Logs
Healthy.io's security team continuously monitors and assesses compliance, regulation, and risk. Its vulnerability tests establish how the company identifies, responds, and triages vulnerabilities against the Healthy.io platform. Healthy.io continues to improve and enhance its security capabilities to ensure the security of its platform: Continuous 24/7/365 monitoring and the implementation of a variety of security tools and other components to detect and mitigate any new vulnerabilities, incidents, and threats.
Healthy.io highly monitors and regulates its Cloud environments using a combination of many (internal and external) tools.
Healthy.io uses a SIEM platform to aggregate logs from various sources, apply monitoring rules to those aggregated logs, and flag any suspicious activity. The company forwards key system logs from each system where logs are read-only. External tools automatically analyze the logs; additionally, the Security team periodically reviews the company’s auditing systems.
The Security team creates alerts on the security analytics platform and monitors for indicators of compromise. The internal processes define how these alerts are triaged, investigated further, and escalated appropriately.
Healthy.io immediately investigates the logs which contain:
User IDs/Name.
Time Stamps of event.
Type of event (success or failure).
Brief description of the event.
Healthy.io has set its cloud to maximum audit (i.e., auditing all event types). Logs, to which only the Infrastructure team has access, are kept in a separate account. The Infrastructure team has read-only access to these logs, so they cannot be tampered with in any way. The logs are also encrypted to prevent data tampering.