Centrify, a leading provider of Identity-Centric Privileged Access Management (PAM) solutions, on March11th revealed prolonged privilege elevation configurations in the Red Forest to Linux and UNIX, constructing on its investment and leadership in this crucial bridge between heterogeneous systems. With Centrifys Identity-Centric PAM solutions, IT administrators making use of Microsofts Red Forest can now acquire a more constant security posture, minimize risk, and enhance accountability, operational consistency, and compliance.

Microsofts Enhanced Security Administrative Environment (ESAE), aka Red Forest, is a famous security model designed to assist reduce the risk of a domain level breach. It is perfect for companies with huge populations of Windows servers, but leaves achievable holes in heterogeneous IT infrastructure environments. Administrator privileges configured in the Red Forest are not enforced on their Linux and UNIX servers, resulting in a decentralized and fragmented security posture.

To bridge this gap, Centrify has improved its Identity-Centric PAM solution to prolong privilege elevation configurations in the Red Forest to Linux and UNIX. Centrify is the first PAM supplier to assist the most frequent Red Forest administrator use cases by offering identity consolidation and least privilege skills to *NIX platforms. For administrators logging into a Linux or UNIX system, Centrify ensures that the users Red Forest security team memberships are honored, whether logging immediately into the server, or indirectly through Kerberos Single Sign-On (SSO) from another Windows system.

Were delighted to bring yet another innovation to our customers who construct their business across Active Directory, extending Centrifys Identity-Centric PAM solutions to assist our clients maximize the value of their Microsoft Red Forest deployments, stated Nate Yocom, Chief Technology Officer at Centrify. Centrifys approach is based on Zero Trust principles to manipulate privileged identities and access end-to-end, throughout the whole company ecosystem which includes DevOps environments and equipment such as containers and microservices.

Many organizations have complicated Active Directory infrastructures forged via fast organic growth or mergers and acquisitions. They have long relied on Centrifys innovations, such as assisting complicated one-way, cross-forest trusts. Those who have embraced a Red Forest model advantage from enhanced safety against domain-specific attacks. However, companies who additionally have a Linux or UNIX estate have not been able to take benefit of this, ensuing in a patchwork security posture with access controls managed in numerous places. Centrify extends these advantages to heterogeneous environments, making sure that Red Forest shadow team membership and associated privileges are honored on Linux and UNIX servers. With this, IT features a true centralized PAM solution that reduces risk, improves operational efficiencies, and helps make sure compliance.

Centrify empowers IT with the solution for true cross-platform security, making sure that Red Forest access controls are enforced constantly throughout the whole IT server estate. Centrify achieves this with core factors of its Identity-Centric PAM solutions:

Centrify Authentication Service

Joins Linux and UNIX servers to Active Directory
Navigates the one-way, cross-forest trust required in Red Forest architectures
Centrify Privilege Elevation Service

Upon login to a domain-joined Windows server, Centrify interrogates the Kerberos login ticket to obtain Red Forest group membership
Upon direct login to a *NIX server, Centrify honors the Red Forest security group membership and applies the privileges to the administrative session
During Kerberos-based SSO from a domain-joined Windows server to a *NIX server, Centrify honors the Red Forest security group membership and applies the privileges to the administrative session

For more information about Centrifys Active Directory Bridging capabilities, including in Red Forest administrative environments, visit https://www.centrify.com/privileged-access-management/authentication-service/active-directory-bridging/