AimBetter Architecture

Data can only flow in one direction – there is no possibility of feedback into or interference with the customer’s domain.

  • The Agent is installed on one of the customer’s servers to monitor servers in a local data center, cloud, or hybrid environment.
  • Our Agent collects and transmits monitored data to our remote servers via secure SSL-encrypted channels.
  • AimBetter servers aggregate and analyze the server performance information and data in our secure Datacenter.
  • The resulting server performance reporting is made available via AimBetter’s password-protected website.
  • The only data the AimBetter Agent collects is about the performance metrics and Database architecture – no access to the Database content.

 

Unique AimBetter Security Features

As illustrated in the graphic, there are three primary areas in which the AimBetter product operates. We have introduced specific and unique procedures and technologies inside these, as well as in the movement of data. Combined, these produce an impenetrable shield around the whole operation, guaranteeing the integrity and privacy of your data and the safety of your own IT process.

Customer domain – AimBetter agent

The installation of the agent requires the creation of a specific user inside the customer’s own domain. This user has strictly limited access – cannot query/change/drop/create any table or object data on monitored servers.
AimBetter user itself needs only access to its program folder and specific permission on the single-host server. The script that creates this user grants specifically restrictive rights (VIEW) on the database and the server. As well, the roles allocated are reader-only. This user cannot make any changes to data or infrastructure. You can check our instructions to create a user with minimal permissions for Windows, Linux, MSSQL, Oracle, and Amazon RDS.

Movement of data

AimBetter monitor pushes information out in a one-way stream from the agent. As a further level of security, there is the option to block inward requests. All data is compressed and encrypted, then transmitted via SSL-secured ports through our firewall into our secured data center.

Third-party access

By lifting the monitoring results into our data center, AimBetter provides another level of security. Third-party service providers such as programmers and consultants can also access the information without having to be given access to the customer’s domain.

What We Deliver

We provide full coverage of the following areas:

  • Application Security
  • Infrastructure & Network Security
  • GDPR Compliance
  • Data Privacy
  • Access Security
  • Our employees are required to attend security awareness training and are informed of their security responsibilities.

Data Collection

AimBetter only monitors performance for the applications and/or servers of the customer database environment specified during the installation of the AimBetter agent. Generally, the monitor collects metadata that includes aggregate time measurements for server resource utilization statistics, server error logs, SQL server resources, SQL server query statistics, and SQL errors.
AimBetter agent processes:

  • Database query activity
  • Database utilization metadata (database size, SQL response time, number of requests, etc.)
  • Database errors (query error code, query timeout expired, duplicate key, etc.)
  • Server utilization metadata (CPU usage, memory, disk, network utilization, etc.)
  • Server event log
  • Client CPU and process

 

We offer an optional separate function that can collect and report on connection performance to non-database-related hardware and services (disks, drives, folders, websites, etc.)

Privacy

AimBetter is committed to protecting the privacy of our customers. The application data we process as part of our provision of services is only used to display application performance information back to the customer’s AimBetter account users, or to our Expert Support team to facilitate their support activities.
We undertake never to provide data to third parties without the explicit approval of the customer.
AimBetter only collects metrics relevant to server activity (for example, creation/reading/update of data), which is passed up through the firewall for analysis.

Datacenter Security

AimBetter is hosted at our Tier3+ certified data center. Physical access to this location is restricted to people with authenticated credentials and all access/egress is reported.
The center is equipped with fully redundant power backup systems, fire suppression systems, security guards, and biometric authentication systems.

User Access Management

Users access the results of AimBetter’s services through their unique username (usually email address) and password. These passwords must meet a high level of complexity (for example – a minimum of eight characters with mixed cases and special characters). Customers are responsible for managing their accounts, including provisioning and de-provisioning their own users. We store user passwords in an advanced, industry-standard encrypted hash format.

AimBetter adds the following mechanisms to protect against access violations:

  • Multiple login failures (up to five) will block the user and enforce re-authentication.
  • Customers can specify a range of valid IP addresses from which access is permitted.
  • Customers can opt for 2FA (two-factor authentication) by Email or Google Authenticator
  • Customers can integrate AimBetter with their Identity Provider to authenticate users via SSO if it supports the SAML 2.0 protocol.
  • The user access is session protected, meaning that the user will be logged out if there is any change in the IP

Additional Security Features

AimBetter has certain technical features built into its design to offer its customers additional security options:

  • All data in transit is encrypted. SSL encryption is enabled by default for data being sent to AimBetter.
  • The agent does not create any vulnerabilities in customers’ firewalls. Communication from the AimBetter agents to the AimBetter API complies with the security protocol TLS 1.2, is outbound on port 443 by default, and can be configured to use a proxy server.
  • Agents do not allow inbound connections.
  • We cannot auto-update software installed on your servers. All updates must be manually installed by your administrators.
  • Our data center is protected by Cloudflare, firewalls, VPN gateway, and intrusion detection systems.
  • All of our system databases are locally encrypted and cannot be accessed except via username/password access.
  • Data retention persists only during the period of service. Upon termination of AimBetter services, all data will be removed from AimBetter systems (including backups) within 90 days.

Summary

  • We guarantee the complete security of your data, both onsite, in transit, and via user access.
  • AimBetter guarantees the integrity of your site. There is no channel for data or programs to be uploaded into your location from our service.
  • The flow of data is strictly one-way – outward from your domain.
  • Our operations are completely limited to observation inside the customer’s domain – we cannot make any changes to data or software.
  • We use leading-edge data encryption technology in all traffic movement between your site and our center.
  • Our own Datacenter is protected physically and logically to prevent access except by authenticated users. Security on-site is at the same level as banking and insurance Datacenters.
  • Access to our service is restricted to authenticated users, with measures to detect and prevent attempted hacking.

Premium Security

On top of AimBetter’s already secure-by-design architecture, we offer additional security conditions for customers with more stringent compliance requirements who want complete separation from the general environment.

Secure-by-design additional references

ISO 27001

We are proud to announce that AimBetter has completed the ISO 27001 Compliance process. ISO…

Regulation Compliance Features

AimBetter powerful solution equips companies with the capabilities to meet various regulatory standards, enhancing their…

Agent Viewing List

As part of AimBetter’s Zero Trust policy, our agent access is restricted to the Data…
Menu
Skip to content