AppNeta Performance Manager (APM) uses standard encryption practices to make sure that the information in your packet captures is securely transmitted and stored.
Captures are uploaded to the capture server via ssl, where they remain in encrypted form (AES-256). The symmetric key used for encryption is based on a per-monitoring point, user-defined passphrase. The passphrase is stored on the monitoring point in a hashed form (SHA-1).
Captures must be decrypted using the symmetric key created from the passphrase. You are prompted for a passphrase once per monitoring point per login session; the passphrase is cached only for the duration of the login session. The actual download is via ssl.
As part of monitoring point decommissioning, web admin clears the passphrase and packet captures that have not yet been uploaded. If the monitoring point is no longer being used for packet captures, but you aren’t decommissioning it, a separate clear passphrase function is available.
Software monitoring points
Linux-based software monitoring points runs as root and require outbound connections to APM servers to report the timing data and download software updates. Timing data is sent back to APM via https. Software packages are downloaded from the upgrade repository via ssl. For the specific ports and protocols that are required by software monitoring points, see this article.
APM is hosted on Amazon Web Services. We use industry accepted, best practices to secure this installation, including Amazon security groups, firewalled ports, ssh-key based machine logins, and key rotation.
Data access is restricted solely to AppNeta employees, all of whom are under strict confidentiality agreements. Only key engineers may access production data, and then only for the purpose of debugging data-related issues as a last resort. In addition, Customer Care may access your web console to provide guidance as a result of specific incidents or requests.