Centrify’s Identity-Centric PAM Extends the Benefits of Microsoft’s Red Forest to Linux and UNIX for a Comprehensive IT Security Posture

February 25, 2020

San Francisco, CA ― RSA Conference 2020 ― February 25, 2020Centrify, a leading provider of Identity-Centric Privileged Access Management solutions, today announced extended privilege elevation configurations in the Red Forest to Linux and UNIX, building on its investment and leadership in this critical bridge between heterogeneous systems. With Centrify’s Identity-Centric PAM solutions, IT administrators utilizing Microsoft’s Red Forest can now achieve a more consistent security posture, reduce risk, and improve accountability, operational consistency, and compliance.

Microsoft’s Enhanced Security Administrative Environment (ESAE), aka “Red Forest,” is a popular security model designed to help minimize the risk of a domain level breach. It is ideal for companies with large populations of Windows servers, but leaves potential holes in heterogeneous IT infrastructure environments. Administrator privileges configured in the Red Forest are not enforced on their Linux and UNIX servers, resulting in a decentralized and fragmented security posture.

To bridge this gap, Centrify has enhanced its Identity-Centric PAM solution to extend privilege elevation configurations in the Red Forest to Linux and UNIX. Centrify is the first PAM vendor to support the most common Red Forest administrator use cases by providing identity consolidation and least privilege capabilities to *NIX platforms. For administrators logging into a Linux or UNIX system, Centrify ensures that the user’s Red Forest security group memberships are honored, whether logging directly into the server, or indirectly via Kerberos Single Sign-On (SSO) from another Windows system.

“We’re thrilled to bring yet another innovation to our customers who build their business around Active Directory, extending Centrify’s Identity-Centric PAM solutions to help our customers maximize the value of their Microsoft Red Forest deployments,” said Nate Yocom, Chief Technology Officer at Centrify. “Centrify‘s approach is based on Zero Trust principles to manage privileged identities and access end-to-end, across the entire corporate ecosystem including DevOps environments and tools such as containers and microservices.”

Many organizations have complex Active Directory infrastructures forged through rapid organic growth or mergers and acquisitions. They have long relied on Centrify’s innovations, such as supporting complex one-way, cross-forest trusts. Those who have embraced a Red Forest model benefit from enhanced protection against domain-specific attacks. However, organizations who also have a Linux or UNIX estate have not been able to take advantage of this, resulting in a patchwork security posture with access controls managed in multiple places. Centrify extends these benefits to heterogeneous environments, ensuring that Red Forest shadow group membership and related privileges are honored on Linux and UNIX servers. With this, IT gains a true centralized PAM solution that reduces risk, improves operational efficiencies, and helps ensure compliance.

Centrify empowers IT with the solution for true cross-platform security, ensuring that Red Forest access controls are enforced consistently across the entire IT server estate. Centrify achieves this with core elements of its Identity-Centric PAM solutions:

  • Centrify Authentication Service
    • Joins Linux and UNIX servers to Active Directory
    • Navigates the one-way, cross-forest trust required in Red Forest architectures
  • Centrify Privilege Elevation Service
    • Upon login to a domain-joined Windows server, Centrify interrogates the Kerberos login ticket to obtain Red Forest group membership
    • Upon direct login to a *NIX server, Centrify honors the Red Forest security group membership and applies the privileges to the administrative session
    • During Kerberos-based SSO from a domain-joined Windows server to a *NIX server, Centrify honors the Red Forest security group membership and applies the privileges to the administrative session

For more information about Centrify's Active Director Bridging capabilities, including in Red Forest administrative environments, visit https://www.centrify.com/privileged-access-management/authentication-service/active-directory-bridging/.

About Centrify
Centrify is redefining the legacy approach to Privileged Access Management by delivering multi-cloud-architected Identity-Centric PAM to enable digital transformation at scale. Centrify Identity-Centric PAM establishes a root of trust, and then grants least privilege access just-in-time based on verifying who is requesting access, the context of the request, and the risk of the access environment. Centrify centralizes and orchestrates fragmented identities, improves audit and compliance visibility, and reduces risk, complexity, and costs for the modern, hybrid enterprise. Over half of the Fortune 100, the world’s largest financial institutions, intelligence agencies, and critical infrastructure companies, all trust Centrify to stop the leading cause of breaches – privileged credential abuse.

Centrify is a registered trademark of Centrify Corporation in the United States and other countries. All other trademarks are the property of their respective owners.

Ready to Protect Against the #1 Attack Vector?

Register for a 30-day trial of Centrify's Privileged Access Management (PAM) software to minimize your attack surface and control privileged access to your hybrid environment.

Free Trial