ThycoticCentrify has released enhancements to its PAM solution for DevOps, known as DevOps Secrets Vault.

According to the company, the latest release helps DevOps teams harden their cloud attack surface through Encryption-as-a-Service technology, which automatically encrypts data for all applications.

DevOps Secrets Vault generates just-in-time, dynamic secrets that automatically expire when cloud platform administrators, developers, applications or databases need to access a target.

Even if these secrets are leaked, would-be attackers are limited in what they can do and have a limited window in which to do it.

This high-speed secrets management is designed to help eliminate friction within existing workflows and the need for developers to hardcode secrets or store them in external libraries, the company states.

DevOps Secrets Vault is available as a standalone vault for organisations with existing PAM solutions and within ThycoticCentrify's Cloud Automation Bundle, a single package of ThycoticCentrify's integrated cloud PAM solutions.

ThycoticCentrify provides a consolidated view of privileged access across an entire organisation, so IT security teams can manage privileges according to consistent policies.

ThycoticCentrify's Cloud Automation Bundle is an integrated solution for automated, cloud privilege management which is comprised of the following elements.

Secret Server is the hub for comprehensive, enterprise PAM for the entire attack surface, including cloud platforms. It can discover privileged accounts, vault credentials, ensure password complexity, delegate access and manage sessions for infrastructure, applications and services with consistent PAM policies and practices.

DevOps Secrets Vault supports dynamic secret creation for MySQL, PostgreSQL and Oracle, as well as cloud platforms such as AWS, Azure and GCP. It integrates into CI/CD workflows with support for Jenkins, Kubernetes, Terraform, Ansible, Chef and programming languages Java, Go, Python, Ruby and .NET.

Secrets data, SSH keys and file replication are automatically synchronised between DevOps Secrets Vault and Secret Server for close coordination.

Connection Manager, in combination with Secret Server, is designed to help enterprises save time by automatically injecting privileged credentials directly into a remote session. IT and developer teams never need to enter or even see passwords.

This eliminates the possibility of leaving sensitive information in system memory and opening the door to Pass-the-Hash attacks.

Privileged Behaviour Analytics prevents privileged account abuse. Advanced machine learning detects anomalies in privileged account behaviour and automatically takes action in Secret Server before a cyber threat becomes a cyber catastrophe.

When risk scores pass acceptable thresholds, Secret Server can immediately rotate passwords, require additional authentication, or increase session monitoring.

ThycoticCentrify vice president of product Jai Dargan says, “These latest updates contribute to an even more comprehensive solution that we've built into the cloud automation bundle.

"With the need for cloud security skyrocketing, enterprises can now address these new use cases more efficiently with an integrated solution.