SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
ThycoticCentrify adds features to PAM solution
Fri, 1st Oct 2021
FYI, this story is more than a year old

ThycoticCentrify has announced new features for its privileged access management solution, Thycotic Secret Server.

The solution has been expanded upon with the addition of the new Secret Erase feature, enhancements to Secret Server's mobile application, Connection Manager, and Web Password Filler.

The Secret Erase function removes privileged account information, such as usernames, passwords and email addresses, after it's no longer needed. The items are purged entirely from the database while still providing an audit trail to meet documentation and compliance requirements.

SSH management for Unix/Linux

Secret Server's Discovery tool now includes the ability to locate existing SSH keys associated with Linux and Unix servers. Additional SSH session management capabilities in the release simplify sudo/su elevation and enable select command blocklisting during SSH proxied sessions.

Secret Server's Inbox now provides a customisable toolset to manage how email and notifications are sent and received by users. Inbox allows for configuration of notification scheduling, collecting notifications into digest format, creation of message templates, rules and more.

Enhancements to DevOps Secrets Vault

The latest version of DevOps Secrets Vault offers certificate-based authentication and the ability to configure Time-to-Live (TTL) for secrets, leading to even tighter DevOps security and easier management.

Thycotic's DevOps Secrets Vault addresses all scenarios in a DevOps flow where secrets are exchanged between machines, including databases and applications for software and robotic process automation (RPA).

In sync with the high-speed workflow, DevOps Secrets Vault creates digital authentication credentials that grant privileged access to systems and data.

With the latest release, organisations can use certificate-based authentication for enhanced security and easier management. This can be used for machines – non-human privileged users such as systems, devices and the growing Internet of Things (IoT) – to identify a machine before granting access to a resource, network or application.

Certificates are stored locally and securely, which alleviates the headache of managing passwords and distributing, replacing and revoking tokens.

Time-to-Live eliminates standing secrets for all cloud platforms

In a DevOps workflow, resources are created quickly and must expire automatically to meet compliance requirements and avoid the risk of standing privilege. When cloud platform administrators, developers, applications or databases need to access a target, DevOps Secrets Vault generates dynamic secrets. DevOps Secrets Vault now extends this capability to Google Cloud Platform.

Combined with Thycotic Secret Server, DevOps Secrets Vault provides security, and IT teams full visibility and control over secrets management throughout an organisation. Specifically, DevOps Secrets Vault replaces the need for hardcoded credentials used in the DevOps process and CI/CD toolchains.