Centrify Server Suite, Enterprise Edition

Centrify DirectAudit Features

The Centrify Server Suite, Enterprise Edition, captures historical user activity to establish accountability and ensure identity-related compliance with government regulations and industry mandates. The key Enterprise Edition component is Centrify DirectAudit, which integrates seamlessly with the identity consolidation and privileged access management features of Centrify Server Suite, Standard Edition, to provide clear visibility and auditing of the activities of privileged users. For a detailed feature explanation, download our free white paper, Privileged User Activity Auditing: The Missing Link for Enterprise Compliance and Security.

Here are the key features of the Centrify DirectAudit component of Enterprise Edition:

Detailed Recording and Playback of Privileged User Sessions

Centrify Audit Analyzer
Centrify Audit Analyzer

You have a single view that contains sessions for Windows, Linux and UNIX sessions.

ADUC Integration
ADUC Integration

You can also right-click on users in Active Directory Users and Computers and view DirectAudit-recorded sessions.

Centrify captures and stores a detailed recording of privileged user sessions on Windows, UNIX and Linux systems. Unique audit policies can easily be configured with options to leverage video capture only on the most critical systems, or for users in a specific role, and to audit Centrify administration activity such as the management of Centrify Zones. The Centrify Audit Analyzer gives you a global view of privileged user sessions across your audited environment, and proof of regulatory compliance for auditors through out-of-the-box reports that capture both current and historical sessions grouped by server, user, or other criteria.

Visual Replay with Indexed Search

DirectAudit Replayer for Windows
Audit Analyzer Player: Windows Example

In this example, clicking on the indexed event list on the left takes you directly to the place the admin launched a SQL Server session.

DirectAudit Replayer for Linux
Audit Analyzer Player: Linux & UNIX Example

In this example, clicking on the indexed event list on the left takes you directly to the place where the user tried to switch to the root account and log in.

You can see what happened in a specific session at a high level by viewing a command/event summary, or you can replay the video to see every action taken by a user and every system response. You can pause, rewind, fast-forward, scrub through the timeline, or jump to a specific point in the video replay. This unique playback feature gives IT security managers and IT auditors the ability to proactively identify insider threats, and perform forensic investigation into which privileged user did what after an incident occurs.

DirectAudit Query Wizard
DirectAudit Query Builder

Using the DirectAudit query builder, you can find sessions based on a wide variety of criteria, create your own views of user sessions, and export them for reporting purposes.

Out-of-the-box queries and compliance reports provide information on both active and historical sessions. The flexible query builder supports the creation of customized reports based on search options including by user, computers, time period, type of event, and role. For example, a compliance report can easily be configured to show everyone in a privileged role who logged on remotely to a specific set of computers during the previous week.

Third-Party Reporting and Alerting

User session metadata is captured to enable integration with reporting tools. Centrify stores audit information in an SQL database, which enables robust querying by log management tools, and an event serialization service enables integration with SIEM and alerting tools.

Policy-Based Auditing Integrated with Role-Based Authorization

You can configure Centrify to trigger auditing sessions for specific users, computers or roles. DirectAudit policies can be applied to a Global Zone or Child Zone, enabling secure delegation of audit policy settings.

At-a-Glance View of All Current User Activity & Proof of Regulatory Compliance

The Audit Analyzer provides real-time visibility into user sessions on every audited Windows, UNIX and Linux system. For each session you can see who is currently logged in, and you can immediately drill down to see what they are in the process of doing. Detecting insider threats before a security breach happens can save money and reputation for an organization.

By centralizing your access controls, privileges, and privileged user's activity with Centrify Server Suite you can quickly generate comprehensive reports that prove identity related compliance with government regulations and industry mandates. Auditors can be handed reports that document which users have access to what servers and with what administrative privileges. Privileged activity is associated with an individual and recorded versions of their entire privileged sessions are available on demand.