PREVENT SPOOFED OR BYPASSED PRIVILEGED ACCESS
Taking a host-enforced approach to session auditing, recording, and reporting ultimately results in better control over privileged access in your environment. Centrify Audit and Monitoring Service extends its proxy-based capabilities with a host-based approach that ensures your privileged access controls are not bypassed, as they can be with a password/secrets vault alone.
Thwart Attacks and Gain Granular Visibility into Privileged Activity
Monitor privileged sessions across on-premises and cloud-based infrastructure.
Establish accountability by associating privileged activity with an individual.
Identify abuse of privilege with high-fidelity recordings of sessions and indexed session metadata.
Ensure session recording cannot be bypassed with host-based auditing.
Shell-level and process-level monitoring for high-risk systems that is virtually impossible to spoof.
Host-Based Session Auditing and Video Capture
Capture and collect data in a high-fidelity recording of each privileged session on any server or network device across your on-premises and cloud-based infrastructure. Stores sessions in an easily searchable SQL Server database for a holistic view of exactly what happened on any system, by any or all users, and at any given time.
Threat Detection and Deep Forensics with Process-Level Auditing
Centrify host-based session auditing, recording, and reporting comes with capabilities for advanced monitoring at process-level combined with shell-based auditing to identify suspicious application changes.
Monitor Changes to Critical Files
In recent history, high profile data breaches were made possible by insiders who created back door accounts that circumvented traditional password vault approaches. Privileged users are also known to find ways to bypass the password vault in their environment to make their daily routine easier.
This type of rogue access, often leverages SSH keys stored locally on servers, expands an organization’s attack surface and puts them at a higher risk of a security breach. Centrify File Integrity Monitoring identifies changes to configurations and critical files in real-time, enabling triggered security alerts within an organization’s SIEM system to warn of the creation of a backdoor to bypass the password vault.
Indexed and Searchable Database of Session Activity for Individual Accountability
Record all privileged sessions and metadata, attributing activity to an individual to deliver a comprehensive picture of intentions and outcomes. Searchable playback feature gives IT security managers and auditors the ability to see exactly what users did and identify abuse of privilege or the source of a security incident.
Report on Access, Checkouts, Sessions and Use of Privilege Across Your Infrastructure
Gain comprehensive visibility with unified access and activity reporting based on a common platform. Customizable and built-in queries and out-of-box reports for SOX and PCI regulatory compliance provide information on privileged account access controls, password checkout and privileged sessions across Windows, Linux, UNIX and network infrastructure.
Streamlined Integration with SIEM, Alerting and Reporting Tools
Privileged access data is captured and stored to enable robust querying by log management tools and integration with external reporting tools. Streamlined integration with SIEM and alerting tools such as Micro Focus® ArcSight™, IBM® QRadar™ and Splunk® identify risks or suspicious activity quickly.
See Centrify Audit and Monitoring Service in Action
Detect Malicious Activity in Scripts
Detect External Devices Connected to Critical Servers
Watch this video to learn how Centrify Zero Trust Privilege Services help detect malicious activity in scripts.
Watch this video to learn how Centrify Zero Trust Privilege Services helps detect external devices connected to critical servers.
centrify Audit and monitoring service
The Centrify Audit and Monitoring Service data sheet provides an overview on how customers can fulfill their compliance mandates through auditing and reporting, as well as shut down any dangerous workarounds by putting host-based monitoring.