Enhanced industry-leading privilege elevation platform leverages the power of the Centrify Client to ensure just-in-time access for time-critical activities
ThycoticCentrify, a leading provider of cloud identity security solutions formed by the merger of privileged access management (PAM) leaders Thycotic and Centrify, today announced its newest update to Server Suite, including new capabilities that optimize just-in-time (JIT) privilege elevation workflows via the Centrify platform dynamically updating the Centrify Client. The latest version of the company’s flagship privilege elevation and delegation management (PEDM) solution now includes session audit data masking capabilities for UNIX to reduce the risk of exposing potentially sensitive or highly restricted data.
Read More: SalesTechStar Interview With Mary Shea, VP, Global Innovation Evangelist At Outreach
The principle of least privilege is recognized as an essential PAM best practice to support Zero Trust and zero standing privileges. When administrative tasks such as a system outage or a breach investigation require additional access, time is of the essence. However, while Active Directory (AD) has demonstrated its value as a central role management platform for over a decade, propagation of updated roles to endpoints can take hours, with potentially catastrophic repercussions.
With release 2021, Server Suite overcomes this issue by simultaneously updating AD and Centrify Client privilege policies through a mutually authenticated communication channel from the platform. As soon as access has been approved for the administrator, the local Client can enforce the updated policies, allowing the user to immediately login and elevate privilege as required to investigate and remediate. Thus, access is granted and available just-in-time, without compromising least privilege. This capability is only possible because of Server Suite’s client-based architecture, which can also enforce more advanced PAM capabilities such as real-time password reconciliation, delegated machine credentials, and brokered authentication.
“The pace of cyber-attacks is increasing, and that means administrators need to move faster to update and secure resources while still having controls in place that enforce least privilege,” said David McNeely, Chief Technology Officer at ThycoticCentrify. “In the newest version of Server Suite, we are simplifying just-in-time privileged access by removing extra steps, enabling organizations to adopt a ‘zero standing privileges’ security model by eliminating role-based assignments of privileged access rights. Our lightweight client and PAM platform establish a root of trust between all privileged identities, whether human or machine, to better distinguish between friend and foe and reduce risk.”
Server Suite’s Audit & Monitoring Service also includes new capabilities designed to limit exposure of passwords or other sensitive events captured in audit logs. Data masking for UNIX solves a critical challenge for highly regulated industries where data at rest can often be visible or, for example, when audit data is forwarded to a third-party event management tool such as Splunk®. Now, sensitive data in log files is masked on the server, so the original data is never exposed. Server Suite has also added auditing features, such as customization for prompts (including languages), audit reporting status to AD, and improved CPU utilization on Windows 10.
Other enhancements for multi-factor authentication (MFA) and chipset support include:
- Silent authentication for duplicate Radius password prompts after MFA
- Grace period control for both console and remote desktop protocol (RDP) sessions
- Support for M1 chip for MacOS
- DirectControl support for AMD ARM processor architecture (aarch64)
- Support for smartcard authentication with AD user certificates to Ubuntu workstations