Manage Exploitability
Learn how Epiphany manages exploitability.
Last updated
Learn how Epiphany manages exploitability.
Last updated
A vulnerability is an adversary’s ability to exploit a condition. Epiphany analyzes vulnerabilities and measures their exploitability and how they can be used to start or create an attack path. It takes an attacker’s perspective regarding which vulnerabilities are the most advantageous to exploit and then prioritizes them based on their ability to create a material impact. Epiphany displays this information, providing you the context in which they are likely to be used, making it easy for you to plan remediation.
As organizations transition from a vulnerability score-driven approach to a risk-based vulnerability management program, Epiphany offers a unique view on vulnerabilities. Epiphany can track multiple metrics about a vulnerability and correlate that with an attacker’s ability to use it to create a material impact.
Epiphany aggregates all of the unique vulnerability data from any source connected to the platform onto one page for you to explore. This helps eliminate wasted time searching for vulnerability information and doing one or more impact analysis of each potential vulnerability. Epiphany does all the analysis and prioritization for you based on the ability for the vulnerability to be used to cause a material impact.
Epiphany only recommends patching vulnerabilities that meet three key criteria:
It is technically feasible to exploit the vulnerability.
The vulnerability is in active use. This means it is used by an active persistent threat (APT) or ransomware.
The vulnerability is associated with an attack path that creates material impact.
Epiphany prioritizes those that these criteria above all else.
Outcome:
When a scan of your environment uncovers vulnerabilities across your systems, you can use Epiphany’s Vulnerability tool to view the vulnerabilities it makes sense to resolve first, based on the material impact to your organization. Use this information to create a prioritized working list of vulnerabilities to remediate in your environment.
A scan of an environment uncovers several thousands of vulnerabilities across systems numbering from the hundreds to the hundreds of thousands. Rather than prioritizing remediation by CVE score, device role, or change window availability, Epiphany offers the ability to prioritize patches based on material impact. Epiphany provides a macro level view of vulnerabilities in an organization, prioritized by material impact to objectives deemed as critical. You can create a prioritized working list of vulnerabilities to remediate in an environment.
Epiphany’s Vulnerabilities tool puts all the information you need to make a decision about what to patch and what not to patch at your fingertips, with the full knowledge of why a vulnerability should be addressed. The philosophy in Epiphany is to accelerate your ability to take action by orienting your decision-making around why an attacker would want to use the vulnerability.
The Epiphany Vulnerability Overview tracks key areas of the attack surface that a user needs to be aware of in order to make a decision. It includes this information:
Active Vulnerabilities. The total number and types of unique vulnerabilities that an attacker could technically use within your environment. Epiphany breaks these down into different scores based on their technical complexity. The different types are represented by colors in the circle.
Foothold Vulnerabilities. The total number of unique vulnerabilities in your environment that are associated with a foothold (the start of an attack path).
Edge Vulnerabilities. The total number of unique vulnerabilities associated with edge devices within your environment. This data can come from network devices directly, network management systems, or vulnerability scanners.
Exploitable Devices. The total number of unique devices that are exploitable within your environment. Note that not all of these devices have to be associated to an attack path.
The Vulnerablity Overview is the single aggregation point for all of the unique data Epiphany has collected from each data source, including itself. This allows you to double-check your scanners and endpoint agents for discrepancies. This tool includes this information:
Severity. The number of unique vulnerabilities, by severity, as reported by your data sources.
Category. The number of devices in unique categories such as workstations, servers, printers, etc., across all vulnerability data sources.
Operating System. The number of unique devices, by operating system, across all vulnerability data sources.
Epiphany’s Organizational Vulnerabilities allows you to focus on only the unique vulnerabilities that are directly associated with attack paths. You can see:
Vulnerabilities. The total number of unique vulnerabilities reported for all vulnerability sources, including Epiphany.
Exploitable. The total number of unique vulnerabilities that are technically capable of being exploited within your environment. This includes those with POC code, commercial tools, known malware, and APT toolkits. Epiphany will rank them according to several factors including these.
Actively Used. The total number of unique vulnerabilities that are being reported, by Threat Intelligence sources, to be actively utilized by bad actors. The CISA Known Exploited Vulnerabilities Catalog is an example of one such source.
In Paths. The total number of unique vulnerabilities that are exploitable, actively used, and associated with an attack path within your environment. This number should be less than 1% in most cases, even in large environments. Epiphany cares only about the vulnerabilities capable of causing a material impact.
The vulnerability data provided by Epiphany is unique to Epiphany and represents the aggregation of multiple data sources as well as Epiphany's own analysis of the technical attributes of the vulnerability and its exploitability within the context of your environment. You can use this data to understand how a vulnerability might impact a system or an application before you determine if you should apply a patch.
