CISOSRSUMIREST

Discovery & Audit

Scan your network with The Challenge

CyberArk DNA™ to:
ƒƒ Discover where privileged
accounts exist
ƒƒ Clearly assess privileged
account security risks
ƒƒ Collect reliable and
comprehensive audit
information
ƒƒ Accurately plan project,
budget and resources for
solving the problem
Privileged and shared accounts present a significant audit and security challenge to any large
enterprise. Usually there are more shared and privileged accounts than users in any typical
organization. With the understanding that shared accounts exist everywhere – desktops, laptops,
servers, databases, security and network devices, virtual machines, application code, web-based
interfaces etc - which need to be accessed by multiple personnel, organizations need to be able to
easily scan the network to find where these accounts exist and then manage them on an enterprise
level.
Typical enterprise IT environments are comprised of thousands of systems, all controlled and managed
by a variety of privileged and shared administrative identities— for example Administrator in Windows,
local privileged accounts on desktops, service accounts in Windows, “root” accounts on UNIX/Linux,
ESX “root”, Oracle database system/sys, MSSQL sa and many more. These shared, privileged accounts
are powerful accounts that are a common attack vector used in enterprise attacks to cause damage to
sensitive assets and data, disrupting normal business operations and inflicting reputational damage on
a company.

Knowing where every single privileged account exists in your network is extremely challenging due to
little documentation and information scattered across multiple departments, locations and devices.
Organizations are often astounded by the number of dormant accounts that exist on systems, once
created by individuals who may have left the company or on systems that are no longer in use.
Company mergers and acquisitions bring a new influx of privileged accounts that are part of the
organizational network and where the existence of privileged accounts may be known to the
organization, it is often surprising to realize how many of them are not managed. Lack of knowledge
around where privileged accounts exist leads to a number of organizational challenges:

ƒƒ Security & Risk Management: Security and IT teams are not fully aware of the risks posed to
Easily scan and discover the
their business to be able to better manage them
magnitude of the privileged
account problem across your
ƒƒ Audit & Compliance: Auditors struggle to collect the necessary information required for audit in
network
a comprehensive, thorough and reliable manner as the organization has not mapped the
privileged account landscape

ƒƒ Project Planning: Difficult to estimate budget and resources needed to solve

Quickly get the answers needed

for audits and privileged account
risk assessment. The scanning
report highlights mismanaged or
non-compliant privileged accounts
Sample Privileged Accounts Audit
Report for easy identification and
insight of issues.
Solution & Key Benefits
For organizations struggling to gain an accurate
picture of the state of privileged account
management and compliance in their IT
environment, CyberArk’s Discovery & Audit
(CyberArk DNA™) is a standalone, easy to use tool
that exposes the magnitude of the privileged
account problem, often the root-cause of audit
failures and advanced targeted attacks.
Launched from a Windows desktop, CyberArk
DNA™ prompts the user to answer a few simple
questions about their environment and begin an
automated scan for privileged accounts. The
simple 3 step process allows organizations to get
very quick answers and insights into the status of
privileged accounts in their network without having
to install any agents on the local or target systems
and consuming very low network bandwidth.
Once the scan is complete, auditors and security
managers get a scan summary to understand how
many privileged accounts exist in the target
environment. CyberArk DNA goes on to provide a
detailed report into the status of those privileged
accounts, highlighting the relevant compliance
information of each privileged account.
Discovery & Audit
CyberArk DNA™ answers questions such as:
ƒƒ On which target servers do privileged accounts
exist?
ƒƒ Which personal admin accounts were created
on my servers?
ƒƒ Which accounts’ privileges were escalated?
ƒƒ Which privileged accounts do not adhere to
the company’s password policy i.e. password
age is greater than 60 days?
ƒƒ Did one of my contractors add a privileged
user to one of the servers?
ƒƒ Do ‘backdoor’ application accounts exist on
products that have been decommissioned?
The overall result shortens and simplifies the
collection and analysis of privileged account
information, leading to a smoother, and in
many cases more comprehensive audit and risk
assessment process while allowing auditors and
security managers to effectively evaluate and
assess privileged account issues in enterprises.
Features & Benefits
CyberArk DNA ’s key features include:
™
ƒƒ Simple to use, non-intrusive scanning
tool – A simple 3 step process scans the
organizational directory for privileged, shared and
generic accounts on workstations and servers
without the need to install anything.
ƒƒ Graphical presentation of results – The
Executive Summary Dashboard presents a clear,
concise view of privileged account risk and
compliance status.
ƒƒ Detailed reporting and flagging – A detailed
report can be exported and filtered giving a
‘single version of the truth’ as to which privileged
accounts exist within the organization and the
status of each and every account discovered. The
report flags and alerts on audit findings such as
mismanaged privileged accounts to highlight
privileged account management issues.
©Cyber-Ark Software Ltd. | cyberark.com
.
Specifications
ƒƒ Powerful scanning with minimal
performance impact – Designed as a CyberArk DNA™ runs on
multi-threaded application to expedite scanning, ƒƒ Windows 7
CyberArk DNA consumes low network
Supported Target Systems for Scanning
bandwidth and uses insignificant network and
CPU resources on the Active Directory Domain Windows Workstations:
Controllers and target machines. All scans are
performed in read-only mode, without changing ƒƒ Windows 2000
anything in the environment. ƒƒ Windows XP
ƒƒ Windows Vista
CyberArk DNA™’s valuable and insightful information
ƒƒ Windows 7
helps organizations:
ƒƒ Windows 8
Recognize and measure risk by discovering
Windows Servers:
every single privileged account and its status.
Organizations can locate and accurately report on ƒƒ Windows 2000
what privileged, shared or generic accounts exist in ƒƒ Windows 2003
their organizational systems to immediately pinpoint ƒƒ Windows 2008
unknown or improperly managed privileged
ƒƒ Windows 2012
accounts acting as a quick and simple eye-opener.
Unix:
Save valuable audit preparation time and cost.
Auditors gain a reliable, correlated and ƒƒ RHEL 4-6
comprehensive view of the state of privileged ƒƒ Solaris Intel 10
accounts, eliminating complex mapping and ƒƒ SUSE
manual discovery of this information, which is often ƒƒ Fedora
difficult and time consuming to gather. ƒƒ Oracle
ƒƒ CentOS
Gain predictability when dealing with the
privileged account problem. Network Protocols
Getting a clear and reliable picture on the
magnitude and status of privileged accounts creates Windows:
business justification to change the status quo,
ƒƒ Windows File and Print Sharing
leading the way to better manage risk and improve
operational processes as well as more accurate ƒƒ Windows (WMI)
project sizing.
Unix:
From Discovery To Resolution ƒƒ SSH
ƒƒ SFTP
CyberArk’s market-leading Privileged Identity and
Session Management suites offer a comprehensive Sample Data Scanned
solution for privileged account protection,
accountability and intelligence. From discovering ƒƒ Windows and Unix Accounts
where privileged accounts exist, CyberArk leads the ƒƒ Domain Accounts
way to easily manage, audit and automate ƒƒ Local Accounts
processes. ƒƒ Windows Service Accounts:
ƒƒ Windows Services
ƒƒ Scheduled Tasks