Dubai, UAE ― Centrify, a leading provider of Identity-Centric Privileged Access Management (PAM) solutions, today announced extended privilege elevation configurations in the Red Forest to Linux and UNIX, building on its investment and leadership in this critical bridge between heterogeneous systems. With Centrify’s Identity-Centric PAM solutions, IT administrators utilizing Microsoft’s Red Forest can now achieve a more consistent security posture, reduce risk, and improve accountability, operational consistency, and compliance.

Microsoft’s Enhanced Security Administrative Environment (ESAE), aka “Red Forest,” is a popular security model designed to help minimize the risk of a domain level breach. It is ideal for companies with large populations of Windows servers, but leaves potential holes in heterogeneous IT infrastructure environments. Administrator privileges configured in the Red Forest are not enforced on their Linux and UNIX servers, resulting in a decentralized and fragmented security posture.

To bridge this gap, Centrify has enhanced its Identity-Centric PAM solution to extend privilege elevation configurations in the Red Forest to Linux and UNIX. Centrify is the first PAM vendor to support the most common Red Forest administrator use cases by providing identity consolidation and least privilege capabilities to *NIX platforms. For administrators logging into a Linux or UNIX system, Centrify ensures that the user’s Red Forest security group memberships are honored, whether logging directly into the server, or indirectly via Kerberos Single Sign-On (SSO) from another Windows system. 

“We’re thrilled to bring yet another innovation to our customers who build their business around Active Directory, extending Centrify’s Identity-Centric PAM solutions to help our customers maximize the value of their Microsoft Red Forest deployments,” said Nate Yocom, Chief Technology Officer at Centrify. “Centrify‘s approach is based on Zero Trust principles to manage privileged identities and access end-to-end, across the entire corporate ecosystem including DevOps environments and tools such as containers and microservices.”

Many organizations have complex Active Directory infrastructures forged through rapid organic growth or mergers and acquisitions. They have long relied on Centrify’s innovations, such as supporting complex one-way, cross-forest trusts. Those who have embraced a Red Forest model benefit from enhanced protection against domain-specific attacks. However, organizations who also have a Linux or UNIX estate have not been able to take advantage of this, resulting in a patchwork security posture with access controls managed in multiple places. Centrify extends these benefits to heterogeneous environments, ensuring that Red Forest shadow group membership and related privileges are honored on Linux and UNIX servers. With this, IT gains a true centralized PAM solution that reduces risk, improves operational efficiencies, and helps ensure compliance.

Centrify empowers IT with the solution for true cross-platform security, ensuring that Red Forest access controls are enforced consistently across the entire IT server estate. Centrify achieves this with core elements of its Identity-Centric PAM solutions:

  • Centrify Authentication Service
    • Joins Linux and UNIX servers to Active Directory
    • Navigates the one-way, cross-forest trust required in Red Forest architectures
  • Centrify Privilege Elevation Service
    • Upon login to a domain-joined Windows server, Centrify interrogates the Kerberos login ticket to obtain Red Forest group membership
    • Upon direct login to a *NIX server, Centrify honors the Red Forest security group membership and applies the privileges to the administrative session
    • During Kerberos-based SSO from a domain-joined Windows server to a *NIX server, Centrify honors the Red Forest security group membership and applies the privileges to the administrative session

For more information about Centrify’s Active Directory Bridging capabilities, including in Red Forest administrative environments, visit https://www.centrify.com/privileged-access-management/authentication-service/active-directory-bridging/ 

About Centrify
Centrify is redefining the legacy approach to Privileged Access Management by delivering multi-cloud-architected Identity-Centric PAM to enable digital transformation at scale. Centrify Identity-Centric PAM establishes a root of trust, and then grants least privilege access just-in-time based on verifying who is requesting access, the context of the request, and the risk of the access environment. Centrify centralizes and orchestrates fragmented identities, improves audit and compliance visibility, and reduces risk, complexity, and costs for the modern, hybrid enterprise. Over half of the Fortune 100, the world’s largest financial institutions, intelligence agencies, and critical infrastructure companies, all trust Centrify to stop the leading cause of breaches – privileged credential abuse.

Centrify is a registered trademark of Centrify Corporation in the United States and other countries. All other trademarks are the property of their respective owners.

© Press Release 2020

Disclaimer: The contents of this press release was provided from an external third party provider. This website is not responsible for, and does not control, such external content. This content is provided on an “as is” and “as available” basis and has not been edited in any way. Neither this website nor our affiliates guarantee the accuracy of or endorse the views or opinions expressed in this press release.

The press release is provided for informational purposes only. The content does not provide tax, legal or investment advice or opinion regarding the suitability, value or profitability of any particular security, portfolio or investment strategy. Neither this website nor our affiliates shall be liable for any errors or inaccuracies in the content, or for any actions taken by you in reliance thereon. You expressly agree that your use of the information within this article is at your sole risk.

To the fullest extent permitted by applicable law, this website, its parent company, its subsidiaries, its affiliates and the respective shareholders, directors, officers, employees, agents, advertisers, content providers and licensors will not be liable (jointly or severally) to you for any direct, indirect, consequential, special, incidental, punitive or exemplary damages, including without limitation, lost profits, lost savings and lost revenues, whether in negligence, tort, contract or any other theory of liability, even if the parties have been advised of the possibility or could have foreseen any such damages.