Centrify Active Directory Integration for Splunk

Guest Blogger: Corey Williams

Here at Centrify, we were pleased as punch to learn that our first attempt at a Splunk application, Centrify Active Directory Integration for Splunk, was chosen as the “Splunk app of the quarter” earlier this year. Centrify Active Directory Integration for Splunk is an add-on for scripted authentication using Centrify Express. Centrify Express is a free solution for integrating *NIX or Macs with Active Directory (which has already been downloaded over 100,000 times in the past year!).

“But I thought that Splunk provides Active Directory Integration?” – Great question! As it turns out Active Directory can be a very complicated system to robustly integrate with in the real world. Centrify has built an entire company out of robustly integrating *NIX systems to Active Directory for centrally managing accounts, identity, access control, authorization and user audit of non-Windows systems. The Centrify solution provides support for complex Active Directory (AD) features including native AD join, AD trusts, sites and services, global catalogue, offline caching, dynamic DNS and domain controller selection and more. Best of all, your users can use their fully qualified name, domain name, or friendly name (and password) to login to splunk; and we can map AD groups to Splunk Roles for easier management.

You can learn more about these Active Directory integration features on Splunkbase. So give it a whirl and let us know what you think!

But wait! We didn’t stop there. We have since released another free Splunk application called Centrify Insight. Currently in its 1.1 release, Centrify Insight collects identity, access and authorization data about Centrify-protected UNIX and Linux servers that Centrify manages through Active Directory. In addition, access control metrics such as those detailing failed login attempts and alerts about particular privileged user behaviors give IT administrators a view of cross-platform identity, authentication and authorization in real-time. The application works with either Splunk’s free or licensed version and Centrify’s free or licensed editions.

“What was your motivation for creating Centrify Insight?” – Another great question! (boy you are smart) If I can steal a bit from Centrify’s CEO, Tom Kemp’s blog article: As customers and analysts are discovering, security is increasingly becoming a “Big Data” problem. As Neil McDonald at Gartner writes:

“We talk about the need for analytics and business intelligence to help the business make better business decisions. It is time to bring this same technology to the information security department… What we need is actionable, prioritized and risk-based insight from this sea of information.”

We agree with this sentiment, and believe that customers need “Insight” into a key security “big data” problem of analyzing risks associated with user access and activity. Hence our initial foray into solving this problem is Centrify Insight.

You can learn more here and here about Centrify Insight and how this application (along with Centrify’s unified access management suite of products) can help strengthen you organization’s compliance efforts and improve security for you on-premise and cloud environments.

Corey Williams’ Bio: Corey Williams is Director of Product Management for Centrify. With over 17 years of enterprise software creation, marketing and sales experience Corey has found his happy place in bringing kick-ass customer experiences to banal enterprise software as well as building great lasting companies from scratch.

Posted by