Getting Results: Data Source Outputs
Last updated
Last updated
Now that you have a better understanding of what the Epiphany Intelligence Platform does and what data it uses, it’s useful to understand what outputs you can reasonably expect from that data. This is not comprehensive, as the richness of the output depends on the quality of the data collected. However it provides a baseline for you to use as a frame of reference. Please communicate with your solutions provider or Reveald contact for more details specific to your environment.
Identity data is critical, and without it the ability to show value in the analysis of other data sources is dramatically impaired. With that said, providing sufficient identity data will allow the platform to provide you with visualizations of risks based on the concept of “assumed breach.”
"Assumed breach" is when we assume that every device can be compromised and any identity on the device could be exposed. Every device that Epiphany can find could be a starting point. Based on these premises we build maps to show how attackers can traverse the environment to accumulate permissions to access anything. While assumed breach is useful, it fails to answer several questions:
How possible is it for this device to truly be exploited?
What are the most desired destinations (in other words, what are our critical assets)?
What friction coefficients exist to make it difficult to reach those assets?
How possible is it for an attacker to transition at each point in an attack path?
In what order should these security gaps be remedied?
Endpoint data will enrich the attack paths and provide more functional information. Its data enriches the recommendations engine specific to endpoint related risks.
Attack path priorities will shift. Endpoint solutions represent resistance, which changes the prioritization of your area of focus. A device with no antivirus protection is easier to establish a foothold on than a system with protection.
In the same fashion that endpoint data provides more information around friction points, the way in which risk is ranked will be refined with additional points of (validated) reference. Network data allows Epiphany to understand the “blast radius” of a potential compromise in the case of malware and network-based attacks.
Arguably one of the most important features of Epiphany is the ability to help prioritize which gaps to close first. Incorporating vulnerability data does the following:
Adjusts the attack path priorities.
Enriches the recommendations engine.
Provides patch prioritization. The prioritization of vulnerabilities that can be patched will be done at level much more granular than what is offered on the market. You’ll know what patches need to be applied to what devices, and in what order.
