Recognize and measure security risks faster while reducing audit prep time and cost.

Privileged accounts are the pathway to a company’s most valuable data and are therefore compromised in the majority of advanced and internal attacks. Managing and securing privileged accounts begins with locating all accounts and understanding the security risks and vulnerabilities associated with each account. However, this continuous process of identifying and securing all privileged accounts in an organization presents a real challenge due to the high volume of accounts, employee turnover and lack of historical records and documentation

CyberArk’s Discovery & Audit (CyberArk DNA™) is a patent-pending, standalone, easy to use tool that exposes the magnitude of the privileged account security challenge. The solution provides a complete list of all privileged accounts on the network, a status report on the associated passwords as well as identifies machines vulnerable to attacks such as Pass-the-Hash.

Discovering, auditing and understanding vulnerabilities in privileged accounts across the network can address challenges associated with security and risk management as well as audit and compliance.

CyberArk DNA answers questions such as:

  • On which network servers do privileged accounts exist?
  • Which accounts have escalated privileges?
  • Which privileged accounts are not in compliance with company policy? (i.e. password has not been changed in over 60 days)
  • How many and which machines on the network are vulnerable to Pass-the-Hash attacks?

Key Benefits:

  • Identify extent of risk by discovering every single privileged account and its status.
  • Understand vulnerabilities to specific cyber security threats.
  • Reduce audit preparation time and cost with comprehensive, reliable and accurate privileged account mapping.
  • Gain a clear and reliable view of the privileged account problem to enable an operational approach to planning, budgeting, and deploying a solution.


  • Simple to use, non-intrusive scanning tool: A straightforward three-step process scans an entire directory for privileged, shared and generic accounts on workstations and servers without the need to install anything on the network.
  • Graphical presentation of results: An Executive Summary Dashboard presents a clear, concise view of privileged account risk and compliance status.
  • Pass-the-Hash vulnerability map: A clear diagram of network machines storing privileged password hashes illustrates how an attacker can leverage the Pass-the-Hash attack to travel the network and reach a target machine.
  • Detailed reporting and flagging: A detailed report provides a ‘single version of the truth’ about all existing privileged accounts and Pass-the-Hash vulnerabilities and the status of each and every account.  The report flags and alerts on audit findings that indicate a problem, such as mismanaged privileged accounts, and Pass-the-Hash vulnerabilities.
  • Powerful scanning with minimal performance impact: A multi-threaded application design expedites scanning, consuming low network bandwidth and using insignificant network and CPU resources on the Active Directory Domain Controllers and target machines. All scans are performed in read-only mode, without changing anything in the environment.