ThycoticCentrify announced its latest update to Server Suite, adding just-in-time (JIT) elevation of privilege workflows.
These will be delivered through the Centrify platform, dynamically updating the Centrify client, the company says.
According to ThycoticCentrify, the latest version of the company’s flagship elevation and delegation of privilege (PEDM) management solution now includes session audit data masking capabilities for UNIX, to reduce the risk of exposure potentially sensitive or very restricted data.
The principle of least privilege is recognized as an essential PAM best practice to support zero trust and zero permanent privileges.
According to ThycoticCentrify, when administrative tasks such as a system crash or a breach investigation require additional access, time is of the essence.
However, while Active Directory (AD) has demonstrated its value as a central role management platform for over a decade, propagating updated roles to endpoints can take hours, with potentially negative results.
Realizing this, with the 2021 Server Suite release, ThycoticCentrify allows users to update AD and Centrify Client privilege policies through a mutually authenticated communication channel from the platform.
Once access has been approved for the administrator, the local client can apply the updated policies, allowing the user to log in immediately and elevate their privileges as needed to investigate and correct.
As a result, access is granted and available just in time, without compromising any privilege.
This capability is only possible thanks to the client architecture of Server Suite, which can also apply more advanced PAM features such as real-time password reconciliation, delegated machine credentials and negotiated authentication.
David McNeely, CTO of ThycoticCentrify, said, “The pace of cyberattacks is increasing, which means administrators need to speed update and secure resources while keeping controls in place that enforce least privilege.
“In the latest version of Server Suite, we simplify just-in-time privileged access by removing additional steps, allowing organizations to adopt a ‘no-persistent’ security model by eliminating entitlement assignments. privileged role-based.
“Our thin client and PAM platform establish a root of trust between all privileged identities, whether human or machine, to better distinguish between friend and foe and reduce risk.”
The Server Suite Auditing and Monitoring Service also includes new features to help limit the exposure of passwords or other sensitive events captured in audit logs.
Additionally, data masking for UNIX solves a challenge for highly regulated industries where data at rest can often be visible or, for example, when audit data is passed to a third-party event management tool such as Splunk. Now, sensitive log file data is hidden on the server, so the original data is never exposed.
Server Suite also added auditing features, such as customizing prompts (including languages), auditing report status to AD, and improving CPU usage on Windows 10.
Finally, improvements to multi-factor authentication (MFA) and chipset support include: silent authentication for duplicate Radius password prompts after MFA; grace period control for console and Remote Desktop Protocol (RDP) sessions; M1 chip support for MacOS DirectControl support for AMD ARM processor architecture (aarch64); and support for smart card authentication with AD user certificates on Ubuntu desktops.