Most auditing tools simply capture who logged on and when - not what they did. Even products that capture keystrokes won't show you the result of those commands. Centrify DirectAudit records comprehensive user session activity: what commands were executed, what changes were made to key files and data, and what output appeared. This level of detail is required to meet compliance requirements, and takes the guesswork out of troubleshooting changes that may have led to system failures.
Most auditing tools are not designed for complex enterprise environments. For example, some tools simply stop collecting audit data on a remote system if the network goes down. DirectAudit was designed to be highly reliable. It continues to collect all audit data on a remote system if the network goes down, and subsequently forwards it to the DirectAudit Collector Service when the network is back up. To ensure audit data traffic is secure and does not impact the network, it is communicated in an authenticated and encrypted format.
DirectAudit is an enterprise-scale solution designed to collect data from large numbers of systems. Multiple, load-balanced DirectAudit Collector Services can gather data from audited systems and forward it to a central SQL Server database that can act as a large-scale data warehouse.
While other tools rely on proprietary data formats that limit reporting options, DirectAudit uses a modern SQL Server database. This means you can easily report and search on all session data using the DirectAudit Console or third-party reporting tools. Archiving and purging session data is also easy as well.
Other auditing tools may simply list who logged on and off a system. DirectAudit lets you visually replay any user session on any audited system to see just what that user saw: the commands that were executed, the changes made to key files and data, and the system output. You can pause, rewind, or fast-forward — as easy as using a VCR.
Many tools do not store detailed audit data in a central SQL database, severely limiting your ability do ad hoc queries. DirectAudit not only provides out-of-the-box views of user sessions, but also lets you perform a full-text search for specific keywords. Mining key audit and system availability data is as easy as searching the Internet.
Other auditing solutions provide a historical view of system activity. From a central console, DirectAudit gives you a real-time, at-a-glance view of activity on all your audited UNIX and Linux systems. For each session you can see who is logged on, and you can immediately drill down to see what they are currently doing. This is an invaluable tool for both spotting suspicious activity and quickly troubleshooting system issues.
DirectAudit helps you prove to IT auditors that your access controls are working. To implement those access controls, Centrify DirectControl's patent-pending Zone technology gives you the unique ability to keep sensitive systems — such a personnel, engineering, or ERP systems — restricted to specific groups of users and yet centrally manage accounts, password policies and more through Active Directory. DirectControl also gives you the ability to comply with regulatory mandates for accountability, associating a specific user session in DirectAudit with an individual, not a generic administrative account or an obscurely named UNIX account on an single system. Centrify offers a single, built-for-the-enterprise solution that is more secure, supports more platforms, and is easier to deploy and manage than the collection of acquired point products other vendors provide.