Privilege Manager 11: New privilege management capabilities for Unix and Linux
With the latest release of Privilege Manager, all endpoints and servers throughout your organization can now follow consistent least privilege and Zero Trust policies, whether they are Windows, Mac, or Unix/Linux.
Until now, privilege security for Unix/Linux has been cumbersome and even risky. Unix/Linux has become the go-to operating system for many types of computer hardware. The applications and data stored on these systems are some of the most sensitive and business-critical in any organization. Unix and Linux endpoints are valuable targets for cyber criminals because they rely on “root” accounts, which provide unrestricted access to all commands, files, directories, and resources.
To enforce a least privilege policy on Unix/Linux endpoints, administrators who don‘t access systems directly as root rely heavily on the sudo tool. But managing individual sudo policies can quickly become a tedious, time-consuming task.
Below are just a few of the challenges involved:
- After building sudoer files, you have to distribute them across your organization.
- If you don’t maintain and update sudo, you may miss security vulnerabilities.
- It’s difficult to stay current when users adopt new versions of Unix or Linux.
- Auditors don’t like distributed Sudo configuration files because they utilize “static trust” and are stored in a way that local administrators could easily make modifications.
- In fact, sudo doesn’t inherently provide multi-factor authentication as part of the user authorization process. Without built-in accountability, there’s no way to tell who is responsible for the damage.
- There’s no safety net. For example, there’s nothing preventing a superuser with broad privileges from intentionally or accidentally deleting a system file.
- Doing everything yourself means you have no vendor to rely on for testing, maintaining, documenting, and other ongoing software management functions.
We’ve been working hard on solving these challenges so that IT teams that prefer Unix/Linux can be more efficient, reduce human error, and increase control.
It’s with much appreciation and excitement that we introduce Privilege Manager 11.
The latest release of Thycotic Privilege Manager includes a sudo plugin that saves Unix/Linux teams time, while still providing granular control over privileged activities. Administrators can set up policies for allow and deny lists and use policy-based controls to elevate privileges as needed.
With a simple and lightweight Thycotic Authentication and Control client, you can collect and analyze results centrally, which makes preparing for an audit and demonstrating compliance easier than ever.
Additional features in this release make Privilege Manager deployment even faster than before. The Thycotic Policy Framework removes local admin rights and can be enabled in seconds. Plus, we’ve added greater automation and enhancements to reporting.
Because Privilege Manager elevates applications and not the user, it never leaves a window open for criminal hackers. As your organization grows and users continually explore applications, Privilege Manager adjusts to ensure security.