Delinea News | See what's happening at Delinea

ThycoticCentrify Modernizes JIT Elevation with Release of Server Suite

Written by Kali Linette | July 14, 2021 4:00:00 AM Z

Enhanced industry-leading privilege elevation platform leverages the power of the Centrify Client to ensure just-in-time access for time-critical activities

Santa Clara, Calif. and Washington D.C. ― July 14, 2021ThycoticCentrify, a leading provider of cloud identity security solutions formed by the merger of Privileged Access Management (PAM) leaders Thycotic and Centrify, today announced its newest update to Server Suite, including new capabilities that optimize just-in-time (JIT) privilege elevation workflows via the Centrify platform dynamically updating the Centrify Client. The latest version of the company’s flagship privilege elevation and delegation management (PEDM) solution now includes session audit data masking capabilities for UNIX to reduce the risk of exposing potentially sensitive or highly restricted data.

The principle of least privilege is recognized as an essential PAM best practice to support Zero Trust and zero standing privileges. When administrative tasks such as a system outage or a breach investigation require additional access, time is of the essence. However, while Active Directory (AD) has demonstrated its value as a central role management platform for over a decade, propagation of updated roles to endpoints can take hours, with potentially catastrophic repercussions.

With release 2021, Server Suite overcomes this issue by simultaneously updating AD and Centrify Client privilege policies through a mutually authenticated communication channel from the platform. As soon as access has been approved for the administrator, the local Client can enforce the updated policies, allowing the user to immediately login and elevate privilege as required to investigate and remediate. Thus, access is granted and available just-in-time, without compromising least privilege. This capability is only possible because of Server Suite’s client-based architecture, which can also enforce more advanced PAM capabilities such as real-time password reconciliation, delegated machine credentials, and brokered authentication. 

“The pace of cyber-attacks is increasing, and that means administrators need to move faster to update and secure resources while still having controls in place that enforce least privilege,” said David McNeely, Chief Technology Officer at ThycoticCentrify. “In the newest version of Server Suite, we are simplifying just-in-time privileged access by removing extra steps, enabling organizations to adopt a ‘zero standing privileges’ security model by eliminating role-based assignments of privileged access rights. Our lightweight client and PAM platform establish a root of trust between all privileged identities, whether human or machine, to better distinguish between friend and foe and reduce risk.”

Server Suite’s Audit & Monitoring Service also includes new capabilities designed to limit exposure of passwords or other sensitive events captured in audit logs. Data masking for UNIX solves a critical challenge for highly regulated industries where data at rest can often be visible or, for example, when audit data is forwarded to a third-party event management tool such as Splunk®. Now, sensitive data in log files is masked on the server, so the original data is never exposed. Server Suite has also added auditing features, such as customization for prompts (including languages), audit reporting status to AD, and improved CPU utilization on Windows 10.

Other enhancements for multi-factor authentication (MFA) and chipset support include:

  • Silent authentication for duplicate Radius password prompts after MFA
  • Grace period control for both console and remote desktop protocol (RDP) sessions
  • Support for M1 chip for MacOS
  • DirectControl support for AMD ARM processor architecture (aarch64)
  • Support for smartcard authentication with AD user certificates to Ubuntu workstations

 

About ThycoticCentrify

ThycoticCentrify is a leading cloud identity security vendor, enabling digital transformation at scale. ThycoticCentrify’s industry-leading privileged access management (PAM) solutions reduce risk, complexity, and cost while securing organizations’ data, devices, and code across cloud, on-premises, and hybrid environments. ThycoticCentrify is trusted by over 14,000 leading organizations around the globe including over half of the Fortune 100, and customers include the world’s largest financial institutions, intelligence agencies, and critical infrastructure companies.

© Thycotic Software, LLC and Centrify Corporation 2021. ®Centrify and ®Thycotic are registered trademarks of Centrify Corporation and Thycotic Software, LCC, respectively. All other trademarks are property of their respective owners.