ThycoticCentrify adds just-in-time workflows to Server Suite
ThycoticCentrify has announced its newest update to Server Suite, adding just-in-time (JIT) privilege elevation workflows.
These will be delivered via the Centrify platform, dynamically updating the Centrify Client, the company states.
The latest version of the company's flagship privilege elevation and delegation management (PEDM) solution now includes session audit data masking capabilities for UNIX, to reduce the risk of exposing potentially sensitive or highly restricted data, according to ThycoticCentrify.
The principle of least privilege is recognised as an essential PAM best practice to support zero trust and zero standing privileges.
ThycoticCentrify says, when administrative tasks such as a system outage or a breach investigation require additional access, time is of the essence.
However, while Active Directory (AD) has demonstrated its value as a central role management platform for more than a decade, propagation of updated roles to endpoints can take hours, with potentially negative outcomes.
Recognising this, with the 2021 Server Suite release, ThycoticCentrify enables users to update AD and Centrify Client privilege policies through a mutually authenticated communication channel from the platform.
As soon as access has been approved for the administrator, the local client can enforce the updated policies, allowing the user to immediately login and elevate privilege as required to investigate and remediate.
As a result, access is granted and available just-in-time, without compromising least privilege.
This capability is only possible because of Server Suite's client-based architecture, which can also enforce more advanced PAM capabilities such as real-time password reconciliation, delegated machine credentials, and brokered authentication.
ThycoticCentrify chief technology officer David McNeely says, "The pace of cyber attacks is increasing, and that means administrators need to move faster to update and secure resources while still having controls in place that enforce least privilege.
"In the newest version of Server Suite, we are simplifying just-in-time privileged access by removing extra steps, enabling organisations to adopt a 'zero standing privileges' security model by eliminating role-based assignments of privileged access rights.
"Our lightweight client and PAM platform establish a root of trust between all privileged identities, whether human or machine, to better distinguish between friend and foe and reduce risk."
Server Suite's Audit - Monitoring Service also includes new capabilities to help limit exposure of passwords or other sensitive events captured in audit logs.
In addition, data masking for UNIX solves a challenge for highly regulated industries where data at rest can often be visible or, for example, when audit data is forwarded to a third-party event management tool such as Splunk. Now, sensitive data in log files is masked on the server, so the original data is never exposed.
Server Suite has also added auditing features, such as customisation for prompts (including languages), audit reporting status to AD, and improved CPU utilisation on Windows 10.
Finally, enhancements for multi-factor authentication (MFA) and chipset support include: silent authentication for duplicate Radius password prompts after MFA; grace period control for both console and remote desktop protocol (RDP) sessions; support for M1 chip for MacOS DirectControl support for AMD ARM processor architecture (aarch64); and support for smartcard authentication with AD user certificates to Ubuntu workstations.