Centrify Privileged Access Management:
Serving the Needs of Cyber Security Teams
Security professionals know that there is no such thing as 100% protection against cyber-attacks. However, moving from a static, reactive security approach to an adaptive, proactive approach dramatically decreases an organization’s cyber risk exposure. Centrify PAM solutions empower cybersecurity practitioners to proactively block attacks and identify abnormal behavior to eliminate threats and minimize risk.
Address the #1 Cause of Data Breaches
Cyber attackers long ago figured out that the easiest way to gain access to sensitive data is by compromising an end user’s identity and credentials. According to the Verizon 2017 Data Breach Investigation Report, 81% of hacking-related breaches leverage stolen, default, or weak credentials. Often these credentials belong to privileged users, giving cyber adversaries the “keys to the kingdom” and a perfect camouflage for their surveillance and data exfiltration efforts.
Even the term “hacker” is becoming obsolete. Attackers no longer hack their way through sophisticated security barriers; they simply log in using legitimate stolen or purchased credentials without raising the alarm. Once inside, they download tools to gain elevated rights or “live off the land” using IT’s tools to help them map out the network. They move laterally from server to server, looking for privileged accounts and credentials to gain access to their target, then exfiltrate your sensitive data slowly and quietly. Often, they create a back door so they can return multiple times, covering their tracks as they go, so it may be months before you detect them.
While many security practitioners are aware of this new threatscape, they’re often instructed to invest most of their security budget in perimeter-based security. Instead of protecting against the #1 source of data breaches — privileged credential abuse — they continue to deploy more firewalls, intrusion prevention systems, and other network-centric controls.
In addition to this misalignment of security investments, the sheer volume of security-related alerts overwhelms cybersecurity professionals, making it next to impossible to react quickly to find the needle in the haystack and prevent attacks in an early stage.
Let Centrify Help
Centrify PAM solutions provide you with the visibility and control you need to detect and prevent data breaches. Whether the threat is from external cyber attackers or malicious insiders and whether your infrastructure is in a data center, private cloud, IaaS provider, or spread across multiple clouds.
With Centrify PAM, you can:
Identify Privileged Access Risk
Every minute undetected takes an attacker closer to achieving their goal. Go beyond simple ID and password validation; use static rules to check for unusual contexts such as access from atypical locations, untrusted networks, odd times, or an unknown device. For situations you can’t predict or easily create rules for, leverage modern artificial intelligence and automatically maintain behavioral profiles of legitimate user behavior to determine risk.
Assess Risk at Multiple Places
Opportunities to compromise your systems and data exist in many places. So should your PAM security controls. Use the above static or dynamic risk assessments to identify potential attacks at the vault (for example, during vault login, password checkout, SSH key and secret retrieval, and brokered server login) and at the server itself (for example, at server login, and during privilege elevation).
Insights to Monitor all Privileged Access Activity
If you suspect a breach, you need the tools to react and investigate quickly. Use Centrify dashboards to continually track key PAM-related metrics or feed PAM events into your enterprise SIEM to alert on suspicious activity. Monitor live user sessions in real-time and terminate if deemed suspicious. Visually replay and search inside recorded sessions to investigate suspicious user activity.
Alert to Suspicious Privileged Access Activity
Alerting quickly can mean the difference between being breached and stopping the breach. The Centrify Platform provides event logging consistently for all Centrify products, correlating events across your dispersed systems and centralizing them. Send these events to your SIEM or Webhook-enabled tools such as Slack or incident response systems such as PagerDuty to enable real-time alert delivery, eliminating the need for multiple alert touchpoints and improving response time.
Prioritize and Remediate Suspicious Activity
Gain specific and detailed information about suspicious privileged access activity. Security managers can take immediate remediation action to protect against potential risk or a threat in progress directly from the alert screen and manually or automatically terminate a session based on the risk.
When you get a clear picture of the breadth of capabilities Centrify PAM provides, you begin to understand just how many security checkboxes it ticks. I’m still surprised at the number of issues I was able to address with just this single solution., IT Security Operations Manager, GSI
Learn More About Centrify
2022 Gartner Magic Quadrant for Privileged Access Management
Gartner Identifies Centrify as a Leader in the 2022 Privileged Access Management Magic Quadrant.