Identity consolidation and privileged access management across Windows, Linux, and UNIXEnterprise Edition
Detailed auditing of privileged user sessions on Windows, Linux and UNIXPlatinum Edition
Dynamic segmentation and isolation of cross-platform systemsApplication Edition
Secure, centralized single sign-on to on-premises business applications
Single sign-on and unified management for cloud and mobile apps and devicesMac Edition
Centralized security and management for Macs and mobile devicesPremium Edition
SaaS and Mac Editions combined with mobile security management
Wednesday, August 1, 2012
Centrify Insight was recently updated on splunkbase to version 1.3. As I have previously blogged, Centrify Insight is a free monitoring and reporting tool built on Splunk that helps you identify and analyze authentication, authorization and other events taking place on the UNIX, Linux and Mac systems managed by Centrify Suite or Centrify Suite Express.
Frequently our customers have told us that while they rely on Centrify to provide complete granular control over their UNIX and Linux systems, they leverage Splunk side by side with Centrify for visibility into the access and health of those same systems. As a result Centrify is a strong supporter and partner of Splunk. In the past year we have done several joint events including Centrify appearances at Splunk Live events, a joint webinar espousing the benefits of the Windows and Active Directory apps from splunk in combination with Centrify Insight and we have contributed as guest bloggers for Splunk. We look forward to continuing and expanding this vital partnership in the coming quarters.
One more thing: Centrify is a sponsor and will be appearing at the upcoming Splunk .conf at the Cosmopolitan Hotel in Las Vegas, September 10th through the 13th. We will have a booth showing off the latest version of Centrify Insight as well as the Centrify Suite and would love to talk with you and show you a demo. See you there!
But back to this post…In this blog post I would like to highlight a few of the main features of Centrify Insight. In addition, Centrify Insight version 1.3 adds several exciting new dashboards and features that I would like to introduce to you.
Centrify Insight provides real-time visibility into the management of, and access to, UNIX and Linux systems protected by the Centrify Suite. Centrify Insight also provides reports and forensics with respect to changes made in Active Directory, management of Centrify Zones and the health of DirectControl agents. Centrify Insight is a Splunk application that listens to Active Directory domain controllers and security event logs, as well as *NIX logs and the Centrify Suite logs to provide the type of insight you need to answer security and forensic questions about Centrify secured systems. Centrify Insight uses Splunk as an enabling platform to provide operational intelligence on the local *NIX system and Active Directory accounts, identity, access, roles and health of Centrify protected systems. And best of all, Centrify is making this available for FREE!!!
The Centrify team has been hard at work improving the capabilities, adding features and adding support for the most recent releases of the Centrify Suite and the Splunk platform.
As a reminder, Insight 1.0 initially provided answers regarding changes to Active Directory objects in order to answer questions such as “When and who changed a user, group or computer object in Active Directory” and “What attribute(s) were changed and what were the previous value(s)”. In a similar manner Insight tracked Centrify Zone changes to answer questions such as "Who Zone-enabled a user, effectively provisioning access to all systems in that Zone?” or "What attributes were changed in the Zone object and what were the previous values?". For Insight 1.3, support for the latest Zones (including hierarchy and inheritance) has been updated.
Centrify Zone Activity search pane allows you to search for any Centrify object type including changes, adds and deletes in a Zone or across many zones.
In the several iterations since Insight 1.0 including this latest 1.3 version, we have added many other important features and benefits:
One of the primary use cases for Centrify Insight is to monitor all system access attempts on systems protected by the Centrify Suite. This includes both successful and failed logon attempts by users who are either managed locally or in Active Directory. Centrify insights can also breakdown access methods (e.g. console, ssh, su), the top users accessing systems, password change attempts and even users who have access to systems but who have not logon for a period of time.
Systems Access dashboard shows statistics of user/group/computer accounts, password changes and user login attempts.
In addition to monitoring system access to particular systems, you can pivot and examine, report and alert on users access activity.
Login Statistics Overview dashboard shows summary information for systems protected by the Centrify Suite.
Finally, you can centrally monitor the health and availability of the Centrify Agent from a single dashboard using Centrify Insight.
Centrify Health Overview gives you a central dashboard of all DirectControl agents, their status and relevant errors.
Centrify Insight is available free of charge on Splunkbase. You can pick up Centrify Express here. Finally, support is available on the Centrify Insight Community, where you can exchange best practice advice with Centrify staff and other Centrify Insight users. Check it out!
Tom Kemp is CEO of Centrify. You can follow him on his Centrify blog.