Discovery
Discover machines, databases, accounts and services across your on-prem and cloud infrastructure
Last updated
Was this helpful?
Discover machines, databases, accounts and services across your on-prem and cloud infrastructure
Last updated
Was this helpful?
Keeper Discovery empowers DevOps, IT Security, and software development teams with complete visibility into all privileged accounts and IT assets within your organization. Through the Keeper Gateway, Keeper Discovery can identify assets across your infrastructure in the following target configurations:
Local Environment
AWS
Azure
Organizations often struggle with maintaining visibility over privileged accounts and IT assets across increasingly complex infrastructures, including on-premises environments and multi-cloud setups. This lack of visibility can lead to unmanaged accounts, misconfigurations, and potential security vulnerabilities.
Keeper Discovery solves these challenges by:
Providing Centralized Visibility: Automatically discovering and cataloging privileged accounts and IT assets across local environments, AWS, and Azure.
Strengthening Security Posture: Identifying unmanaged accounts, misconfigurations, and security risks to proactively address vulnerabilities.
Streamlining Discovery: Simplifying the process of asset discovery using the Keeper Gateway, enabling seamless integration into your infrastructure.
Empowering Teams: Equipping DevOps, IT Security, and software development teams with actionable insights to manage and secure accounts and assets effectively.
Enhancing Compliance: Ensuring an accurate inventory of privileged accounts and assets for audit and reporting, helping meet regulatory requirements.
Keeper Discovery operates on a zero-knowledge model, ensuring that neither Keeper's infrastructure nor its employees can view, access, or decrypt any discovered assets. All discovery tasks are executed by the Keeper Gateway within the customer's environment. The gateway encrypts findings and securely exchanges data with the Keeper Vault and privileged users via the Keeper Secrets Manager APIs.
For more information, see the Architecture section
Keeper Discovery is part of the Zero-Trust KeeperPAM Platform. Keeper Discovery has the following features:
Create a discovery job to scan assets through any Keeper Gateway
View the status of running discovery jobs
Kill discovery jobs
Automatically apply rules to either Add, Ignore or Prompt for saving a record
Rules are constructed through a customizable Rules Engine
Found resources can be added to a specified Shared Folder
Keeper's Discovery system first performs a scan of resources, based on the Keeper Gateway capabilities and the defined PAM Configuration.
After locating resources, a rules engine converts the findings into Keeper records and adds those resources to Shared Folders. The types of Keeper Records that can be created are:
Once resources are discovered, the interactive discovery process enables users to link administrative credentials, such as username/password combinations or SSH keys, to the identified resources. After the initial discovery and credential association, users can initiate a deeper discovery to identify local users and services within each target resource.
Keeper's encrypted data storage model organizes these associations—environments, Gateways, Resources, Accounts, and Services—into a Graph structure. This PAM Graph represents the environment as a hierarchical set of parent-child relationships, allowing KeeperPAM to map and visualize the environment effectively.
Discovery can be managed through the Keeper Commander CLI and soon through the Vault UI.
The next section demonstrates how to use Keeper Commander for performing discovery.