Centrify Server Suite, Platinum Edition

Features

Here is an overview of DirectSecure component of the Centrify Server Suite, Platinum Edition. For a detailed feature explanation, download our free white paper, Protecting Sensitive Information through IPsec-Based Server and Domain Isolation.

Deter External Security Threats from Unmanaged or Rogue Computers

Centrify Server Suite, Platinum Edition, prevents an "untrusted" system — a system that has not been authenticated via issuance of a PKI certificate or a Kerberos ticket from Active Directory — from establishing networking communication with "trusted" systems. Even if an attacker has obtained a valid username and password, they can't access your trusted systems. Leveraging the DirectSecure feature set prevents spoofing because trusted systems must be authenticated.

Protect Against Insider Threats by Restricting Access and Dynamically Segmenting your Network

Centrify Server Suite, Platinum Edition, delivers tiered network access and tighter control over who can access specific groups of systems. For example, with the DirectSecure feature set you can dynamically segment and isolate specific groups of systems. For example, you can limit a PCI audit just to the systems that process credit card data, not your entire network.

Enable Optional End-to-End Encryption of Data-in-Motion

Traffic between trusted systems is cryptographically protected so that the receiving system can verify that an authenticated system sent the packet and that the packet was not tampered with in transit. You can even configure groups of servers to accept specific types of traffic. In addition, some or all of the traffic between secured systems can be optionally encrypted, providing protection from malicious network users who attempt to capture and interpret network traffic.

Seamlessly Implement Logical Secure Boundaries Spanning Physical, Virtual and Cloud-Based Systems

Centrify Server Suite, Platinum Edition, lets you build logical security boundaries that span physical, virtual and cloud-based systems. These security boundaries are erected by independently authenticating and protecting each virtual machine, as opposed to attempting to partition traffic from MAC addresses.

Automate Certificate Provisioning on Linux and UNIX

Provisioning certificates is a very manual and time-intensive process. The DirectSecure feature set automates the provisioning of certificates by delivering a UNIX client for Microsoft's certificate server that can be managed by Group Policy and is secured via Kerberos.

Cost-Effectively Extend your Existing Infrastructure without the Need for additional Hardware or Software

Centrify Server Suite, Platinum Edition, builds upon technologies that already exist in your environment, including your existing Active Directory infrastructure and the IPsec functionality that is built into the modern Windows, Linux and UNIX operating systems that you have deployed. This means you can leverage existing skill sets, and the DirectSecure feature set works without the need for additional hardware or for disruptive changes to network topology or even to applications. Because the DirectSecure feature set uses IPsec, a Layer 3 protocol, it operates transparently to both applications and users. Finally, because Microsoft already provides both Group Policy and IPsec as a standard part of the Windows platform through its Server and Domain Isolation solution, there is no additional cost to integrate Windows systems with UNIX and Linux systems supported by Centrify Server Suite, Platinum Edition.