CyberArk Discovery & Audit (DNA) is a powerful tool (available at no charge) that scans systems on your network to uncover accounts, credentials and misconfigurations that can create risk. Following a scan, CyberArk DNA generates a detailed report that IT auditors and decision makers can use to evaluate the status of privileged accounts in the organization and identify areas of risk. The tool is an agentless, lightweight executable designed to expose the magnitude of the privileged account security challenge in on-premises and cloud-based environments. CyberArk DNA helps organizations uncover:
- Windows accounts and account statuses. Identify privileged and non- privileged Windows accounts, including local administrator, domain administrator, standard user and service accounts. View the password strength, password age and last login date.
- Unix accounts, credentials and permissions. Centrally view the status of root and individual user accounts on Unix systems, identify SSH key pairs and trusts, and uncover misconfigured sudoers files that can increase the risk of unauthorized privileged escalation.
- Privileged domain accounts. Discover dormant or unprotected privileged domain service accounts that have access to critical assets or services.
- Pass-the-Hash vulnerabilities. Locate password hashes vulnerable to theft, and gain a visual map of Pass-the-Hash vulnerabilities and potential pathways to sensitive data and critical assets.
- Hard-coded application credentials. Identify systems that have embedded, hard-coded or exposed credentials in plain-text, which can be captured by malicious attackers inside the network.