A big factor for securing DevOps environment is that engineers should not have access to the production environment. This is especially true if the production environment contains sensitive data, such as payment card data, protected health information, or personally identifiable information because compromised engineering credentials could expose sensitive data and lead to a breach. While this requirement is a security best practice and has found its way into many compliance regulations, it can be hard to enforce the strict division of church and state when you are running a high velocity operation with many releases per day and frequent changes to code and systems.

Set up alerts for zone policy violations

One way to help manage this risk is to set up zone policies and monitor if they are being violated. For example, you define a certain zone as the production zone and then create a network policy that the engineering team is not authorized to access this part of the network. Implementing this may be challenging in some environments, but it's actually very easy in UserInsight, Rapid7's user behavior analytics and incident response solution.

How to monitor for zone policy violations in UserInsight

Setting up a network zone policy in UserInsight is very easy. From the UserInsight dashboard, choose Settings in the top menu and then select Network Zones in the left menu. Click the Add Zone button and define the zone you'd like to monitor.

Next, click on Network Policies in the left menu. Enter the name of the Active Directory group for your developers and define that they cannot access the production environment zone.

If anyone violates this rule, you'll be alerted on the UserInsight dashboard, on the Incidents page, and you'll receive a notification by email.

In this example, we see that user vgonzales violated this policy 100 times. Simply click on this incident alert or on the name to dig in deeper and get more context around this user.

If you'd like to get a personal, guided demo of UserInsight or set up a proof of concept in your environment, please provide your details on the demo request page.