Centrify DirectAudit monitors, logs Linux user activity
By Jack Loftus, News Writer
14 Mar 2007 | SearchEnterpriseLinux.com
Centrify Corp., a Mountain View, Calif.-based provider of Microsoft Active Directory-based identity management applications for Linux and Unix systems, has announced the beta release of a monitoring and logging application called Centrify DirectAudit.
DirectAudit helps automate regulatory compliance by monitoring and logging user activity within Unix and Linux environments. The application is able to capture entire user sessions by recording keystrokes and session output and archiving the audit trail to a searchable SQL database. Auditors and IT managers can use the DirectAudit console to play back and report on session activity, as well as view which users accessed what systems, what commands were executed and what changes were made to key files and data.
Like similar offerings from Bellevue, Wash.-based Centeris Corp. and Quest Software Inc.'s Vintela Authentication Services, the DirectAudit application could appeal to IT managers due to the fact that it syncs up with Microsoft Active Directory, said Jon Oltsik, a senior analyst with the Milford, Mass.-based Enterprise Strategy Group. Active Directory is popular among Windows administrators because it allows them to assign enterprise-wide policies, deploy programs to many computers and apply critical updates to an entire organization. Products like Centeris Identity manage user access and passwords with Active Directory's group policies while Centrify will use that technology to log employee behavior and enhance data center security.
And by tying Unix and Linux system auditing into the established Microsoft management environment in Active Directory, Oltsik said, Centrify's DirectAudit software centralizes the administration of security and auditing and increases its robustness.
Centrify chief executive Tom Kemp said DirectAudit will also bolster data center security because it addresses one of the biggest contributors to security breaches: a company's own employees. A recent survey by the U.S. Secret Service and Computer Emergency Response Team indicated that 86% of internal computer sabotage incidents were perpetrated by technical workers inside the organization.
DirectAudit logs employee session data using these architectural components:
- DirectAudit Agent gathers user session activity on Unix/Linux systems;
- DirectAudit Collector service gathers data from the agents and stores it in a central SQL Server repository;
- DirectAudit Repository, a Microsoft SQL Server database; and
- DirectAudit Console delivers a centralized view of every audited Unix and Linux system in the enterprise and delivers playback and reporting capabilities.
DirectAudit costs $750 per system and $2,500 for each console and will be available in May.
Tell us what you think of the article. Send an email to Jack Loftus, News Writer.