SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
ThycoticCentrify adds new security controls and automation to Secret Server
Thu, 13th Jan 2022
FYI, this story is more than a year old

ThycoticCentrify has announced new and expanded capabilities for its specialised PAM solution, Secret Server.

With the addition of new security controls, automation and design updates, Secret Server builds on its secrets management capabilities and ease of use to offer more protection and higher productivity, the company states.

According to the Verizon 2021 Data Breach Investigations Report, credentials are the primary means by which bad actors hack into an organisation, with 61% of breaches attributed to compromised credentials.

To reduce this threat, all organisations independent of size, location or industry need robust, easy to use solutions in place to protect the accounts and credentials that allow access to these privileges, ThycoticCentrify states.

The latest Secret Server release brings stronger security controls to reduce risk. It allows organisations to rotate Secret Servers master encryption key on demand.

Rotating individual secrets housed within the digital vault provides an additional layer of protection to block external actors from gaining access to it.

Secret Server also streamlines the connection process for organisations that use jump boxes to protect access to critical resources.

Rather than taking time to inject unique credentials at every connection point, users can now use a single key to navigate an entire route from launch, to jump box, to destination within a single session.

Users can launch the end-to-end route via Secret Server or the interface of the Connection Manager session management tool.

"Our continued focus on decreasing the steps required to safeguard secrets reduces the workload on security administrators and the attack surface area," says Jon Kuhn, SVP of Product Management at ThycoticCentrify.

He says, "As an example, our master encryption key rotation capability is simple to implement and provides an additional layer of protection to block external actors from gaining access to all the other keys stored on the platform."

To enhance auditing and compliance, Secret Server ensures that only one privileged user at a time can use a secret. When secrets arent checked back in to Secret Server after use, critical maintenance operations cant be performed and productivity slows.

The latest release also automatically checks in secrets for API connections after expiration. Additionally, users now have more visibility into remaining time on a secret checkout and can extend the checkout if required.

Finally, the latest release includes enhancements to the Secret Server interface, logging and reporting to increase usability and accessibility through improved keyboard navigation and screen reader hints.

ThycoticCentrify is a cloud identity security vendor, focused on enabling digital transformation at scale. The company's PAM solutions reduce risk, complexity and cost while securing organisations' data, devices and code across cloud, on-premises and hybrid environments.

ThycoticCentrify is used by more than 14,000 leading organisations around the globe including more than half of the Fortune 100, and customers include large financial institutions, intelligence agencies and critical infrastructure companies.