View Potential Exposure to Material impact
A guide to the workflow for using different areas to view potential material impact.
Last updated
A guide to the workflow for using different areas to view potential material impact.
Last updated
A material impact is an event that, if it occurred, would result in substantial harm to your business.
Viewing potential exposure to a material impact can be accomplished in multiple places in Epiphany. The Dashboard, Risk Explorer, and Business Impact Matrix (BIM) all track different aspects of how attack paths can impact your organization. For the Epiphany-specific process we'll use the following workflow:
Check the dashboard.
Check the business impact matrix (BIM).
Check the Path Finder.
Check the Threat Check Report.
Epiphany's dashboard includes several components you can use to track different aspects of an attack path's potential impact to your organization. Many of these components measure changes over time so you can see changes to critical aspects of your exposure.
The most common dashboard components are those that focus on the biggest areas of potential exposure. Exposed Devices, Exposed Groups, and Exposed Users components, as well as components that focus on Objectives such as the High Value Applications component that tracks how many potentially high-value applications Epiphany can build attack paths to.
The Business Impact Matrix (BIM) is an interactive user-driven prioritization system within Epiphany that allows for grouping of devices, applications, and users into logical collections. The BIM is unique in that it will show you what nodes are potentially in attack paths for both those that are grouped and those that haven't been grouped. To access the BIM, go to Attack Path Tools -> Impact Matrix.
The BIM iconography allows for the quick understanding of what assets might be at risk based on their group coloring (criticality) as well as the colors of the path icon.
Purple Path Icon. The presence of this icon represents that the asset is part of an attack path and is associated with a BIM group, in this case the "Test Group." Right-click to display Node Details where you can see the specifics about this node and any potential attack paths it is part of.
Red Path Icon. The presence of this icon in a search represents that this asset is part of an attack path and it is NOT associated with a BIM group. Right-click to display Node Details where you can see the specifics about this node and any potential attack paths it is part of.
The Path Finder cards quickly show you the potential impact of any unique attack path by displaying the Target node. The cards are sorted by highest criticality impact first. To access the Path Finder, go to Attack Path Tools -> Path Finder.
The Path Finder Card shows the Target (C_014563@DEMO.EIP.IO) of the attack path as well as other critical data about the impact including BIM Group membership, similar paths, and the types of prizes available to an attacker within the path.
The Threat Check report is a specialized report designed to cover all the key areas of your exposure management journey. It contains periodic information designed to help you visualize your potential for material impact. In the report, the Exploit Indices -> Key Indices are designed to do just that.
The Exploit Indices are a helpful way to track the some of the biggest risk movers within your environment, both positive and negative. The overall improvement or decline is covered by the following visual indicators:
Size. The larger the square, the bigger the delta (change) between the current and previous reporting period.
Color - Just as with criticality, the indices are measured in positive (green) improvement and negative (red) degradation. Blue represents a change of less than or equal to 5%.
