Overview

Centrify DirectAudit's detailed capture of historical user activity establishes accountability and advances compliance reporting by recording which users accessed which systems, what commands they executed, with what privilege, and the exact changes they made to key files and configurations. With DirectAudit, enterprises can report on historical user activity, pinpoint suspicious activity through real-time monitoring, and troubleshoot system failures by replaying actions for root-cause analysis.

Key Benefits and Use Cases

DirectAudit was designed to help you answer some of the toughest questions you face when auditing, securing and managing Windows, UNIX and Linux systems

Centrify DirectAudit helps you strengthen IT security, mitigate operational risk, reduce operational costs and improve your compliance posture. Here are some of the questions that Centrify DirectAudit can help you answer in each of these cases.

Strengthen Security
DirectAudit strengthens security by protecting against internal threats through real-time monitoring that can quickly identify unauthorized actions and capture the complete context for user actions on systems implicated in a security incident.

• Who is logged on to our HR database server, and what are they doing?
• Has anyone been editing these key system files, or typing any suspicious commands?
• Did anybody change the Oracle config file on sol-ora-4 yesterday?

Mitigate Operational Risk
DirectAudit mitigates the risks associated with outsourcing by establishing visibility over all privileged users regardless of location, as well as creating an environment for all IT staff that promotes proper behavior and encourages self-regulation.

• What was that recently fired systems administer doing on our systems last week?
• What steps did that consultant take to fix the problem on our file server?

Reduce Operational Costs and Increase Efficiency
DirectAudit's in-depth session recording and playback takes the guesswork out of troubleshooting, and enables automated documentation of vendor procedures, training processes and personnel hand-offs.

• Is anyone currently logged on to those development systems that we need to restart?
• Over the last few hours, did anyone do anything to this system that just went down?
• Did Operations actually apply that required patch on all 10 of our web servers over the weekend?

Improve Compliance
DirectAudit improves compliance through privileged access accountability and visibility over elevated privilege use.

• Who has logged onto our UNIX servers running our ERP apps over the last month, and what did they do?
• Can you replay the entire session that occurred on June 16 at 2:15 a.m. for user CWillia.