ThycoticCentrify has added new privilege management security capabilities to Thycotic Privilege Manager and made additions to Thycotic Account Lifecycle Manager, its solution for service account governance.
The latest Thycotic Privilege Manager releases are designed to strengthen customer's ability to protect user workstations, often an attractive target for malware and ransomware, and streamline security and compliance reporting across different operating systems.
The solution aims to help enterprises ensure workstations adhere to a least privilege policy by removing local administrator rights that allow cyber criminals entry into an IT environment.
Privilege Manager also mitigates critical vulnerabilities by elevating privileges to provide just-in-time, just-enough access and employs allow lists, deny lists and sandboxing for granular application control.
Furthermore, Privilege Manager supports large enterprises that use different types of reporting tools and workstations with different operating systems.
To support enterprises as they scale, the latest release of Privilege Manager includes new and expanded integrations, security updates and UX/UI improvements.
Enhanced SAML 2.0 support allows federated authentication from Okta and other SAML providers. Console logging to SIEM systems such as Splunk allows security teams that manage reports and alerts to see administrative actions within a single pane of glass.
Security teams can also generate CSV reports to review, share and upload to any reporting system they use. Reports confirm workstations have the latest version of all policies installed, and approvals and justification workflows are streamlined for both Mac and UNIX/Linux systems.
On these updates, ThycoticCentrify vice president of product management Jai Dargan says, “Reporting to demonstrate security best practices and regulatory compliance is challenging for many enterprises because they have so many siloed systems and processes.
"With these enhancements to Privilege Manager, security and compliance teams can save time generating reports, share them more easily, and feel confident that they include all necessary information executives and auditors ask for."
The latest version of Thycotic Account Lifecycle Manager enables IT teams to govern cloud-based service accounts with direct integrations to external vaults such as AWS and Azure, and service accounts used within the DevOps environment.
Privileged service accounts automatically connect business-critical applications, databases, root accounts and other IT systems that contain sensitive information.
Account Lifecycle Manager enables enterprises to manage all types of service accounts with end-to-end governance, from discovery and provisioning through decommissioning.
The expanded capabilities with Account Lifecycle Manager include: Integration with cloud vaults including AWS Secrets Manager and Azure Key Vault; integration with external secrets management vaults for DevOps; enhancements to the user interface for ease of use; and synchronisation with Azure Directory roles to improve management of Azure AD resources.
Dargan says, "Cloud-based service accounts are among the most challenging to govern because they can be commissioned by teams other than central IT.
"Enterprises need usable security solutions with central oversight and consistent policies that are easy for teams that manage cloud platforms, applications and DevOps tools to adopt. By integrating with the tools these teams are using, enterprises improve service account governance and reduce risk."