Centrify Privileged Access Management:
Serving the Needs of IT Teams
IT organizations are increasingly deploying and managing hybrid environments that combine cloud-based and data center infrastructure. All this while striving to mitigate the risk of insider and cyber threats, as well as constantly evolving PCI DSS, SOX, and other industry mandates and government regulations. Centrify PAM solutions enable centralized control and visibility over privileged access and simplified compliance to protect against this complex and evolving threat landscape.
Minimize the Attack Surface While Enabling the Business
You need rock-solid security but not at the expense of productivity.
Modern organizations must strictly control access to hybrid infrastructure and enforce individual accountability while improving IT productivity and user experience whether in the office or remote. Implementing a least privilege access model, securely managing shared privileges, and associating privileged activity to an individual are essential to having the control and visibility you need to combat threats, intentional or not.
Minimizing your attack surface is the common thread. You do this by reducing the number of in-roads available to attackers, strictly controlling access to privileged accounts, and assigning temporary and time-bounded privileged access when a user needs it. IT security practitioners need a modern PAM solution capable of addressing these needs across a hybrid IT infrastructure that might span a datacenter, DMZ, private cloud, multiple cloud VPCs, and even multiple cloud providers.
Achieving this for your protection is not enough, however. For incident response investigations, IT practitioners also need complete visibility into all privileged activities. For compliance audit efforts, IT practitioners must help by proving these controls are in place and effective. All this can add a lot of extra cycles to an already busy calendar.
Let Centrify Help
Centrify tailored its PAM solutions to meet the needs of today’s IT teams. With Centrify PAM, you can:
Leverage a standard enterprise authentication service across on-premises and cloud-based infrastructure. Have your privileged users log in as themselves using their unique identity while federating privileged access for outsourced IT and other third parties to avoid creating new identities.
Control Shared Access to Privileged Accounts
Minimize your attack surface by deleting or disabling as many shared accounts as you can and vaulting those that are absolutely necessary. Strictly control the use of vaulted shared accounts for brokered login sessions or checkout. Leverage just-in-time access and risk-based MFA as additional safeguards to ensure access to these “keys to the kingdom” is only granted for legitimate purposes and a limited time.
Grant Elevated Privilege, Just-in-Time
A zero standing privileges approach to access control reduces the risk associated with user error, malicious attacks, and security breaches. When privilege is required – for example, to service a help desk ticket – an administrator requests a role and provides sufficient context to justify the request. Centrify routes requests to approvers through workflow, and if approved, grants the privilege for a limited time.
Reinforce Secure Access to Critical Systems
Roles and rights strictly control what systems and network devices a user can log in to and what applications and commands they can run. At all access control decision points – server or vault login, password checkout, SSH key/secret retrieval, and privilege elevation – leverage risk-based MFA for identity assurance.
Secure Remote Access
Working from home is the new normal and making it quick and easy for legitimate users – IT teams, outsourced IT, and third-party vendors. Granting secure privileged access to the systems IT needs to manage without the hassles and inherent risk of virtual private networks (VPN) is simple with Centrify. Being a native SaaS application, the Centrify Vault Suite provides access anytime, from anywhere.
Monitor, Manage and Record Privileged Sessions
Detect suspicious user activity and alert in near real-time to stop in-progress attacks. Monitor live privileged sessions and terminate instantly if deemed inappropriate or suspicious. Capture privileged session activities with full video and metadata indexing for video search. In case an attacker or malicious insider circumvents the vault to log in to a server with a vaulted account, leverage host-based auditing that the attacker can’t evade.
Enforce Accountability and Prove Compliance
Avoid visibility gaps by auditing and capturing session activity across your Windows, Linux, UNIX, and network infrastructure, whether on-premises or in the cloud. For full accountability, tie all privileged activity to an individual. Compliance reporting provides a complete picture of users’ access and privilege and privileged activity.
Centrify PAM presented us with all the centralized privileged user identity management we’d been trying to build for years. It would allow us to eliminate both the hodgepodge of password files that had existed across the environment and the sudo files that had been usurping IT resource time., Technical Services Administration Manager, State of Michigan