Announcing Centrify’s New Analytics Service

February 14, 2017

After about two years of incredible hard work from the Centrify team, I am excited to announce the Centrify Analytics Service!

Our goal for Centrify Analytics Service is to extend the Centrify Identity Services Platform to provide risk-based access management across apps and infrastructure.


We all by now agree that IT and security teams in any enterprise are challenged with the risk of being breached in an enterprise that spans across cloud, mobile and data center. Traditional perimeter-based security is not good enough anymore, and the industry supports this claim:

  • PwC in Information Security Breaches Survey 2016 titled, “A matter of when, not if, a breach will occur,” states very clearly that a breach for an organization is imminent and the company needs to be prepared.
  • A security expert explains that the problem with traditional perimeter based security is that, “Most organizations today rely on the walls and moats of yesteryear, thinking they’re defending against catapults and cannons, while attackers instead use drones and highly targeted stealth technology.”
  • Verizon Data Breach Report 2016 states 63% of data breaches involve compromised credentials.

The Centrify Identity Services Platform protects against the leading point of attack used in data breaches ― compromised credentials — by securing an enterprise’s internal and external access to apps and infrastructure. We’ve extended the platform to increase security through request-based access control to eliminate permanently assigned access or privileges. We provide  multi-factor authentication to ensure that accounts are not misused and only authorized people are accessing business apps or resources.

The Centrify Analytics Service extends our platform by adding real-time analysis and correlation of various events, including “who’s accessing what” and “who’s doing what.” With this real-time context, Centrify can assign a risk level to each access, and use that as part of policy that can mitigate the risk of being breached. More importantly, Centrify Analytics Service is tightly integrated (as it’s built ground-up by Centrify) into the Centrify Identity Services Platform to enable policy enforcement based on risky access behavior.

What Are the Features?


Customers can only react to potentially risky situations if they have suitable knowledge. Insights is the toolset that supplies that knowledge.


As the Centrify Analytics Service is an extension to our platform, this means that all the Centrify Identity Service and Centrify Privilege Service events around “who’s doing what?” is fed into the analytics service. This new service is a modern big data stack built on AWS, Hadoop, Spark and powered by machine learning. It is then presented to IT and security with over a dozen UI widgets to help users understand access risk or, in general, any access pattern within the enterprise.


While Insights provides targeted knowledge about potential risk, Explorer provides tools to drill down into events.


For every event we process in the analytics service, the risk in real-time is computed as high, medium or low for any anomalous activity. This is done by first profiling user access behavior around apps and resource usage, and then comparing current actions against behavioral norms for each user. There are a bunch of other sub-features Explorer has — for example cross-filtering, “auto-magic” query generator etc., all of which are aimed at providing users the ability to better understand access events. Also, like Insights, we expose over dozen UI widgets here to better understand the events and risks.

Risk-based Access Control

As we analyze all the events from our platform, we can profile the normal access pattern for a user on a particular application or resource and identify anomalies in real-time. This risk assessment is now included as part of adaptive access policy in our platform to enable risk-based access control on apps and infrastructure access. We quantify anomalous activity into low, medium or high risk and expose that to the policy enforcement engine for app and infrastructure access.


An administrator can then leverage this risk-based access control as another control for  portal login, application access or resource access / account checkout — in short wherever you can enable Centrify’s Authentication Profiles (that can Allow, Deny or MFA to any access), you can leverage this risk level policy enforcement.

How To Get the Centrify Analytics Service?

It’s simple — you can try the service in one of the two ways:

  • If you are an existing Centrify Identity Service or Centrify Privilege Service Customer, please ask your Centrify representative to help enable this for you
  • If you are an new customer, start with a Free trial of Centrify Identity Service or Centrify Privilege Service to help enable the Centrify Analytics Service

Please stop by and see us this week at RSA, booth #1827 in South Hall at San Francisco’s Moscone Center and ask to see a live demonstration of the Centrify Analytics Service.

Learn more about Centrify Analytics Service here

This is written by the individual author in his/her personal capacity, and the opinions, views and/or thoughts expressed herein are solely the author’s own. They are not intended to and may not necessarily reflect the official policy or position, or the opinions or views of ThycoticCentrify or its affiliates, employees, or any other group or individual.