Security Monitoring, Alerting and Automation

PagerDuty employs a comprehensive security strategy involving continuous monitoring and alerting to proactively detect and resolve issues, utilizing tactics such as port availability monitoring, centralized logging, and active response systems. They use Gauntlt for infrastructure security checks, Sumologic for centralized logging to detect suspicious activity, and OSSEC for intrusion detection by analyzing log data for unusual behavior. Active response tools like DenyHosts automatically block IPs involved in brute force attacks, and they utilize gateway servers for secure access. Although they currently do not use OSSEC's blocking capabilities, they plan to enable them as they better understand attack patterns. This proactive approach ensures their services remain operational and hints at future enhancements to their security infrastructure.