Just Out: Centrify Suite 2013 R2 (aka 2013.2)

Today Centrify announced that it has shipped Centrify Suite 2013 Release 2 (“2013.2”), a pretty significant update to our flagship Centrify Suite that provides an integrated “Active Directory Bridge” plus Privileged User Management solution for Windows, UNIX and Linux systems (including user-level auditing, as well as additional capabilities such as server isolation and encryption of data-in-motion. Featuring advanced security configuration and ease-of-use functionality, as well as improved auditing and reporting capabilities, this new release of the Centrify Suite has been specifically designed to further enable organizations to quickly and effectively mitigate risks from internal threats, meet compliance requirements, and reduce operational costs across the broadest set of cross-platform systems deployed on-premise and in the cloud. In this blog post I will drill down a bit into some of the new functionality we introduced in Centrify Suite 2013.2.

But first let me provide some context behind our product enhancements. The reality is that threats or breaches — be them malicious or completely unintentional — associated with the actions of insiders (e.g. employees, IT contractors, offshore IT workers and even partners) is growing. Linking access privileges and activity back to specific individuals establishes both the control required to minimize security risks and the visibility required to achieve compliance, resulting in operational efficiencies across heterogeneous server environments. However, managing user privileges can be challenging in many organizations since identities and entitlements often reside in disparate silos or are managed locally on servers rather than centrally. The Centrify Suite leverages existing directory infrastructure (namely Active Directory), allowing organizations to identify and eliminate “blind spots” in administrator access across the broadest range of Windows, UNIX and Linux platforms, resulting in one single identity for users and one unified identity architecture for IT.

The new Centrify Suite 2013 Release 2 (2013.2) builds on the core enhancements Centrify introduced in Suite 2013 with new reports in Centrify Audit Analyzer, new auditing of DirectManage administrative activity, and automation for report scripting and simple database management. In addition, enhancements to Centrify Audit Analyzer enable targeted querying of audit trails by role across Windows, UNIX and Linux systems, and provide commonly used queries that are pre-configured and ready to run. New audit report templates can be used to generate reports based on user-specified criteria, and to create customized reports for compliance to regulations such as HIPAA, MAS, PCI DSS, SOX, GLBA, FISMA, and NERC.

Centrify Suite 2013.2 includes updates to DirectAuthorize for Windows, an integrated solution that eliminates problems associated with too many users having broad and unmanaged administrative powers. The solution delivers secure delegation of privileged access and granular enforcement of who can perform what administrative functions, and includes advanced auditing, access control, and privilege management on Windows computers. In addition, Centrify Suite 2013.2 introduces a collection of new features to help reduce the risks caused by local administrator accounts on Windows Servers, enable support of complex command scripts for automation, and improve usability and security.

Let me drill down in detail on some of these new features by product.

DirectAuthorize Enhancements

New features include:

  • Automate creation of administrative roles. New pre-defined administrative application rights make it easy to create and assign roles that let your administrators run privileged applications without giving full Local Administrator rights.
  • Enhanced security for administrative identity. You can now optionally require users to enter their login password whenever they create or switch to a privileged desktop, or use a privileged application or network right. This protects your administrator’s identity if they step away from their workstation without locking the screen.
  • Leverage your existing Active Directory security groups. Unique among privilege management solutions for Windows, DirectAuthorize now supports adding the privileges of any Active Directory security group – built-in domain groups or custom groups you’ve created – to specific application, desktop, and network rights. You can also immediately leverage the work you’ve already done in Active Directory, granting users the privileges of ‘service’ accounts and security groups without having to share passwords, while your users’ Windows identity remains constant.
  • Support for more complex scripting. The command-line RunAsRole utility now supports redirection of application input/output, and will optionally wait until an application terminates and pass back the application return code, enabling more complex decision branching within scripts.
  • Visual cues for privileged desktops. Users can now apply customized backgrounds to privileged desktops, helping them keep track of the privileges they’re using. And administrators can use Active Directory Group Policy to display specific backgrounds (such as acceptable use policies) on privileged desktops.
  • Sudoers Import enhancements. Sudoers Import now supports GID in both user list and runas list.

DirectAudit Enhancements

New features include:

  • Global option to disable video capture. You can now disable video capture for a DirectAudit deployment through a simple checkbox in DirectManage Audit Manager. The default for a new installation is “Off. ” The installer retains the setting from an existing installation during upgrade.
  • New reports for audit trail events in Audit Analyzer. You can now query audit trail events by DirectAuthorize role. You can also search for specific types of events, making it easy to create custom reports showing, for example, everyone in a privileged role who logged on remotely to a specific set of machines during the previous week. Reports can be exported in a variety of different file formats: HTML, PDF, Excel, CSV, and XML. And you can create and save custom reports.
  • Multiple-select support and data export for user sessions. You can now select multiple user sessions in Audit Analyzer for export or deletion. You can export user sessions to common data format (CDF), to an event list, or to Windows Media Video (WMV) format.
  • New report templates. Six new report templates in Audit Analyzer make it easy to drill down into user logons, user or privileged activity, and Centrify Zone administration. Reports can be exported in a variety of different file formats: HTML, PDF, Excel, CSV, and XML.
  • Automation for report scripting and simple database management. The FindSession command-line utility now supports additional functionality that makes it easy to script report generation and perform simple management operations on the DirectAudit database.
  • Additional options for auditing administrative activity. Through Active Directory Group Policy, you can specify whether audit trail events for Centrify Zone administration and DirectAuthorize for Windows Agents should be generated, and where they should be captured. You can also specify that no events should be captured, captured only to the Audit Store, captured only to the Windows Event Log, or captured to both the Audit Store and Windows Event Log. You can also report on activity such as the creation, modification, and assignment of DirectAuthorize roles across users and machines, or the creation and deletion of Zones.
  • DirectControl Enhancements

    • Name mapping for smart cards (alternate identity smart card). The Centrify DirectControl Agent now supports login via name mapping smart cards on both Mac and Red Hat platforms.
    • New platform support. The DirectControl Agent now supports these additional platforms:
      • CentOS 5.9, 6.4 (32-bit and 64-bit)
      • Debian 7, 7.1 (32-bit and 64-bit)
      • Mint LMDE 201303 (32-bit and 64-bit)
      • Mint 15 (32-bit and 64-bit)
      • OpenSuSE 12.3 (32-bit and 64-bit)
      • Oracle Linux 5.9, 6.4 (32-bit and 64-bit)
      • Oracle Solaris 11.1 (x86_64 and SPARC)
      • Red Hat Fedora 18, 19 (32-bit and 64-bit)
      • Red Hat Enterprise Linux 5.9, 6.4 (32-bit and 64-bit)
      • Scientific Linux 5.9, 6.4 (32-bit and 64-bit)
      • Ubuntu 13.04 (32-bit and 64-bit)
    • Centrify OpenSSH Installer enhancement. Centrify OpenSSH automatically adopts specific configuration settings if the target computer already has an SSH installed.

    So as you can see we have added a lot to Centrify Suite 2013 R2 !!!! Existing customers can log onto the Centrify support portal to get the latest software, or new customers can request a free evaluation.