New Relic Security Incident Affects Customer Data

New Relic, a popular software analytics tool, recently experienced a security incident that compromised customer data.

The incident was detected on March 18, 2023, and New Relic notified its customers immediately.

This swift notification is a testament to the company's commitment to transparency and customer trust.

New Relic's security team acted quickly to contain the incident and prevent further damage.

New Relic's incident response plan was put into action, and the company worked closely with external experts to investigate the breach.

The investigation revealed that the incident was caused by a combination of human error and a vulnerability in one of New Relic's systems.

This highlights the importance of robust security measures and regular system updates.

Regular security audits and penetration testing can help identify vulnerabilities before they are exploited.

New Relic takes security seriously, and their measures are designed to protect customer data. They provide industry standard authentication and access controls to prevent unauthorized access to their Service.

New Relic's access control methods clearly state the rules and rights for each user or group of users, including applications and information sharing. A record of all privileges allocated is maintained.

In the event of a law enforcement request or data breach, New Relic gives customers reasonable advance notice, allowing them to contest the disclosure or seek a protective order. They also limit the disclosure to the minimum amount required by law.

New Relic's systems are designed to be secure, with access granted only to employees who have been uniquely identified and have sufficient credentials. Access to their systems is logged and retained for at least 6 months to assist in investigations and access control monitoring.

New Relic regularly tests and evaluates its security measures using industry-recognized standards and independent third-party auditors.

This rigorous approach helps ensure that Customer Data is protected to the highest standards. The company uses industry-recognized standards to assess and evaluate its security measures.

New Relic agrees to provide Customers with applicable certifications or reports about its systems, upon request. All information exchanged during the audit process is considered confidential.

Additional information about New Relic's security certifications can be found on its Security Guide.

At New Relic, we take security very seriously, and we rate our security vulnerabilities using a four-level system.

We consider a Critical rating to be a vulnerability that could compromise the confidentiality or integrity of your data.

A High rating indicates that atypical or unintended information is likely to be received by New Relic, potentially compromising your data.

A Medium rating means that atypical or unintended information could be received, but the risk is mitigated by default configuration or standard security practices.

A Low rating suggests that the vulnerability would be difficult to exploit, or it would have minimal impact.

Here's a quick reference guide to our security ratings:

New Relic provides industry standard authentication and access controls to protect customer data. This includes industry standard authentication methods to prevent unauthorized access to the service.

These access control methods clearly state the rules and rights for each user or group of users, including applications and information sharing. A record of all privileges allocated is maintained.

In the event of a data breach or law enforcement request, New Relic provides customers with the capability to access log records relating to their accounts. This is done to assist in investigations and access control monitoring.

New Relic's access control methods include a process for granting and removing access to information systems processing customer data. This is done to minimize risks of unauthorized access or changes to the operational system.

Access to New Relic's systems is logged and retained for no less than 6 months. This helps with investigations and access control monitoring, including end-user access and activities, and information security events.

New Relic gives customers reasonable advance notice prior to disclosing any customer data, if required by law, regulation, or legal process. This allows customers to contest the disclosure or seek a protective order.

Vendor management is crucial to maintaining the security posture of a company. New Relic takes this seriously and performs a security risk-based assessment of prospective vendors before working with them. This assessment validates that the vendors meet New Relic's security and business continuity standards.

New Relic enters into written agreements with its vendors that process customer data, which include confidentiality, privacy, and security obligations. These agreements provide an appropriate level of protection for customer data that the vendors may process.

New Relic's vendor management process involves assessing the type of access and classification of data being accessed, as well as the controls necessary to protect data. This ensures that vendors are held to the same security standards as New Relic.

If you're concerned about the security of your data, you'll be glad to know that New Relic has a clear policy in place for disclosure by law. New Relic will give you reasonable advance notice prior to disclosing any of your data.

In the unlikely event that New Relic is required by law to disclose your data, they'll limit the disclosure to the minimum amount necessary. This means they'll only share what's absolutely required.

New Relic publishes its law enforcement requests report on their Security Guide, which is a great resource to stay informed about their data disclosure practices.

The unauthorized actor used a single New Relic employee account to gain access to the company's Staging Environment. This account was compromised through stolen credentials and social engineering.

The actor executed specific search queries between October 24 and November 15, 2023, and exfiltrated the results from the Staging Environment. This activity was identified and reviewed by New Relic and industry-leading forensic firms.

The last observed unauthorized activity in the Staging Environment was on November 16, 2023, and there's no indication of persistent access by the unauthorized actor. This means the incident is contained, and there's no ongoing threat.

A very small percentage of New Relic customers were impacted by the search queries executed by the unauthorized actor. These customers have been notified with recommended next steps.

Here's a summary of the incident timeline:

There's no indication of lateral movement from the Staging Environment to customer accounts in the separate production environment or to New Relic's production infrastructure. This means customers' data and accounts are safe.

New Relic's security incident was a wake-up call for many organizations, highlighting the importance of robust security measures. The incident involved a vulnerability in the company's products, which allowed unauthorized access to sensitive data.

The vulnerability was discovered in New Relic's One platform, which provides visibility into application performance. The platform's API was found to be vulnerable to unauthorized access.

The incident led to a significant increase in New Relic's security efforts, with the company implementing additional security measures to prevent similar incidents in the future. These measures include enhanced access controls and improved monitoring of system activity.

New Relic's security incident also highlighted the importance of transparency in incident response. The company was criticized for its initial response to the incident, which some felt was slow and inadequate.

New Relic has taken steps to help prevent credential-based compromises. They offer automatic controls over user addition, management, and login, as well as SAML, SSO, and SCIM provisioning.

To enhance security posture, customers should enable MFA if they're configured with SAML, SSO, and SCIM. It's also essential to avoid reusing passwords and regularly rotate them. New Relic makes auditing changes to the environment readily available for every customer.

Regularly monitoring accounts for suspicious activity is crucial. New Relic recommends using automatically generated meta-events, such as NrAuditEvent and NrdbQuery, to understand user actions and queried telemetry. Customers should also review New Relic's Security bulletins and guides for best practices.

Here are some key takeaways to prevent credential-based compromises: