Here is an overview of key features of Centrify DirectAudit. For a detailed feature explanation, download our free white paper, Protecting Sensitive Information through IPsec-Based Server and Domain Isolation.
DirectSecure prevents an "untrusted" system a system that has not been authenticated via issuance of a PKI certificate or a Kerberos ticket from Active Directory from establishing networking communication with "trusted" systems. Even if an attacker has obtained a valid username and password, they can't access your trusted systems. DirectSecure cannot be spoofed because trusted systems must be authenticated.
DirectSecure delivers tiered network access and tighter control over who can access specific groups of systems. For example, with DirectSecure you can dynamically segment and isolate specific groups of systems. For example, you can limit a PCI audit just to the systems that process credit card data, not your entire network.
Traffic between trusted systems is cryptographically protected so that the receiving system can verify that an authenticated system sent the packet and that the packet was not tampered with in transit. You can even configure groups of servers to accept specific types of traffic. In addition, some or all of the traffic between managed systems can be optionally encrypted, providing protection from malicious network users who attempt to capture and interpret network traffic.
DirectSecure lets you build logical security boundaries that span physical, virtual and cloud-based systems. These security boundaries are erected by independently authenticating and protecting each virtual machine, as opposed to attempting to partition traffic from MAC addresses.
Provisioning certificates is a very manual and time-intensive process. DirectSecure automates the provisioning of certificates by delivering a UNIX client for Microsoft's certificate server that can be managed by Group Policy and is secured via Kerberos.
DirectSecure builds upon technologies that already exist in your environment, including your existing Active Directory infrastructure and the IPsec functionality that is built into the modern UNIX, Linux and Windows operating systems that you have deployed. This means you can leverage existing skill sets, and DirectSecure works without the need for additional hardware or for disruptive changes to network topology or even to applications. Because DirectSecure uses IPsec, a Layer 3 protocol, it operates transparently to both applications and users. Finally, because Microsoft already provides both Group Policy and IPsec as a standard part of the Windows platform through its Server and Domain Isolation solution, there is no additional cost to integrate Windows systems with UNIX and Linux systems supported by DirectSecure.