Centrify Zero Trust Privilege Services
Centrify is redefining the legacy approach to Privileged Access Management by delivering cloud-ready Zero Trust Privilege to secure modern enterprise use cases. Zero Trust Privilege mandates a never trust, always verify, enforce least privilege approach. Centrify Zero Trust Privilege helps customers grant least privilege access based on verifying who is requesting access, the context of the request, and the risk of the access environment.
Product Enquiry Form
According to Forrester1, 80 percent of all hacking-related data breaches involve privileged access credentials. This illustrates that the legacy approach to Privileged Access Management (PAM) is no longer
enough and requires a rethinking of how to protect against privileged access abuse in today’s dynamic
threatscape. Centrify is redefining legacy-PAM by delivering cloud-ready Zero Trust Privilege to secure
access to infrastructure, DevOps, cloud, containers, Big Data, and other modern enterprise attack surfaces.
Today’s Security is NOT Secure
The number of breaches has skyrocketed in recent years, with global cybercrime-related damage costs expected to exceed
$6 trillion annually by the year 20212. At the same time, it’s become evident that attackers are no longer “hacking” to carry out data breaches — they are simply logging in by exploiting weak, stolen, or otherwise compromised privileged credentials. It’s just further proof that identity has become the new security perimeter and the battleground for mitigating cyber-attacks that impersonate legitimate users.
To add to this challenge, the attack surface of organizations has changed dramatically. Today organizations must not only control access to servers, databases, and network devices, but also look after cloud environments. Today’s modern enterprise environment includes Big Data projects, it must be automated for DevOps, and now needs to cover hundreds of containers and micro services to represent what used to be a single server.
A New Approach to Privileged Access Management is Needed Organizations need to recognize that perimeter-based security
provides very limited protection against the #1 cause of today’s breaches — privileged access abuse. Until we start implementing identity-centric security measures, account compromise attacks will continue to provide a perfect camouflage for data breaches.
As traditional network perimeters dissolve, organizations must discard the old model of “trust but verify”, which relied on well defined boundaries. Zero Trust mandates a “never trust, always verify, enforce least privilege” approach to privileged access, from inside or outside the network. Organizations may consider approaching PAM by solely implementing password vaults, leaving gaps that can easily be exploited.
Meet the Antidote to Privileged Access Abuse:
Zero Trust Privilege
Centrify Zero Trust Privilege combines password vaulting with brokering of identities, multi-factor authentication (MFA)
enforcement, and “just enough, just-in-time” privilege, all while securing remote access and monitoring of all privileged sessions.
Centrify Privileged Access Service
The Centrify Privileged Access Service provides you with all the capabilities to achieve your first step toward Zero Trust Privilege.
·· Discover and register all your privileged accounts and resources (including workstations) and vault away those privileged credentials so that they are properly managed.
·· Provide remote admins, outsourced IT, and third-party vendors with secure, VPN-less access to the specific infrastructure they manage
— on-premises and in the cloud.
·· Leverage a locked down and clean server gateway that serves as a distributed local jump box to avoid infections during remote connections.
·· Govern access to privileged account credentials, privileged sessions, and roles that grant privilege to individuals with
·· Apply MFA everywhere. This applies during vault login, password checkout, and server login.v
Centrify Authentication Service
Cloud-ready Zero Trust Privilege is designed to handle requesters that are not only human but also machines, services, and APIs. There will still be shared accounts, but for increased assurance, best practices now recommend individual identities and short-lived tokens, not shared accounts and static credentials.
·· Simplify user authentication to servers from any directory service including Active Directory, LDAP, and cloud directories.
·· Secure Linux and UNIX with the same identity services currently used to secure access to Windows systems.
·· Centrally manage machine identities and their credentials within Active Directory or the Centrify Authentication Service to establish an enterprise root of trust for machine-to-machine authentication based on a centralized trust model.
·· Manage system accounts the same way you would managing user accounts in Active Directory.
·· Quickly consolidate complex and disparate UNIX and Linux user identities into Active Directory with Centrify’s patented Zone technology — without having to first rationalize all user identities.
·· Manage authentication, access control, and group policy for non-Windows systems the same way as Windows.
·· Multi-factor authentication at login for Linux, UNIX, and Windows servers minimizes the risk of exposure.
Centrify Privilege Elevation Service
Centrify Privilege Elevation Service minimizes the risk exposure to cyber-attacks caused by individuals with too much privilege. The service allows customers to implement just enough, just-in-time privileged access best practices and in turn limiting potential damage from security breaches.
·· Secure and manage fine-grained privileges across Windows and Linux systems, limiting potential damage from security breaches via privilege elevation.
·· Simplify management of roles, rights, and privilege policies across heterogenous (UNIX, Linux, and Windows) environments.
·· Minimize security risk by enabling administrators to systematically
request a new role to obtain the rights they need to perform tasks.
·· Protect the execution of a privileged command through MFA.
Centrify Audit and Monitoring Service
For privileged sessions it is best practice to audit everything. With the Centrify Audit and Monitoring Service, monitoring and session recording can be achieved through either a gateway-based and/or host-based technique. Advanced monitoring capabilities even allow for process launch and file integrity monitoring.
·· Record and manage a holistic view of privileged activity across Windows and Linux servers, IaaS, and network devices, establishing a single source of truth for individual and shared accounts.
·· Gain new levels of oversight for privileged sessions on critical infrastructure. Administrative users watch activity in remote sessions in real-time and can instantly terminate suspicious sessions through the Centrify Admin portal.
·· Ensure session recording cannot be bypassed with host-based auditing. Discover rogue activity such as the creation and storage of SSH key pairs that would make it easy to bypass security controls, and attribute activity to the individual user.
Centrify Privilege Threat Analytics Service
Cyber adversaries are getting more and more sophisticated and therefore it is best practice to apply multiple security layers when protecting against privileged access abuse. Today’s threatscape requires security controls to be adaptive to the risk-context and to use machine learning to carefully analyze a privileged user’s behavior. Leveraging Centrify Privilege Threat Analytics Service can make the difference between falling victim to a breach or stopping it in its tracks.
·· Add an extra layer of security to stop the breach with risk-aware, adaptive MFA for IT admins who access Windows and Linux systems, elevate privilege, or leverage privileged credentials.
·· Leverage modern machine learning algorithms to carefully analyze a privileged user’s behavior and identify “anomalous”
or “non-normal” and therefore risky activities and alert or notify security. In addition, privileged user behavior analytics can be used to analyze most used and least used commands and activities and serve as a governance function to suggest changes to roles and rights.