Server Isolation & Protection
Protect sensitive UNIX and Linux systems by dynamically isolating them and blocking untrusted systems from communicating with trusted systems
The Challenge
Today's rapidly growing networks are becoming even more interconnected and are moving toward a hybrid of physical, virtual and cloud computing. IT organizations are facing new challenges trying to balance the need for greater accessibility with the requirement to better secure sensitive information within this dynamic computing environment. While firewalls, secure routers and other security methods protect at the edge, unfortunately, once inside, unmanaged systems (for example, those brought in by guests and contractors) or rogue computers can cause damage in the form of introducing malware, exploiting vulnerabilities or launching denial-of service attacks.
Equally concerning is the fact that the majority of corporate data theft is now coming from insiders who are gaining access to systems that they should not be able to access.
Existing solutions for securing access to sensitive information are failing. Technologies such as VLANs do exist to segment your network, but they require costly hardware or agents on each end-user system, don’t work well in virtual or cloud environments, or force you to change your network topology and applications. Not only are existing solutions painful to deploy, but given the ever increasing number of successful insider attacks it is clear that existing approaches are failing.
The Centrify Solution
With DirectSecure, unmanaged or rogue computers are not able to establish network communication with systems protected within the logically isolated network. You can then further restrict network access to specific resources and you can even selectively encrypt network traffic.
Centrify offers a more flexible and cost-effective approach to securing your internal networks: Centrify DirectSecure. Unlike other solutions that are costly to deploy and inflexible, Centrify DirectSecure is a policy-based software solution that secures sensitive information by dynamically isolating and protecting cross-platform systems and enabling optional end-to-end encryption of data in motion. By leveraging your existing Active Directory infrastructure and the native IPsec support built into today's modern operating systems, DirectSecure seamlessly blocks untrusted systems from communicating with trusted systems, and does so without the need to change your network or applications. Additionally, DirectSecure enables you to take advantage of the new Windows 7 DirectAccess feature to secure end-to-end communications with UNIX and Linux systems running DirectSecure.
DirectSecure leverages your existing infrastructure to add another layer to your defense-in-depth strategy. DirectSecure blocks "untrusted" systems from communicating with "trusted" systems via its unique, server-based software solution that leverages your Active Directory infrastructure and the native IPsec support in modern operating systems. DirectSecure also delivers tiered network access by further isolating groups of systems. The result is improved adherence to regulatory compliance initiatives as well an additional layer of policy-driven protection against network attacks for mixed Windows, UNIX and Linux environments.
With DirectSecure, unmanaged or rogue computers are not able to establish network communication with systems protected within the logically isolated network. You can then further restrict network access to specific resources and you can even selectively encrypt network traffic.
Learn More
Next Steps
Without a product such as the Centrify product ... you have to cobble together a bunch of technologies to make it work, and you don't get the same integration.
Eric Kuzmack
IT Architect
Gannett