Skip to content
Centrify Logo
  • Support
  • Community
  • Contact
  • Try it Now
  • Why Centrify
  • Products
  • Solutions
  • Resources
  • Support
  • Company

Centrify Perspective

December 18, 2017, by Louise Popyk

Why Password Vault Only Solutions Are Not Enough to Stop a Breach

‘Twas the month of Christmas and all through the town,

packages ‘round trees were being carefully laid down.

But much to the surprise of one neighborhood,

their packages were stolen, taken for good!

Despite guarded gate, doorbell cameras and perimeter wall,

the residents had no clue about their tormenters at all!

One crafty neighbor with experience from Christmases before,

Built a zero-trust model, to protect more than his front door.

All that entered the house, he could monitor and see,

and to access his extra special stuff required more than just one key.

One night as he slept, something stirred in the in-law suite,

Under a cloak of darkness looking for a treat.

A sneak came in through the garage door.

So, what was it that the camera saw?

Nothing at all it’s sad to say

Pointing only at the front door is not the best way.

An alert was triggered, lateral movement at midnight not allowed.

And the extra key for the basement they had not been endowed.

Security in the home stopped the wine cellar breach

Perfect Cabernet was saved for the Christmas feast.

By now a lot of computer security readers are asking themselves, “What does this have to do with me? I’m worried about real problems like my company’s future product plans, my customers financial data, etc.” Aaah but the story could have a lot to do with you ….

Well, someone possibly convinced your company that managing privileged account passwords and gateway/jump box session recording would provide the ultimate protection — just like the home builder that sold the gated community to future homeowners on the protections provided by the guarded gate, perimeter wall and doorbell cameras. These measures can help somewhat towards protecting their inhabitants — homes or computers, but in these dangerous times — they are not enough. Important gaps remain. It’s easy to leap a fence or sidestep a jump box based session recording. Therefore we can’t assume all server access occurs through the jump box (e.g. “front door”). We need to secure our computer hosts for the threats that can occur when the servers are accessed directly or when other security measures have failed and malware is present on the host.

Verizon Data Breach Investigative Report (DBIR) and others agree that privileged user attacks are a current vector of choice, due in large part to their access to valuable information. Thus securing these users’ credentials and monitoring their use is of utmost importance.In Gartner’s 2017 Privileged Access Management (PAM) Market Guide two types of solutions are defined for addressing these risks. First there is privileged account and session management. In layman’s terms this means vaulting and managing credentials as well as recording user sessions. In many initial implementations, session recording is achieved via a jump box and assumes that all privileged activity will traverse the jump box. Secondly the report refers to privilege elevation and delegation management, which is essentially enforcing least privileges for users on the operating system.  Note that Gartner specifies that privilege elevation is controlled by “host-based agents.” With Centrify’s implementation of host based security, users have just enough privilege to do their job and their activity is recorded regardless of how they accessed the host. This safeguards against “leave behinds” like back doors or SSH keys. Furthermore, this can be bolstered with access request and/or time-based access to enable a zero-trust model.

Centrify Infrastructure Services provides password vaulting, session monitoring at the gateway or on the host, as well as enforces least privilege on the host combined with multi-factor authentication (MFA) at login or privilege elevation. Providing this host based security allows that no matter how the host is accessed the risk and potential damage is reduced.

At the end of the day, the crafty neighbor did not trust that his house was secure, he limited lateral movement by controlling access to his basement, he required more than just the front door key to access his wine cellar and he had cameras everywhere. That might be a little spooky in your home, but maybe his wine collection was something to behold much like your company’s future product plans or customer’s financial information.

At the end of the day, we don’t want to be that home builder who gave the neighborhood a false sense of security, we want you to be the crafty neighbor and we provide the tools for you to be just that for your compute infrastructure.

Learn more about Centrify Solutions for Privileged Access Management.

  • Facebook
  • Twitter
  • Linked In
  • Google+
  • Email

Post navigation

← German Court: Employees Can Be Held Liable for Damages Caused by CEO Fraud
The Year in Review: Rethink Security →

Centrify Blog

Keep up to date with Centrify and with current IT Security best practices by subscribing to our blogs. Topics include:

  • All Centrify Blogs
  • Centrify Perspective
  • From the Cloud
  • Guest Perspectives
  • Hot Topics
  • I AM Centrify
  • It's All About Identity
  • Mobile Frontier
  • Partner Corner
  • Twitter
  • Linked In
  • Blog Feed



Recent Posts


Five Reasons to Visit Centrify Booth #N6445 at RSA 2019

By Michele Hayes , February 5, 2019
in “Hot Topics”


Putting the Reins in Good Hands

By Tom Kemp , January 24, 2019
in “Secure Thinking by Tom Kemp”


Myth vs Reality: Join as Centrify Debunks 5 Myths of Zero Trust Security

By Brad Shewmake , January 15, 2019
in “Hot Topics”


The State of Cyber Security in Healthcare

By Torsten George , January 8, 2019
in “Centrify Perspective”


CEO Fraud Continues to Rear Its Ugly Head

By Tom Kemp , December 18, 2018
in “Centrify Perspective”

Our Bloggers

  • Andy Heather

    Managing Director, EMEA
  • Andy Smith

    VP, Product Marketing
  • bradzehring

    Brad Zehring

    Director Product Management
  • David McNeely

    Chief Strategy Officer
  • Greg Cranley

    Vice President Federal & Public Sector Sales
  • Nate Yocom

    Chief Technology Officer
  • Niall King

    Senior Director APAC Sales
  • Tim Steinkopf

    CEO
  • Tom Kemp

    Co-founder
  • tonygoulding

    Tony Goulding

    Director, Technical Marketing
  • Torsten George

    Senior Director, Product Marketing
→ See All Bloggers

Popular Tags

  • access management (2)
  • Active Directory (72)
  • Adaptive MFA (30)
  • Analytics (13)
  • App gateway (4)
  • Apple (6)
  • Application Security (10)
  • Application to Application Password Management (4)
  • Artificial Intelligence (2)
  • Audit (8)
  • authentication (9)
  • authorization (2)
  • AWS (23)
  • Big data (12)
  • BlackHat (2)
  • Breach (3)
  • byod (5)
  • CASB (2)
  • Centrify (7)
  • centrify connect (4)
  • Centrify Express (9)
  • centrify identity service (37)
  • Centrify Infrastructure Services (4)
  • Centrify Privilege Service (46)
  • Centrify Server Suite (24)
  • Certificate Management (4)
  • CIS (2)
  • Cloud (79)
  • Cloud Identity (40)
  • Compliance (18)
  • Compliance Audit (28)
  • contextual authentication (2)
  • Customer Success (7)
  • cyber risk (2)
  • cyberconnect (3)
  • Cybersecurity (2)
  • data breach (31)
  • databases (2)
  • DevOps (3)
  • DevSecOps (2)
  • endpoint access (2)
  • Enterprise Mobility Management (EMM) (33)
  • Federal compliance (14)
  • Federation (5)
  • forrester (15)
  • Gartner (9)
  • GDPR (10)
  • google apps (5)
  • Governance (4)
  • Group Policy (10)
  • Hadoop (13)
  • HeartBleed (3)
  • HSPD-12 (2)
  • Hybrid IT (6)
  • IaaS (5)
  • idaptive (2)
  • identity (25)
  • Identity Analytics (4)
  • Identity and Access Management (IAM) (87)
  • Identity as a Service (IDaaS) (64)
  • Identity Broker (3)
  • Identity Management (92)
  • identity platform (35)
  • iOS (3)
  • IoT (4)
  • iPhone (2)
  • just enough privilege (3)
  • just in time privilege (2)
  • Least Privilege (49)
  • Mac (8)
  • Mac OS X (37)
  • Machine Learning (3)
  • macos (3)
  • MFA (138)
  • mobile (7)
  • Mobile Device Management (MDM) (36)
  • Mobile Security (72)
  • Mobile World Congress (3)
  • Multi-factor Authentication (167)
  • Next-Gen Access (21)
  • next-gen workers (2)
  • NIST (3)
  • NIST 800-171 (2)
  • NoSQL (2)
  • Office 365 (25)
  • Outsourced IT (3)
  • PAM (3)
  • Partners (47)
  • Password (93)
  • Password Management (81)
  • Password Reset (9)
  • PCI (2)
  • PIM (2)
  • ponemon (16)
  • Privilege Elevation (3)
  • privileged access management (17)
  • Privileged Access Security (37)
  • Privileged Identity Management (165)
  • provisioning (4)
  • Real-Time Analytics (3)
  • research (2)
  • Risk-based Access Control (2)
  • Role-based Access Control (13)
  • RSA (4)
  • SaaS (71)
  • SAML (32)
  • Samsung KNOX (14)
  • SAP (3)
  • SAPM (9)
  • Secure remote access (2)
  • SecurIT (2)
  • Security (35)
  • Security Breaches (47)
  • Security Insights (26)
  • ServiceNow (7)
  • Shadow IT (2)
  • Shared Account Password Management (19)
  • Single Sign-On (SSO) (157)
  • smart card (2)
  • Smart Card Authentication (8)
  • sso (2)
  • Thoma Bravo (2)
  • User Behavior Analytics (2)
  • VPN (3)
  • Windows Privilege (2)
  • World Password Day (2)
  • zero trust (3)
  • zero trust privilege (3)
  • zero trust security (58)
  • Zero Trust Summit (3)
1.669.444.5200
Contact Us
  • Twitter
  • Linked In
  • YouTube
  • Facebook

Products

  • Application Services
  • Endpoint Services
  • Infrastructure Services
  • Analytics Services
  • Federal CAC Reader
  • Pricing
  • Free Trials

Company

  • About Us
  • Blogs
  • Management
  • News and Events
  • Investors
  • Careers
  • Contact

Services

  • Overview
  • Professional Services
  • Training

Support

  • Support Portal Login
  • Support Plans
  • Centrify Trust
  • Cloud Status

Communities

  • Centrify
  • Developer
  • Express

Developers

  • Overview
  • APIs
  • Direct Audit SDK
  • Direct Manage SDK
  • SAML Toolkits

Resources

  • White Papers
  • Case Studies
  • Webinars
  • Solution Briefs
  • Documentation

©2019 Centrify Corporation. All rights reserved. Privacy Policy Terms of Use Site Map