See Which of Your Accounts Are Most Vulnerable Before an Attacker Does
97% of identity attacks are large-scale password attacks.
(Microsoft Digital Defense Report 2025)
94% of leaked passwords are reused across multiple accounts.
(MIT 2025)
3% of passwords meet NIST complexity requirements.
(Verizon 2025 DBIR)
We’ll Identify Any Gaps in Your Credential Policy Enforcement
Shared or duplicate passwords across the domain
Weak passwords
on high-value accounts
Gaps between password policies and user behavior
“Complex” passwords that crack in seconds
With No Production Downtime or Risk.
Expand only if there is meaningful exposure.
Free Active Account Exposure Report
Paid Detailed Evaluation & Findings Review
A fast, high-level review of credential exposure indicators across accounts, policy gaps, and common credential weaknesses. No paid evaluation is required after the free snapshot.
A deeper expert-guided review with expanded findings, compromised account details, remediation guidance, audit tracking and retesting support.
- % of accounts vulnerable to compromise
- Exposure across user, admin, and executive accounts
- Common credential weaknesses
- Time-to-compromise indicators
- High-level risk summary
- Everything included in the free snapshot
- Expanded findings across key risk areas
- Credential exposure & attack path validation
- Remediation review & guidance
- Portal access & retesting support
Guided Evaluation & Findings Pricing
When a free snapshot identifies meaningful exposure, the guided evaluation provides expanded findings, remediation guidance, and report walkthrough support.
Up to 499 Accounts
$4,999
Flat Engagement Fee
Guided evaluation, findings review, remediation insight, and report walkthrough included.
Up to 1999 Accounts
$9,999
Flat Engagement Fee
Guided evaluation, findings review, remediation insight, and report walkthrough included.
Additional Accounts
$1
Per Additional Account
Applied to accounts exceeding 1999 within the evaluation scope
Frequently Asked Questions
Will this impact Active Directory or production systems?
The evaluation is designed to be low-impact and non-disruptive. Scapien provides a documented collection script, and your team runs it inside your own environment under your own control. The script reads the required credential and directory data; it does not change users, groups, passwords, policies, or domain configuration. The script also prompts your team to notify your SOC, MDR, or EDR provider before collection begins, and again when collection is complete so any temporary monitoring exceptions or controls can be restored.
What permissions or access are required?
Scapien does not need direct access to your Active Directory, Entra ID, domain controllers, or production systems. Your authorized administrator runs the collection script using the permissions required to read and export the necessary credential and directory data. For Entra ID, read-only Microsoft Graph permissions may be required depending on the agreed scope.
What data is collected, and does anything leave our environment?
The evaluation collects password hash data, account metadata, group membership, password policy information, and related directory context needed to assess credential risk. Plain-text passwords are not collected from Active Directory. After collection, the package is sent to Scapien via SFTP and, upon successful upload, is immediately encrypted using a customer-specific encryption key. Customer data is stored encrypted and is only decrypted when required for evaluation and processing.
How long does the evaluation typically take?
The customer-run collection process is usually short. In most environments, the actual extraction and upload takes only a few minutes and is typically completed in under 30 minutes, assuming the customer’s security team has been notified and any necessary monitoring exceptions are ready. Very large environments, unavailable security teams, or restrictive EDR controls can extend the collection window. After upload and scheduled, Scapien typically runs a credential evaluation over a controlled analysis window of up to 12 days, designed to approximate real attacker dwell time and provide a more realistic view of credential exposure.
Is the evaluation read-only?
Yes. The collection script is read-only against Active Directory and Entra ID. It does not reset passwords, modify accounts, change policies, install agents, or make configuration changes. The script is documented so your team can review what it does before running it, and it notifies your team to delete local collection files after the package has been successfully uploaded.
Who will have access to the findings and results?
Access is limited to authorized Scapien personnel involved in the engagement and the customer-approved users designated to receive the results. Customer data is encrypted at rest using customer-specific encryption controls and is only decrypted when required for processing. The summary PDF report is encrypted, and if the full report is purchased, the data is decrypted and migrated to iPAS, Scapien’s portal, where access to customer data is tightly controlled.
Have additional questions?
Gain visibility Before Risk Escalates
No agents. No production access. We send you a script that extracts only encrypted credentials. Works for Active Directory and Entra. If we find nothing, we say so and we’re done. No charge, no follow-up sales gauntlet.
