In today's IT environments, threats or breaches associated with the actions of insiders -- such as employees, IT contractors, offshore IT workers and even partners -- can be malicious or completely unintentional. Linking access privileges and activity back to specific individuals establishes both the control required to minimize security risks and the visibility required to achieve compliance, resulting in operational efficiencies across heterogeneous server environments. However, managing user privileges can be challenging in many organizations since identities and entitlements often reside in disparate silos or are managed locally on servers rather than centrally. The Centrify Suite leverages existing directory infrastructure, allowing organizations to identify and eliminate "blind spots" in administrator access across the broadest range of Windows, UNIX and Linux platforms, resulting in one single identity for users and one unified identity architecture for IT.
According to Gartner: "The opening up of enterprise systems, information assets and business processes brought about by social networking, exposure to the cloud, mobile devices (especially consumer-owned devices and big data) brings with it a whole new set of security and privacy concerns. Enterprise IT and information security organizations that, in the past, spent most of their time worrying about semi-random, largely unskilled virus and worm outbreaks, must now concern themselves with highly sophisticated financially and even politically motivated attacks...As hacktivists, organized crime and nation states increase the pressure, enterprise security must evolve, particularly to counter the increasing risk from insider threats and targeted attacks." 1
Managing Privileged Users to Protect Against Insider Threats
Point solutions exist for privilege management of Windows systems or UNIX and Linux systems, but Centrify offers the only solution that secures all these platforms by leveraging existing directory infrastructure to create a unified identity architecture. The Centrify Suite offers a comprehensive, cross-platform approach to identity management that includes integrated authentication, access control, privilege management, policy enforcement, and compliance reporting -- all based on a single, unified architecture that leverages Microsoft Active Directory.
The new Centrify Suite 2013.2 builds on the core enhancements Centrify introduced in Suite 2013 with new reports in Centrify DirectAudit, new auditing of DirectManage administrative activity, and automation for report scripting. In addition, enhancements to Centrify DirectAudit enable targeted querying of audit trails by role across Windows, UNIX and Linux systems, and provide commonly used queries that are pre-configured and ready to run. New audit report templates can be used to generate reports based on user-specified criteria, and to create customized reports for compliance to regulations such as HIPAA, MAS, PCI DSS, SOX, GLBA, FISMA, and NERC.
Centrify Suite 2013.2 includes updates to DirectAuthorize for Windows, an integrated solution that eliminates problems associated with too many users having broad and unmanaged administrative powers. The solution delivers secure delegation of privileged access and granular enforcement of who can perform what administrative functions, and includes advanced auditing, access control, and privilege management on Windows computers. In addition, Centrify Suite 2013.2 introduces a collection of new features to help reduce the risks caused by local administrator accounts on Windows Servers, enable support of complex command scripts for automation, and improve usability and security. Key features include:
· Advanced security configurations. Administrators can now enforce user re-authentication, which optionally prompts a user to provide credentials again prior to performing tasks that require super user privileges. For example, when a user creates or switches to a desktop with elevated privileges, or elevates privilege to execute a specific application, administrators can optionally require re-authentication of a user's login password.
· Ease of use. An enhanced interface for administrators to quickly and easily create new roles by selecting from a list of predefined, standard Local Administrator rights.
· PowerShell module. Administrative users can now script complex management operations for Centrify deployments using cmdlets provided in the new DirectManage Module for PowerShell. Combined with the existing support for privileged application, network, and desktop rights within PowerShell scripts, the module enables integration with other IT tools and processes through Microsoft's standard scripting environment for Windows administrators.
Centrify Suite 2013.2 has added support for 30 new operating system platforms, including CentOS 5.9 and 6.4; Debian 7; Fedora 18; Mint 15 and Mint LMDE 201303; OpenSUSE 12.3; Oracle Linux 5.9 and 6.4; Red Hat Enterprise Linux 5.9 and 6.4; Scientific Linux 5.9 and 6.4; Oracle Solaris 11.1; and Ubuntu 13.04. This brings the total number of operating system platforms supported to more than 475, far exceeding any other "Active Directory Bridge" and/or Privilege Management solution for UNIX, Linux and Windows systems.
"An often overlooked aspect of 'the insider threat' is hidden risks, including higher operational costs and an increased attack surface associated with privileged user activity," said Matt Hur, Centrify senior director of product management. "These issues are not unique to any one platform since organizations have multiple insiders accessing UNIX, Linux and Windows platforms. With Centrify, organizations can secure access for insiders, reduce helpdesk burden, improve access controls, and leverage their existing Active Directory infrastructure and skillsets across any server deployed on premise and in the cloud."
Pricing and Availability
Centrify Suite 2013.2 is available today from Centrify and authorized partners worldwide. The Centrify Suite is licensed on a per server basis and starts at $385 per server and $65 per workstation. For more information about the Centrify Suite and a five-minute demo, visit http://www.centrify.com/suite. To request a free Centrify Suite trial, visit http://www.centrify.com/trial.
Note 1 – Gartner, Inc. "The Nexus of Forces Changes Everything: Gartner Symposium/ITxpo 2012 Keynote," David A Willis, et al. Jan. 10, 2013.
Centrify provides Unified Identity Services across the data center, cloud and mobile that results in one single login for users and one unified identity infrastructure for IT. Centrify's solutions reduce costs and increase agility and security by leveraging an organization's existing identity infrastructure to enable centralized authentication, access control, privilege management, policy enforcement and compliance. Centrify customers typically reduce their costs associated with identity lifecycle management and compliance by more than 50%. With more than 4,500 customers worldwide, including 40% of the Fortune 50 and more than 60 Federal agencies, Centrify is deployed on more than one million server, application and mobile device resources on-premise and in the cloud. For more information about Centrify and its solutions, call (408) 542-7500, or visit http://www.centrify.com/.