Introduction

There are two main methods of discovering privileged OS accounts using CyberArk solutions. Organizations who are looking to scan and analyze their privileged OS accounts independently of the CyberArk PAM solution itself (or before it’s been configured) can use CyberArk Discovery and Audit (DNA). For organizations looking to discover and automate the onboarding of accounts into PAM in one motion, the Accounts Discovery feature native to CyberArk PAM will likely prove the most helpful.

While DNA and other CyberArk solutions can discover privileged accounts on other technologies like AWS, Azure and Google Cloud, the scope of this article includes Windows Server OS, Windows Workstation OS, and *NIX Server OS privileged accounts. We’ll also only be covering the use of CyberArk DNA in this article, as using CyberArk PAM’s Accounts Discovery feature is worthy of its own time too.

What is DNA?

CyberArk Discovery and Audit (DNA) is standalone ad-hoc scanning tool designed to automate the manual and complex process of scanning an organization’s network for privileged accounts. DNA is a certificate-signed tool from CyberArk that does not require agents to be installed on target systems, making it non-intrusive to the IT environment. Target devices are scanned in read-only mode as to not impact systems.

CyberArk DNA is often used at the beginning of an organization’s PAM initiative to conduct more advanced analysis and planning as it provides a manipulatable excel report output. Its also common for organizations to want to understand their privileged landscape prior to implementing a PAM solution as it may influence the architecture and security controls of the solution. DNA’s standalone agentless nature makes it easy to quickly start scanning and analyzing your privileged OS accounts.

CyberArk DNA supports the discovery of the following privileged OS accounts:

Windows Active Directory-Based Accounts

Windows Server OS Built-In Local Admin Accounts (SID-500)

Windows Server OS Local Admin Accounts (Other)

Windows Workstation OS Built-In Local Admin Accounts (SID-500)

Windows Workstation OS Local Admin Accounts (Other)

Unix/Linux Active Directory-Based Accounts and SSH Keys

Unix/Linux Root Accounts and SSH Keys (UID0)

Unix/Linux Local Admin Accounts and SSH Keys (Other) 

Click here to know more about this CyberArk DNA heck the resource

Privileged access management (PAM) is an identity security solution that helps protect organizations against cyberthreats by monitoring, detecting, and preventing unauthorized privileged access to critical resources. PAM works through a combination of people, processes, and technology and gives you visibility into who is using privileged accounts and what they are doing while they are logged in. Limiting the number of users who have access to administrative functions increases system security while additional layers of protection mitigate data breaches by threat actors. 

How does privileged access management work?

A PAM solution identifies the people, processes, and technology that require privileged access and specifies the policies that apply to them. Your PAM solution must have capabilities to support the policies you establish (e.g., automated password management and multifactor authentication) and administrators should have the ability to automate the process of creating, amending, and deleting accounts. Your PAM solution should also continuously monitor sessions so you can generate reports to identify and investigate anomalies.

Two primary use cases for privileged access management are preventing credential theft and achieving compliance.

Credential theft is when a threat actor steals login information to gain access to a user’s account. After they are logged in, they can access organizational data, install malware on various devices, and gain access to higher-level systems. A PAM solution can mitigate this risk by ensuring just-in-time and just-enough access and multifactor authentication for all admin identities and accounts.

Whatever compliance standards apply to your organization, a least-privilege policy is likely required to protect sensitive data like payment or personal health information. A PAM solution also enables you to prove your compliance by generating reports of privileged user activity—who is accessing what data and why.

Additional use cases include automating the user lifecycle (i.e., account creation, provisioning, and deprovisioning), monitoring and recording privileged accounts, securing remote access, and controlling third-party access. PAM solutions can also be applied to devices (the Internet of Things), cloud environments, and DevOps projects.

The misuse of privileged access is a cybersecurity threat that can cause serious and extensive damage to any organization. A PAM solution offers robust features to help you stay ahead of this risk.

• Provide just-in-time access to critical resources

• Allow secure remote access using encrypted gateways in lieu of passwords

• Monitor privileged sessions to support investigative audits

• Analyze unusual privileged activity that might be harmful to your organization

• Capture privileged account events for compliance audits

• Generate reports on privileged user access and activity

• Protect DevOps with integrated password security

Check resource

Confidentiality

If you think cyber security, you should think CIA. No, not those spy guys, A different kind of CIA, what i mean is confidentiality, integrity and availability these three things make up something we called the CIA triad. Now let talk about those idea in more details. so first of all, confidentiality, that's the idea that only an authorize user should be able to see particular information and access of particular resources. so in order to do that lets take an example. lets say this is David, he is an authorized user and he want to read the particular data. so what we do, we will probably put some sort of security system, some sort of authentication, authorization, multi factor authentication, some sort of encryption capability so that David goes access of these resources and he given access. but on the other hand, if we have an unauthorized user who want to do the same thing, he tried to enter in the system and they are blocked. so that's what really confidentiality is about. the very simple concept and its not harder to implement. A lot of time the confidentiality is same refer as privacy. Now in a modern information technology confidentiality is really involves in more things. So confidentiality is the first of a CIA triad.

Integrity

How about next, integrity. So integrity means that if i place an order for let say of 100 widgets. if someone can come alone later convert into 100,000 widgets or a million or change the number entirely. or delete the records entirely. in other words the information is trustworthy, it is true to itself in another way think of it. so with integrity technology what we do is, we are looking for tampering and we detecting that and alerting someone so they know that this data has no longer trustworthy. a bad guy for instance might try to come into a system after he hacked it and change the log file to remove any record that he was there in the first place. that would be an integrity attack. so we need security capability to ensure the system is true to itself.

Availability

And in the last part of a CIA triad is availability. in this case is about making sure the authorize user has access to the resource that they need, when they need them. So for instance we have authorize user here and they want to access a particular server so when they come, they get access, as they expect. however, we could interrupt with the case where we have malicious actor, who comes in and floods the system with too much traffic therefore taking it down, making it not available. we refer this as a denial of services attack. And a denial of service attack can take a lots of different form. that a basic idea that a bad guy is preventing a good guy from getting access to the system. so wen we comes down to security, again think CIA, not those spy guy but the CIA triad and used that as a checklist. whenever you come up with new security project, go back over this different angle of the cia triad and say did i cover confidentiality? did I cover integrity attacks? did I cover availability. if I got all those things covered then his job finished.