Tom Kemp's Centrify Blog

The recent revelation that Barracuda Networks had numerous privileged "backdoor" user accounts with weak passwords once again draws attention to not only the need to have strong passwords but also the need for privileged identity management.

• Read the full article

Last week we came out with a new release to our suite of solution. This latest and greatest version is called Centrify Suite 2012.2, which updates DirectControl to version 5.0.2, DirectAuthorize to version 2.0.2, DirectAudit to 2.0.2, and DirectManage Deployment Manager to 2.1.2. Customers can download it here while Express users can get it here. While a minor update, we have packed into a number of goodies that I want to talk to you about in this blog post.

• Read the full article

A new Washington state law went into effect earlier this month that makes a business or a credit card processor liable for unauthorized access to credit card information it stores. The key thing with the law is that businesses or processors are not liable if they are PCI DSS compliant, so in effect this further motivates businesses who process credit cards to get compliant. This is part of a growing trend for states to in effect incorporate PCI into state law.

• Read the full article

Recently VMware published its official release of the vSphere 4.0 Security Hardening Guide. I was pleased to see that Centrify was the only third-party identity management vendor called out by VMware to "provide tighter integration with Active Directory" when it recommends to use a directory service product for authentication for the ESX Service Console. While Centrify was called out vis a vis the security requirements around Console OS password policies, in looking at the hardening guide it became readily apparent that the Centrify Suite can address a wide range of vSphere hardening requirements for enterprises, and this blog post gives an example of some of the additional value add Centrify can provide.

• Read the full article

Many of our customers want DirectControl to seamlessly integrate with Samba - the de facto industry standard CIFS File Server for Linux and UNIX - so I have blogged a few times about what we offer in terms of Samba interoperability as well as on the technical and architectural details around our Samba integration. But because there is a bit of overlapping capability with what Samba offers and what DirectControl offers, we occasionally get questions on how we compare to what Samba offers, so in this blog post I am going to drill down a bit into two areas of overlapping functionality with DirectControl and Samba's windbind capability.

• Read the full article

With the release of DirectSecure earlier this year and the release of DirectAuthorize last year we have broadened our PCI footprint to address additional PCI requirements, so I want to use this blog post to talk about some of the added requirement we now address.

• Read the full article

I saw in Network World a recent article with the headline, "IRS security faults leave taxpayer information at risk." In reading the article and digging down into the actual United States Government Accountability Office (GAO) report (entitled "Information Security: IRS Needs to Continue to Address Significant Weaknesses") that the article uses as its source, it turns out that the major findings in the audit were really about the need for comprehensive privileged identity management within the Internal Revenue Service. In this blog post I will analyze the GAO report and map the report to specific capabilities that Centrify addresses.

• Read the full article

It was three years ago that Bill Gates made his last appearance at the RSA Conference and introduced the Microsoft vision of "Secure Anywhere Access in a Connected World." It was 2 years later that part of that vision became reality with the introduction of technology in Windows 7 and Windows 2008 R2 called DirectAccess. In this blog post I will give an overview of DirectAccess and discuss how Centrify DirectSecure embraces and extends it to non-Microsoft platforms; i.e. even better together.

• Read the full article

DirectSecure can optionally encrypt data in motion. Here are two immediate reasons why you need it.

• Read the full article

DirectSecure can help you meet PCI DSS requirements around network segmentation and address section 1.2 of PCI regarding restricting connections between untrusted networks.

• Read the full article

In this blog post I will talk more about how DirectSecure works and specifically how it leverages IPsec.

• Read the full article

With the release of Centrify Suite 2010, we introduced two new products: DirectManage and DirectSecure. In this blog post I will discuss what DirectSecure does at a high-level and why customers need it. In later blog posts discuss how it works, give some use cases, and then discuss how it extends Windows 7 DirectAccess to cross-platform environments.

• Read the full article

Five years and one week ago Centrify entered the market with the announcement of DirectControl version 1.0. Today, we are pleased to announce the release of Centrify Suite 2010. In five years we have gone from 1 product to 5 products, from a few beta sites to over 1500 customers including some of the largest enterprises in the world, and from a classic Silicon Valley startup to a mature, profitable software company with staff throughout the world. In this blog post let me talk about some of the new products and new features that make up Centrify Suite 2010.

• Read the full article