BigPanda

Security

BigPanda is committed to the security of your data. We use a variety of industry-standard security technologies and procedures to help protect your information from unauthorized access, use, or disclosure. You also have several security controls available within BigPanda.

Overview

To protect your information, data is:

  • Transmitted via HTTPS.

  • Accessed through the password-protected BigPanda website or via APIs that require token authentication.

  • Stored in an ISO 27001 and FISMA certified data center.

Data Transmission

Incoming

Standard alert data is collected securely from monitoring systems and sent to the BigPanda service by using one of the following methods:

  • Webhook—if the monitoring system supports sending data via Webhook, it can be configured to send alert data directly to the BigPanda service via a secure API endpoint.

  • Agent—if the monitoring system does not support sending data via Webhook, the BigPanda agent can be configured to collect data locally and send it to the BigPanda service via a secure API endpoint. The agent pulls data from a machine on the local network or cloud infrastructure by using a vendor-supplied API, parsing log files, or using other techniques, depending on the monitoring system’s capabilities.

BigPanda marshals all data sent to the BigPanda service as well as the return codes delivered back to the agent and monitoring systems in JSON.

Outgoing

The BigPanda service sends data to integrated messaging or ticketing systems, such as email, SMS, JIRA, or Slack. BigPanda sends all data to these providers or services via HTTPS and uses industry-standard email and SMS providers.

Access Control

Users can access the BigPanda application by visiting https://a.bigpanda.io via a web browser. All data is sent via HTTPS. Website access requires username and password authentication.

Customer Access

Users can authenticate on the BigPanda website by entering their username and password. Organizations can also configure an SSO integration that allows users to authenticate on the BigPanda website. BigPanda uses an industry-standard, encrypted token for session-level authentication. BigPanda user passwords are stored in an industry-standard, encrypted hash format. For enhanced security, BigPanda enforces password complexity requirements for all new user passwords and changes to existing user passwords. BigPanda also enforces an automatic session timeout after a fixed period of inactivity.

Customers can access only the data for their own organization. Organizations can grant access to users by inviting them into BigPanda.

BigPanda Employee Access

BigPanda personnel access customer data only on a need-to-know basis for support purposes. All support personnel have signed Non-Disclosure Agreements, and no changes are ever made to an account without prior approval from the customer.

Physical Security

BigPanda data centers are hosted on Amazon Web Services (AWS). The IT infrastructure that AWS provides is designed and managed in alignment with security best practices, including the following IT security standards:

  • SOC 1/SSAE 16/ISAE 3402 (formerly SAS 70)

  • SOC 2

  • SOC 3

  • FISMA, DIACAP, and FedRAMP

  • DOD CSM Levels 1-5

  • PCI DSS Level 1

  • ISO 9001 / ISO 27001

  • ITAR

  • FIPS 140-2

  • MTCS Level 3

Physical access to the data center is strictly controlled both at the perimeter and at building ingress points by professional security staff, using video surveillance, state of the art intrusion detection systems, biometric locks, and other electronic means.

For more information, refer to the AWS Security Write Paper.

Session Management

For optimal security, BigPanda automatically logs out users when their sessions have been inactive for a long time. The session management feature determines how long a user can be inactive and when a warning message appears for inactive users.

Available Settings

BigPanda enforces the following settings for each user session. If you'd like to customize the settings for your organization, contact BigPanda support.

Session Timeout

Length of time after which the system logs out inactive users—between 15 and 1440 minutes. The default value is 120.

Session Warning

Length of time before a session times out when a warning message appears—between 1 and 15 minutes. If the session is automatically ended, the user must log in again to access BigPanda. The default value is 2.

Considerations and Exceptions

The automatic timeout applies only to a specific session. For example, a user may log in from two different browsers and therefore have two different sessions. If one session times out, the user is logged out only for that browser. The user remains logged in for the other browser until that session also times out or until the user manually logs out.

Because the BigPanda Dashboard is designed for NOC displays, the automatic session timeout does not apply to it. Therefore, if a user leaves the Dashboard tab open, the user's session remains active.