SECRET SERVER FEATURE: Discovery
Find Unknown and Unmanaged Privileged Accounts
Overview of Discovery:
The first step to a comprehensive PAM strategy is ensuring you have complete visibility of all types of privileged accounts.
When you don’t know where privileged accounts exist, you may be leaving backdoor accounts in place that allow users to bypass proper controls. External threats may create privileged accounts for later access that can go undetected for months.
Automatic Discovery makes it easy to find all privileged accounts so you can set policies to manage them appropriately. Secret Server can automatically find privileged accounts and map existing secrets. Continuous Discovery alerts you when unexpected accounts are found. Rule-based imports can import the unmanaged accounts you find into Secret Server.
For more information on configuring Discovery, please review our KnowledgeBase walkthrough.
Discover Local and Active Directory Privileged Accounts
Secret Server can scan your network for local admin accounts and pull information into Secret Server’s secure repository. For example, Secret Server can scan your network, find every laptop and then take control of the local admin account by changing the password (applying your organization’s password policy) and controlling future access to those credentials in the Secret Server repository.
What unknown and unmanaged privileged accounts exist in your environment? Take a look at Delinea’s Free Privileged Account Discovery Tool for Windows
Discovery can also be extended using PowerShell to find privileged accounts in your IT environment if Secret Server doesn’t have an out-of-the-box connector. Discovery scanners can run custom PowerShell scripts as well as our built-in scanners for Active Directory, UNIX, and VMWare ESXi. You can use one or more built-in or custom scanners at each step of the discovery process: host range discovery, machine discovery, local account discovery, and dependency discovery. As a result, you can now determine which dependencies are scanned for each Active Directory domain rather than globally on the Discovery Configuration page.
Learn more about Scriptable Discovery.
Amazon Web Services Discovery
Privileged accounts for AWS resources are created quickly and may be abandoned just as quickly. With such a fluid process, it’s difficult for security teams to stay on top of how many privileged accounts have access to AWS, make sure they’re set up properly, and remove them when they’re no longer needed. To match the fluid nature of these accounts, continuous AWS account discovery is an essential cloud security control PAM teams need in their arsenal.
Google Cloud Discovery
Security and IT administrators can easily identify active resources in Google Cloud. Secret Server connects to Google Cloud infrastructure to detect running Windows and Linux instances and identify accounts being used on those resources. Once you know which accounts are used, you can secure Google Cloud Platform IAM service accounts with Secret Server controls such as secret creation and key rotation.