To establish data security and protect sensitive information, BMC Real End User Experience Monitoring Software Edition provides the following features:
By encrypting traffic, the system protects both traffic data and end-users' private data. To provide additional security, you can create data storage rules to specify what pages and objects the system should store, and how long they are retained.
By default, the system applies the data confidentiality policies on the traffic and then stores all traffic data until the maximum capacity (configurable value) is filled.
The system hides or deletes private data according to traffic confidentiality policies.
By default, the system deletes all key/value pairs received from cookies, URI query, POST, and PATH parameters, except the following:
Confidentiality policies page
Users with Security-level access can configure confidentiality rules in conformity with your organization's privacy policies to ensure that the system does not retain private information derived from monitored traffic (such as credit-card numbers or dates of birth).
For more information, see the Securing sensitive data with confidentiality policies section.
BMC recommends that you limit access of data-export APIs (Bulk data export, Watchpoint Summary export, Watchpoint streaming export, and so forth) to system services like data export, Watchpoint streaming, and non-secure data transfer.
Use the data export security options to permit or refuse the API access (see the Data export section on the Analyzer's Administration > Security settings > Services page).
For security reasons, some applications (notably Adobe Flash Player) prevent cross-domain loading of data by default.
Because BMC Real End User Experience Monitoring has Flash widgets embedded in the UI, you must manage the cross-domain data loading to secure the system. Using a cross-domain policy file, enable Flash to permit or deny content from particular domains.
With custom fields, users can extract sensitive or confidential information from the traffic. Security users must be careful while enabling the use of custom fields.
For more information, see thesection.
Only users with Security-level access can upload and delete stored decryption (SSL) keys. Uploaded keys cannot be viewed or downloaded.
BMC recommends that you review the confidentiality policy when adding new keys, because the new services might not be visible before the policy is reviewed.
For more information, see the section.
The use of the network taps or mirror/span ports prevents traffic injection into monitored networks. Therefore, the system can be securely connected to external/DMZ networks, assuring that monitored networks are not affected by the presence of this type of traffic capture device.
Capture ports on the Real User Cloud Probe must be connected to either a network tap or mirror/span port on a network switch. The capture ports operate in promiscuous mode only. They do not have any IP networking capabilities and cannot inject traffic into monitored networks.
For additional information, see Traffic capture and tapping points for BMC Real End User Experience Monitoring Software Edition and Network ports.