Have you ever wondered what happens to all the information that is generated by computers as they log the activities of users doing things? Every click, every command, every application interaction and every error is recorded as these actions occur. Sometimes these “events” figuratively do go on a road to nowhere… they just sit unanalyzed on a server somewhere waiting to fill up the disk with their eventual growth. The answer to the first sentence is that the information lies in these stacks of data, and that is a problem.
As soon as you say problem — here comes software to the rescue– Centrify is excited to announce that customers can now import Centrify events into their favorite Security Information Event Management (SIEM) tool. Centrify now has integrations with leading SIEM vendors like Splunk, HPe (ArcSight) and IBM (QRadar). This allows customers to get centralized, enterprise-wide, visibility to monitor and identify critical security threats from privileged users. Specifically, this enables granular analysis of privileged user sessions to make response time faster and to allow later forensic analysis. Another way of saying this: You can now find the answers by putting your data on a road into a SIEM for analysis.
What might this look like?:
Next, this information would be collected and then sent to Splunk, QRadar or ArcSight. We are excited to have collaborated with the leaders in the SIEM space to bring this solution to our joint customers. Truly helping customers get insight into their privileged users and how that correlates with other security activity is as important as anything else we do here at Centrify. The extensibility of Centrify events helps customers better leverage their investment in Centrify and the SIEM tool of choice. Most importantly we believe this kind of solution is essential in the fight against cyberattacks as we know privileged users are targeted in many large breaches, so getting visibility into how these privileges are being used is the key to incident discovery, response and remediation.