In working with customers to understand their IT security and compliance challenges, we focused on delivering the following benefits:
Centralized, role-based entitlement management designed for compliance
- Consolidates UNIX and Linux entitlement management in Microsoft Active Directory, streamlining administration and closing security gaps caused through lax deprovisioning and change management practices
- Links entitlements to Active Directory accounts and groups, enhancing accountability and compliance reporting through a global view of users' entitlements across the enterprise
- Role-based entitlement model meets regulatory requirements for defining "least access" controls and administrative privileges delegated according to job duty, protecting enterprises against both accidental and malicious changes
- Restricted Environment feature permits users to execute only specific "whitelisted" commands, resulting in unambiguous compliance reporting compared to other systems that require security managers to pile on "deny" specifications
- Built-in reports for users and computers give auditors a complete view of authorizations
Simplified privilege management that goes beyond sudo and other existing products
- Graphical user interface makes creating roles and rights far easier compared to scripting complex sudo policy files or learning other solutions' proprietary scripting languages that cannot match the rich group-based modeling available in Active Directory
- Centrally and securely apply and report on policies from Active Directory, as opposed to trying to manage config files on individual systems
- Unique ability to control users' access to secured systems via PAM-enabled applications and interfaces (SSH, FTP, etc.)
- Unique Restricted Environment feature provides the option to restrict users to a "whitelist" of specific commands, compared to older, cumbersome and error-prone solutions that permit all actions except those that are put on a "deny" list
- Simplifies users' workflow, enabling them to execute commands with privilege without having to change accounts, remember additional passwords, or learn new commands
Single, cost-effective architecture for cross-platform authentication, access control and authorization
- Comprehensive privilege management provided as part of an integrated authentication, access control and authorization solution that is priced below what you would expect to pay for a single, older point product that addresses just one of these areas
- Part of a comprehensive suite designed from the ground up to seamlessly integrate a wide array of UNIX and Linux systems with existing Active Directory infrastructure, tools and processes
Rapid, non-intrusive deployment and management
- Leverages existing Active Directory domain controller infrastructure; no additional servers or network infrastructure needed
- No Active Directory schema changes required
- Does not require proprietary changes to UNIX kernel; no reboot required after installation
- Streamlines IT management by leveraging existing Active Directory tools and processes
- Management data is stored in Active Directory, a modern LDAP database that has a rich ecosystem of available administration, provisioning and reporting tools
Highly available and fault-tolerant
- Leveraging Active Directory domain controller infrastructure ensures high availability and fault-tolerant network connection
- Local caching ensures entitlements are enforced even in cases when the computer is disconnected
