Path Finder
Last updated
Last updated
Attack paths identify the biggest material risks in your organization. You can view attack paths in Epiphany’s path finder:
In the left navigation menu, expand Attack Path Tools and then select Path Finder.
Attack paths are based on calculations and evaluations of how hard it is for an attacker to transition from one spot to another, and how valuable of a "prize" that an attacker can gain. Epiphany analyzes details such as:
What kind of resistance there is along the way (the difficulty of leveraging a vulnerability, the presence of endpoint protection, etc.)?
What value is inside the attack path (does progression along the path increase the ability of an attacker to go further)?
What ultimate goal or prize is at the end of an attack path? How impactful or detrimental could it be to the organization if an adversary accesses that goal?
At the bottom of each tile, there are Quick Info and Detailed Path options. Select Quick Info to see a view of an attack path.
To see more detailed information about the path, select Detailed Path. This view provides access to much information about the path. You essentially see the same path as the Quick Info view. However, in the Detailed Path view, you can select or roll over various areas to get additional information.
This view is home to much detailed information to help resolve attack paths. Roll your mouse over or select the various icons to display a wealth of useful information:
Select an icon in the view (such as the workstation icon on the far left or a circled "!") to see a pop-up providing information about relationships and recommended steps for preventing a potential breach, along with the outcome of addressing it. In this view, if there are numbers at the bottom, select them to step through additional recommendations. There may be many different ways to break an attack path, some more acceptable based on business impact than others - each recommendation will offer an outcome that may also break other attack paths.
Note that you can assign a ticket to the item, which gives you the ability to assign a person to address the issue. Epiphany's ticketing system has many features you can use to watch the status and progress of each ticket.
If you roll your mouse over an icon, a circled "i" (for "information) appears. Select the icon to display information about the node.
If you roll over an icon, colors change to indicate areas of material risk (orange) or critical material risk (red). In the image below, notice the words "Full Control Of" indicating that users or groups could potentially access critical items such as domain controllers. This is an example of where you can roll your mouse over the "jewel" icon and it changes to a "circle-i" icon that you can click on to get the detailed resolution information shown above.
Select Expand All to expand all the nodes to see relationships. then select Collapse All to return to the previous view.
At any time, select Reset to remove any information from the view and see the original view.
Select the tools icon in the upper-right corner to see a list of the Top Recommendations of steps to take to remove risk from the attack path. Select the left-pointing arrow to remove the list.
