Enterprise grade security

Encryption

Encrypt communication between Arex components

Arex supports encrypting any communication stream between different Arex components:

  • All communications between various Arex components (such as Arex server, proxies, agents and command-line utilities) support TLS protocol
  • Support for certificate and pre-shared key encryption
  • Encryption is optional and configurable for individual components
  • All sensitive information is encrypted and can be stored in an external Vault for additional security
  • Select from a list of supported encryption algorithms based on your security policy
 

Flexible Permissions

Restrict access with a flexible permission schema

Arex provides a flexible user permission schema which can be efficiently used to manage user permissions within one Arex installation or in a distributed environment.

You can define three levels of permissions:

  • Read-write – a read-write access
  • Read-only – a read-only access
  • Deny – access denied
 

User types are used to define access to administrative functions and to specify default permissions:

  • Arex User have read-only permissions on collected data and events
  • Arex Admins can manage your monitoring configuration and read the collected data and events
  • Arex Super Admins are capable of managing Arex instance configuration, in addition to having Arex Admin privileges
 

User Roles

Secure your workflow with User Roles

Create your own custom user roles with a granular set of permissions for different types of users in your environment.

User roles also enable you to Hide or show Arex UI elements to fit the needs of your users and customers.

With user Roles you can:

  • Limit access to specific UI elements
  • Limit access to performing specific actions in the UI
  • Create an allow or deny list for specific API methods
 

User Authentication

Authenticate users by utilizing existing infrastructure

Integrate Arex together with your existing authentication mechanisms. Arex supports a variety of authentication methods:

  • Internal Arex logins
  • HTTP authentication
  • Support for multi-factor authentication
  • Define your own password complexity requirements
  • LDAP authentication
  • SAML authentication
  • Single sign-on authentication
  • Native integration with Active Directory
 

With native support for HTTP, LDAP and SAML authentication you can provide an additional layer of security and improve the user experience while working with Arex.

Secret Vault

Keep secrets secure

Once entered, you have the option to hide your sensitive information from prying eyes:

  • Hide your usernames, passwords, authentication keys and other sensitive information
  • Hidden information cannot be retrieved via API or configuration export

Deploy an external vault to keep your secrets under tight control:

  • Unified storage for all your secrets
  • Strict limitations for accessing the vault
  • Detailed vault level audit log
  • Store your secrets in HashiCorp vault
  • Support for CyberArk vault coming in 6.2 – see Arex roadmap
 

Configuration Changes Tracking

Keep track of configuration changes

Track changes in your environment by utilizing the Audit log:

  • Find out which user made changes to any Arex entities
  • Tracks the IP address from which the user logged into Arex
  • Filter the audit log and follow changes made by a specific user on a particular resource
  • Export full or filtered audit log via API for further analysis
 
 

Restrict Data Collection

Restrict data collection

Restrict access to sensitive information by limiting which metrics can be collected in your environment:

  • Define metric allow and deny lists
  • Prevent unsanctioned access to sensitive information
  • Restrict the direction of network communication
  • Permit connections only to and from specified end-points
  • Restrict unencrypted connections to your monitoring targets