Epiphany Validation Engine User's Guide

Overview

Epiphnay Validation Engine (EVE) is a Next-Generation Attack Emulation Platform, which allows the user to perform tests by using developed and manipulated artifacts, samples and scripts to truly test the different cybersecurity systems, processes, and personnel that oversee security.

EVE enables security operations centers, information security professionals, and incident response teams to perform a pragmatic evaluation of implemented cybersecurity solutions focused on objectively addressing real threats. To achieve this goal, EVE uses artifacts and samples used by attack groups to test the company's security measures.

Emulations

EVE evaluates three key security vectors: network, endpoint, and execution. These vectors are crucial for assessing the effectiveness of an organization's defenses against cyber threats. By emulating attacks across these areas, rThreat helps identify potential vulnerabilities and strengthens the overall security posture.

1. Network Vector

• Purpose: The network vector focuses on evaluating the security of an organization’s network infrastructure. This includes firewalls, IDS-IPS, NDRs and other network security devices.

• Outcome: By testing the network vector, EVE helps organizations identify weak points in their network defenses and provides insights into how well the network is segmented, how traffic is monitored, and how threats are blocked or mitigated.

2. Endpoint Vector

• Purpose: The endpoint vector assesses the security posture of individual devices within the network, such as computers, servers, and mobile devices.

• What it Tests: This vector involves simulating attacks that target endpoint devices, including malware infections, ransomware, privilege escalation, exploitation of software vulnerabilities, scripts and others. It evaluates the effectiveness of endpoint protection solutions like antivirus, endpoint detection and response (EDR) systems, and other endpoint security tools.

• Outcome: The results from testing the endpoint vector reveal the ability of the organization to detect, respond to, and recover from endpoint-based attacks. It also highlights the security hygiene of the devices, such as patch management and user privilege controls.

3. Execution Vector

• Purpose: The execution vector examines how well an organization can detect and respond to the execution of malicious code or unauthorized scripts within their environment.

• What it Tests: EVE simulates scenarios where malicious samples or scripts are executed on a device or within the network, such as remote code execution, malware, and script-based attacks like PowerShell exploits. It tests the organization's ability to monitor and control the execution of code and to implement security controls like application whitelisting or behavior-based detection.

• Outcome: Testing the execution vector helps organizations understand how vulnerable they are to threats that rely on code execution. It assesses the effectiveness of controls that prevent unauthorized or malicious code from running and measures the speed and accuracy of threat detection and response.