We designed LeanSentry to be as safe and secure for any application environment as possible, while providing the critical insight needed to monitor and diagnose it.
Here are the main ways that LeanSentry does this:
1. Lightweight and non-invasive monitoring.
Unlike an invasive debugger or profiler that loads code into your application, LeanSentry uses standard Windows monitoring protocols that perform external monitoring. LeanSentry will never load code into your applications, and does not have access to your memory and data.
2. Capturing non-security-sensitive data.
LeanSentry collects non-security sensitive data, including request URLs, numeric performance metrics, and application error information. It does not capture application files, data, code, or configuration.
3. Never opening your environment to external access.
LeanSentry operates within your environment, and only connects out to our HTTPS cloud systems. It never opens any ports in your environment to outside access.
4. Securely transmitting your performance data.
LeanSentry sends your performance data using authenticated, encrypted HTTPS channel to our cloud systems. This data is then stored in an anonymous fashion in our cloud systems, and can only be accessed over the secure HTTPS dashboard.
5. Using low overhead monitoring with standard Windows protocols.
We use standard Windows monitoring protocols like IIS logs, ETW tracing, and others to guarantee low overhead in your production environment. These protocols have been performance tuned by Microsoft for literally decades to insure secure and high performance operation.
If you have concerns about LeanSentry's overhead or security implications in your environment, please email us, and we'll be happy to work with you to put your mind at ease.