Actu
ThycoticCentrify, announced its newest update to Server Suite
July 2021 by Marc Jacob
ThycoticCentrify, announced its newest update to Server Suite, including new capabilities that optimize just-in-time (JIT) privilege elevation workflows via the Centrify platform dynamically updating the Centrify Client. The latest version of the company’s flagship privilege elevation and delegation management (PEDM) solution now includes session audit data masking capabilities for UNIX to reduce the risk of exposing potentially sensitive or highly restricted data.
The principle of least privilege is recognized as an essential PAM best practice to support Zero Trust and zero standing privileges. When administrative tasks such as a system outage or a breach investigation require additional access, time is of the essence. However, while Active Directory (AD) has demonstrated its value as a central role management platform for over a decade, propagation of updated roles to endpoints can take hours, with potentially catastrophic repercussions.
With release 2021, Server Suite overcomes this issue by simultaneously updating AD and Centrify Client privilege policies through a mutually authenticated communication channel from the platform. As soon as access has been approved for the administrator, the local Client can enforce the updated policies, allowing the user to immediately login and elevate privilege as required to investigate and remediate. Thus, access is granted and available just-in-time, without compromising least privilege. This capability is only possible because of Server Suite’s client-based architecture, which can also enforce more advanced PAM capabilities such as real-time password reconciliation, delegated machine credentials, and brokered authentication.
Server Suite’s Audit & Monitoring Service also includes new capabilities designed to limit exposure of passwords or other sensitive events captured in audit logs. Data masking for UNIX solves a critical challenge for highly regulated industries where data at rest can often be visible or, for example, when audit data is forwarded to a third-party event management tool such as Splunk®. Now, sensitive data in log files is masked on the server, so the original data is never exposed. Server Suite has also added auditing features, such as customization for prompts (including languages), audit reporting status to AD, and improved CPU utilization on Windows 10.
Other enhancements for multi-factor authentication (MFA) and chipset support include:
Silent authentication for duplicate Radius password prompts after MFA
Grace period control for both console and remote desktop protocol (RDP) sessions
Support for M1 chip for MacOS
DirectControl support for AMD ARM processor architecture (aarch64)
Support for smartcard authentication with AD user certificates to Ubuntu workstations
