AimBetter Architecture

Data can only flow in one direction – there is no possibility of feedback into or interference with the customer’s domain.

Unique AimBetter Security Features

As illustrated in the graphic, there are three primary areas in which the AimBetter product operates. We have introduced specific and unique procedures and technologies inside these, as well as in the movement of data. Combined, these produce an impenetrable shield around the whole operation, guaranteeing the integrity and privacy of your data and the safety of your own IT process.

Customer domain – AimBetter agent

The installation of the agent requires the creation of a specific user inside the customer’s own domain. This user has strictly limited access – cannot query/change/drop/create any table or object data on monitored servers.
AimBetter user itself needs only access to its program folder and specific permission on the single-host server. The script that creates this user grants specifically restrictive rights (VIEW) on the database and the server. As well, the roles allocated are reader-only. This user cannot make any changes to data or infrastructure. You can check our instructions to create a user with minimal permissions for Windows, Linux, MSSQL, Oracle, and Amazon RDS.

Movement of data

AimBetter monitor pushes information out in a one-way stream from the agent. As a further level of security, there is the option to block inward requests. All data is compressed and encrypted, then transmitted via SSL-secured ports through our firewall into our secured data center.

Third-party access

By lifting the monitoring results into our own cloud, AimBetter provides another level of security. Third-party service providers such as programmers and consultants can also access the information without having to be given access to the customer’s domain.

What We Deliver

We provide full coverage of the following areas:

Data Collection

AimBetter only monitors performance for the applications and/or servers of the customer database environment specified during the installation of the AimBetter agent. Generally, the monitor collects metadata that includes aggregate time measurements for server resource utilization statistics, server error logs, SQL server resources, SQL server query statistics, and SQL errors.
AimBetter agent processes:

Privacy

AimBetter is committed to protecting the privacy of our customers. The application data we process as part of our provision of services is only used to display application performance information back to the customer’s AimBetter account users, or to our Expert Support team to facilitate their support activities.
We undertake never to provide data to third parties without the explicit approval of the customer.
AimBetter only collects metrics relevant to server activity (for example, creation/reading/update of data), which is passed up through the firewall for analysis.

Datacenter Security

AimBetter is hosted at our Tier3+ certified data center. Physical access to this location is restricted to people with authenticated credentials and all access/egress is reported.
The center is equipped with fully redundant power backup systems, fire suppression systems, security guards, and biometric authentication systems.

AimBetter adds the following mechanisms to protect against access violations:

• Multiple login failures (up to five) will block the user and enforce re-authentication.
• Customers can specify a range of valid IP addresses from which access is permitted.
• Customers can opt for 2FA (two-factor authentication)
• The user access is session protected, meaning that the user will be logged out if there is any change in the IP

Additional Security Features

AimBetter has certain technical features built into its design to offer its customers additional security options:

Summary

Premium Security