Active Directory-based authentication, access control and role-based privilege management for Windows, Linux & UNIX
Standard Edition + privileged user auditing
Enterprise Edition + encryption of data-in-motion and server isolation
Any Edition + single sign-on for SAP, Apache and J2EE/Java applications
Single sign-on for cloud apps + mobile device supportMac Edition
Active Directory-based authentication and Group Policy management for Macs + mobile device supportPremium Edition
SaaS and Mac Editions + mobile device supportCentrify for Samsung KNOX
Active Directory-based SSO, MCM and MDM for KNOX-enabled devices
Here is an overview of key features of Centrify DirectSecure. For a detailed feature explanation, download our free white paper, Protecting Sensitive Information through IPsec-Based Server and Domain Isolation.
DirectSecure prevents an "untrusted" system a system that has not been authenticated via issuance of a PKI certificate or a Kerberos ticket from Active Directory from establishing networking communication with "trusted" systems. Even if an attacker has obtained a valid username and password, they can't access your trusted systems. DirectSecure cannot be spoofed because trusted systems must be authenticated.
DirectSecure delivers tiered network access and tighter control over who can access specific groups of systems. For example, with DirectSecure you can dynamically segment and isolate specific groups of systems. For example, you can limit a PCI audit just to the systems that process credit card data, not your entire network.
Traffic between trusted systems is cryptographically protected so that the receiving system can verify that an authenticated system sent the packet and that the packet was not tampered with in transit. You can even configure groups of servers to accept specific types of traffic. In addition, some or all of the traffic between managed systems can be optionally encrypted, providing protection from malicious network users who attempt to capture and interpret network traffic.
DirectSecure lets you build logical security boundaries that span physical, virtual and cloud-based systems. These security boundaries are erected by independently authenticating and protecting each virtual machine, as opposed to attempting to partition traffic from MAC addresses.
Provisioning certificates is a very manual and time-intensive process. DirectSecure automates the provisioning of certificates by delivering a UNIX client for Microsoft's certificate server that can be managed by Group Policy and is secured via Kerberos.
DirectSecure builds upon technologies that already exist in your environment, including your existing Active Directory infrastructure and the IPsec functionality that is built into the modern UNIX, Linux and Windows operating systems that you have deployed. This means you can leverage existing skill sets, and DirectSecure works without the need for additional hardware or for disruptive changes to network topology or even to applications. Because DirectSecure uses IPsec, a Layer 3 protocol, it operates transparently to both applications and users. Finally, because Microsoft already provides both Group Policy and IPsec as a standard part of the Windows platform through its Server and Domain Isolation solution, there is no additional cost to integrate Windows systems with UNIX and Linux systems supported by DirectSecure.