Maximizing protection, minimizing risk: Securing your IT infrastructure with LogicMonitor

Due to the increasing challenges faced in network environments and the consistent threat of cyberattacks, companies must enforce appropriate security measures to protect their data, maintain operational integrity and prevent outages. For example, a recent Microsoft outage was caused by a CrowdStrike update that conflicted with Microsoft’s Windows OS. Although LogicMonitor was not impacted by the incident, we were actively assisting our customers in resolving and recovering from the resulting outage. This incident underscores the importance of consistently reevaluating security measures. 

The impact of this outage on mission-critical systems also highlights the need for a holistic monitoring solution like LogicMonitor. Our platform detects and alerts you to issues in real time, so your IT team can immediately start troubleshooting. We understand these challenges and are committed to providing you with solutions that can safeguard your IT assets. 

Key takeaways

LogicMonitor is requiring customers to implement two-factor authentication (2FA), migrate collectors to non-root/non-admin credentials, and migrate to a new API token created under a new user or role with appropriate permissions by December 31, 2024.

The platform’s real-time detection and alerting capabilities enable immediate troubleshooting, ensuring operational integrity and minimizing downtime.

LogicMonitor’s holistic monitoring solution is designed to safeguard IT assets by providing continuous security enhancements, professional penetration testing, adherence to ISO 27000 standards, and AICPA SOC2 Type 2 compliance, reflecting a strong commitment to maintaining the highest security standards.

As part of our ongoing commitment to security, we are rolling out new security improvements and mandates. This includes the mandatory implementation of two-factor authentication (2FA), the migration of collectors to non-root/non-admin credentials, and the migration to a new API token created under a new user or role with appropriate permissions, all by December 31, 2024.

These updates will help to strengthen your account security and reduce the risk of exploitation.

For more information on LogicMonitor’s Security Mandates, including an FAQ, please visit the LogicMonitor Trust Center, LogicMonitor Community and the Security Best Practices Guide.

Recent security improvements from LogicMonitor

While we’ve had Single Sign-On (SSO) available for some time to simplify user identity management and improve overall security, we’ve been busy continuously improving the security of our platform with these additional new features:

1. UI upgrade: The recent UI upgrade includes a more secure framework. We’ve also upgraded our interface to add improved user authentication and authorization mechanisms to further safeguard access to important systems and data.
2. Enhancements in 2FA: As of December 31, 2024, it will be mandatory for all local accounts in the customer’s portal to have 2FA. This additional layer of security against unauthorized access is essential for reducing the risks of your accounts being compromised. If you already use our SAML based SSO solution for Multifactor Authentication (MFA), the 2FA mandate will not apply to you.
3. Continuous improvements: Our commitment to security is continuous. We regularly get professional penetration testing firms to validate the security of our platform so that any vulnerabilities can be identified and addressed immediately. We also adhere to ISO 27000 standards, AICPA SOC2 Type 2 compliance and more, all certified via an independent third party auditor, which further demonstrates our commitment to maintaining the highest security standards. To learn more, please visit the Trust Center.

Read on to learn more about the enhancements in 2FA and additional improvements.

Two-factor authentication (2FA)

2FA is a vital feature for improving your account security. This additional verification step, beyond your username and password, can help to prevent unauthorized access even if your credentials are compromised. 

LogicMonitor users assigned to roles with the Security permission can globally apply 2FA for all users logging into your LogicMonitor portal, or apply 2FA on a per-user basis. 

Once an organization has set up 2FA, users can choose from multiple authentication methods such as the Authy app, SMS, or phone call. Users can follow these steps to select their desired 2FA method:

1. Log into your LogicMonitor account and navigate to the Portal Settings.
2. Select your desired 2FA method (Authy app, SMS, or phone call).
3. Register your mobile device with the Authy app if you choose this option.
4. Follow the prompts to complete the setup, ensuring your device is properly authenticated.

Again, if you already use our SAML based SSO solution, the 2FA mandate will not apply to you.

Migrating collectors to non-root/non-admin users

Previously, LogicMonitor required root or administrator credentials for its collectors to gather data from monitored resources. While effective, this approach posed security risks by granting excessive permissions that could be exploited if compromised.

By migrating collectors to non-root/non-admin collectors, you adhere to the principle of least privilege and enhance the security of each account. Limiting the capabilities of accounts reduces risks and protects your infrastructure.

For detailed instructions on migrating your Linux collectors to non-root and your Windows collectors to non-admin, please refer to the “Running Collectors with the least privilege” section in our support documentation.

Role-based access control (RBAC)

RBAC is a security mechanism designed to restrict access to a system based on the user’s role within an organization. By assigning specific permissions to different roles, individuals will only have access to the information and resources needed to perform their job functions.

To implement RBAC effectively, administrators should define roles based on the principle of least privilege. For example, you can use our out-of-the-box roles such as “readonly” for users who need to view data but not change it, and “ackonly” for users who need to acknowledge alerts and configure scheduled downtimes (SDTs).

Limit the assignment of the default “Administrator” role to as few users as possible to maintain a secure environment. This role grants access to all system functions. Instead, use more restrictive roles tailored to specific responsibilities. Additionally, apply the principle of least privilege to the “lmsupport” user account, ensuring it is used only for necessary support activities.

In addition, customers should implement the following best practices:

1. Regular audits: Conduct regular audits of user permissions and access logs to detect and respond to any unauthorized activity.
2. IP allowlisting: Define and configure an allowed list of IP addresses to restrict portal access to trusted networks.
3. Session management: Set user session timeouts to minimize the risk of session hijacking and suspend user accounts after periods of inactivity.

API tokens and best practices

API tokens are important for authenticating requests to the LogicMonitor platform. They allow users to manage resources, dashboards, devices, and more. To prevent unauthorized access to your systems, follow these best practices:

1. Create API-only users: Assign API tokens to users specifically created for API interactions. These users should not have passwords or user interface-specific fields, enhancing security.
2. Limit permissions: Assign roles with the minimum necessary permissions for the API endpoints being used. Avoid granting excessive privileges that are not required for the task at hand.
3. Keep tokens secret: Treat API tokens like passwords. Store them securely using environment variables or a secure secrets management system. Avoid hardcoding tokens in your application’s client-side code or publicly accessible repositories.
4. Audit and monitor: Regularly audit token usage and monitor for suspicious activity. Keep detailed logs of token usage to quickly identify and respond to potential security issues.
5. Unique tokens for each application: Generate unique tokens for each application or client, ensuring that a single token is not used across multiple sources.
6. Avoid assigning administrator privileges to API tokens: This practice significantly reduces security risks, as administrator privileges are rarely required for API functionality.

Take action to secure your IT infrastructure

We encourage you to implement the security measures recommended above to protect your IT environments effectively. Leverage LogicMonitor’s advanced security features and resources to ensure compliance and strengthen your security posture. In addition to these best practices, IT teams should always make sure their users are trained in your organization’s security protocols, update all systems and applications regularly with the latest security patches, and integrate LogicMonitor’s audit logs with your SIEM for continuous monitoring and alerting on suspicious activities.

Visit our support documentation for detailed guidance. For additional assistance, please reach out to our dedicated technical support team.