Introduction

The Epiphany Intelligence Platform’s mission is to accelerate the ability for anyone to understand and act on cyber risks by differentiating between what is merely vulnerable to what is exploitable. We believe that time to context matters, and security should be consumable for any risk decision maker. Our goal is to provide actionable insights on where the most likely exploitable points of risks could occur in the daisy chain from an initial compromise to a material/significant event that could affect your organization and its stakeholders. Thus, we believe protecting your data is a sacred responsibility. We are committed to being transparent about our security practices and helping you understand our approach.

To be transparent we must first and foremost start with the actual risks that we as your solution provider could pose to your organization. We are not an active control so we could not be used as a weapon to directly shut down your business. We do not directly collect sensitive data from your organization; however, we do ingest data that could be sensitive in nature about your environment and turn those into actionable insights as to where you are most exploitable in ways that could cause material harm to your organization or your stakeholders. So, we pose a potential aggregation risk since the enriched data and attack path mapping we provide could in some cases be more sensitive than the independent data silos that already exist within your organization today.

This document is intended to explore the primary risks that could occur, the likely exploitable attack paths, and our approach to controlling for those risks. Some aspects for control to mitigate the potential risks with the use of the Epiphany Intelligence Platform will be our responsibility and some responsibility will be rest with our customers. Working together, focusing on the potential exploitable attack paths of where the Epiphany Intelligence Platform could be used to cause harm, we believe our risk as a 3rd party will be low.