Recognize and measure security risks faster while reducing audit prep time and cost.

Privileged accounts are the pathway to a company’s most valuable data and are therefore compromised in the majority of advanced and internal attacks. Managing and securing privileged accounts begins with locating all privileged accounts, credentials and vulnerabilities associated with each account.

CyberArk’s Discovery & Audit™ is a patent-pending, standalone, easy to use tool that exposes the magnitude of the privileged account security challenge. The solution provides a comprehensive view of an organization’s privileged account environment and associated vulnerabilities including:

  • Privileged accounts on the network
    The sheer volume of privileged accounts (typically three to four times the number of privileged accounts than the number of employees) represents a significant security vulnerability to organizations
  • Privileged passwords and their current status (strength, age, etc)
    Static and unmanaged passwords introduce significant risk of compromised credentials
  • SSH key pairs and orphan keys and associated status
    SSH keys are easily created without any record and are therefore difficult to track, manage or control, leaving a backdoor for attackers
  • Privileged accounts vulnerable to Pass-the-Hash attacks
    Attacks such as Pass-the-Hash leverage vulnerable password hashes in order to execute a credential theft attack, impersonate employees, and access valuable assets and data

Discovering, auditing and understanding vulnerabilities in privileged accounts across the network is the first step towards addressing challenges associated with privileged security and risk management as well as audit and compliance.

Key Benefits

  • Identify extent of risk by discovering privileged accounts and credentials and their status.
  • Understand vulnerabilities to specific cyber security threats.
  • Reduce audit preparation time and cost with comprehensive, reliable and accurate privileged account mapping.
  • Gain a clear and reliable view of the privileged account problem to enable an operational approach to planning, budgeting, and deploying a solution.


  • Simple to use, non-intrusive scanning tool
    A straightforward three-step process scans an entire directory for privileged, shared and generic accounts on workstations and servers without the need to install anything on the network.
  • Graphical presentation of results
    An Executive Summary Dashboard presents a clear, concise view of privileged account risk and compliance status.
  • Visual Maps of SSH keys and password hashes
    Illustrative diagrams of Pass-the-Hash vulnerabilities and SSH key trust relationships enable organizations to clearly visualize privileged account risks and vulnerabilities.
  • Detailed reporting and flagging
    A detailed report provides a ‘single version of the truth’ about all existing privileged accounts, passwords, SSH keys and Pass-the-Hash vulnerabilities and the status of every account.  The report flags and alerts on audit findings that indicate a problem, such as mismanaged privileged accounts, orphaned SSH keys, and Pass-the-Hash vulnerabilities.
  • Powerful scanning with minimal performance impact
    A multi-threaded application design expedites scanning, consuming low network bandwidth and using insignificant network and CPU resources on the Active Directory Domain Controllers and target machines. All scans are performed in read-only mode, without changing anything in the environment.