall into our secured data center.

Third-party access

By lifting the monitoring results into our own cloud, AimBetter provides another level of security. Third-party service providers such as programmers and consultants can also access the information without having to be given access to the customer’s domain.

What We Deliver

We provide full coverage of the following areas:

  • Application Security
  • Infrastructure & Network Security
  • GDPR Compliance
  • Data Privacy
  • Access Security
  • Our employees are required to attend security awareness training and are informed of their security responsibilities.

Data Collection

AimBetter only monitors performance for the applications and/or servers of the custom database environment specified during the installation of the AimBetter agent. Generally, the monitor collects metadata that includes aggregate time measurements for server resource utilization statistics, server error logs, SQL server resources, SQL server queries statistics and SQL errors.
AimBetter agent processes:

  • Database query activity.
  • Database utilization metadata (database size, SQL response time, number of requests, etc.)
  • Database errors (query error code, query timeout expired, duplicate key, etc.)
  • Server utilization metadata (CPU usage, memory, disk, network utilization, etc.)
  • Server event log.

 

We offer an optional separate function that can collect and report on connection performance to non-database-related hardware and services (disks, drives, folders, websites, etc.)

Privacy

AimBetter is committed to protecting the privacy of our customers. The application data we process as part of our provision of services is only used to display application performance information back to the customer’s AimBetter account users, or to our Expert Support team to facilitate their support activities.
We undertake never to provide data to third parties without the explicit approval of the customer.
AimBetter only collects metrics relevant to server activity (for example, creation/reading/update of data), which is passed up through the firewall for analysis.

Datacenter Security

AimBetter is hosted at our Tier3+ certified data center. Physical access to this location is restricted to people with authenticated credentials and all access/egress is reported.
The center is equipped with fully redundant power backup systems, fire suppression systems, security guards, and biometric authentication systems.

User Access Management

Users access the results of AimBetter’s services through their unique username (usually email address) and password. These passwords must meet a high level of complexity (for example – a minimum of eight characters with mixed cases and special characters). Customers are responsible for managing their accounts, including provisioning and de-provisioning their own users. We store user passwords in an advanced, industry-standard encrypted hash format.

AimBetter adds the following mechanisms to protect against access violations:

  • Multiple login failures (up to five) will block the user and enforce re-authentication.
  • Customers can specify a range of valid IP addresses from which access is permitted.
  • Customers can opt for 2FA (two-factor authentication)
  • The user access is session protected, meaning that the user will be logged out if there is any change in the IP

Additional Security Features

AimBetter has certain technical features built into its design to offer its customers additional security options:

  • All data in transit is encrypted. SSL encryption is enabled by default for data being sent to AimBetter.
  • The agent does not create any vulnerabilities in customers’ firewalls. Communication from the AimBetter agents to the AimBetter API complies with the security protocol TLS 1.2, is outbound on port 443 by default, and can be configured to use a proxy server.
  • Agents do not allow inbound connections.
  • We cannot auto-update software installed on your servers. All updates must be manually installed by your administrators.
  • Our data center is protected by Cloudflare, firewalls, VPN gateway, and intrusion detection systems.
  • All of our system databases are locally encrypted and cannot be accessed except via username/password access.
  • Data retention persists only during the period of service. Upon termination of AimBetter services, all data will be removed from AimBetter systems (including backups) within 90 days.

Summary

  • We guarantee the complete security of your data, both onsite, in transit, and via user access.
  • AimBetter guarantees the integrity of your site. There is no channel for data or programs to be uploaded into your location from our service.
  • The flow of data is strictly one-way – outward from your domain.
  • Our operations are completely limited to observation inside the customer’s domain – we cannot make any changes to data or software.
  • We use leading-edge data encryption technology in all traffic movement between your site and our center.
  • Our own Datacenter is protected physically and logically to prevent access except by authenticated users. Security on-site is at the same level as banking and insurance Datacenters.
  • Access to our service is restricted to authenticated users, with measures to detect and prevent attempted hacking.

Premium Security

On top of AimBetter’s already secure-by-design architecture, we offer additional security conditions for customers with more stringent compliance requirements who want complete separation from the general environment.

Click here for more details about Premium security possibilities.

Secure-by-design additional references

Regulation Compliance Features

AimBetter powerful solution equips companies with the capabilities to meet various regulatory standards, enhancing their…

ISO 27001

We are proud to announce that AimBetter has completed the ISO 27001 Compliance process. ISO…

Agent Viewing List

As part of AimBetter’s Zero Trust policy, our agent access is restricted to the Data…
Menu
Skip to content