Validate and Manage Assets and Devices in Your Environment
Learn how Epiphany validates and manages assets
Last updated
Learn how Epiphany validates and manages assets
Last updated
Epiphany focuses on finding the conditions that create risk in your organization's devices from things such as lack of defensive controls, misconfigurations, and vulnerabilities, as well as illustrating how an attacker might use those conditions. Epiphany views multiple aspects of a device when it considers its risk to an organization, including its users, attack surface, applications, defenses, and position within the environment.
Outcomes:
You can use Epiphany’s Inventory tool to view all your assets and devices, aggregated from all your data sources. View details such as risk level, the number of risks, and the number of entry points for individual devices.
You can use Epiphany’s Rogue System Detection to identify where agents need to be installed, fixed, or reconfigured and to discover devices you thought were decommissioned but are still in use. Use Rogue’s query builder to create custom queries showing users who are in and/or out of certain groups, thus highlighting where to take corrective action.
You can use Epiphany’s Search to display information about all users, aggregated from all your data sources. Limit the search results to show only users using a particular operating system or with a critical risk level, then download the file to a CSV to use for remediation planning.
You need to identify which systems across your environment have a specific vulnerability, live in a specific network segment, and are used by accounts with privileged access. Epiphany aggregates data from multiple data sources, providing a unified asset inventory across multiple data sets. Epiphany’s inventory search feature operates as an “explorer,” making queries possible even when the data is spread across multiple sources, such as Microsoft Active Directory, endpoint protection, and vulnerability management systems.
Epiphany’s Inventory tool looks at all your assets and devices, then allows you to drill into groups such as all the devices with a particular operating system. You can see the total number of devices and devices in groups such as Windows devices, Linux devices, and network devices. Or you can search for things such as Windows or Linux to display just the devices using either of those operating systems.
The Inventory tool is the central aggregation point of all unique devices that Epiphany discovers across all data sets reporting device-related information. This can come from vulnerability scanners, endpoint agents, network management systems, and access management systems, as well as others. Epiphany attempts to simplify this view for you by showing you the most-used counts in most organizations: the overall total number of unique devices in your organization (Total Devices), the number of unique Windows Devices, the number of unique Linux Devices, and the number of unique Network Devices. These can be used to quickly understand where you may have gaps between your configuration management database (CMDB) and your individual data sources (which can be explored in Epiphany’s Rogue Reporting tool).
For any individual device, you can click on Node Details to see specific information about the device, such as its Risk Level, total number of risks (Total Risks), and the number of Entry Points it has. Its specific Entry Points are listed, making it easy for you to know where to target remediation efforts.
You are migrating from one endpoint protection solution to another and need to find the systems that are not yet on the new solution. And you need to verify that all required tools are correctly installed across the environment. Epiphany makes it easy to identify systems where agents need to be installed, fixed, or reconfigured. Epiphany’s Rogue System Detection visually shows you your tools’ coverage. You can perform queries based on set logic and display and export target lists. If your organization has a compliance requirement, which may include having one or more tools installed, non-compliance is visually identifiable in seconds.
You have a number of devices you believe are decommissioned (for example, network devices still on your network or systems still establishing sessions). You need to identify and target these devices for removal. Epiphany can discover devices and agents that were thought to be decommissioned but are still in use. Epiphany’s Rogue System Detection visually shows you situations such as computers that still authenticate via Active Directory but are running older unsupported agents (or no agent at all).
The most powerful tools in device management are knowledge and visibility. Most organizations struggle to know where they have devices that are misconfigured, unmanaged, or rogue. In other words, devices that don't match their expected security configurations. It can be a complex task to sift through so much information. Epiphany simplifies this for you.
Epiphany's Rogue Report distills otherwise mountainous sets of data into simplistic diagrams and tables that you can search for the systems that might pose a great risk to your organization due to things such as their misconfigurations or absence in a critical data set. Most organizations do not realize that each tool within their environment manages data in different ways and for different time periods. Tools that are used to discover devices can only give point-in-time reports and endpoint agents sometimes go stale, disappearing from the tool all together. Epiphany attempts to bridge that by using all the data at its disposal to illustrate to you the true state of your environment and how your tools relate to each other.
The simplest way to describe the data in Epiphany’s Rogue System Detection is to think of Venn Diagrams. They show you where data intersects and where it doesn't. The overlapping circles show your coverage. In the next image, you can see two antivirus platforms: Crowdstrike and McAfee. You can also see that there’s a large outset of devices using Nexpose that aren’t being scanned for vulnerabilities by Crowdstrike or McAfee.
In addition, ideally, all of the devices that are reporting into Windows Active Directory would have all the circles. Basically, the circles should be sitting on top of each other to represent full and complete coverage.
You can use Rogue’s Query Builder to show users in and/or out of certain groups. For example, you can create a query that shows you all the users in Windows Active Directory who aren’t using Crowdstrike.
You are planning resolution for areas where agents need to be installed, fixed, or reconfigured and removing devices and agents that were thought to be decommissioned but are still in use, and you need to quickly locate information about device names, IP addresses, installed applications, risk levels, users, and groups. Epiphany provides multiple ways to search and display detailed information. Epiphany provides “Explorer” style searching capability across data sets, giving you quick and easy access to rich data within a few mouse clicks.
Epiphany is a data-driven platform, designed to empower you to find the data you need as quickly as possible. There are multiple places to search for anything in Epiphany, but on the Inventory page you can use the search field to look for device names, IP addresses, installed applications, risk levels, and more. As an example, a of search "Windows" yielded 20137 results in the inventory since it includes all operating systems with Windows in the name as well as any installed application since because did not limit the search.
Epiphany’s full Search lists all the users in your environment. For each user, it shows their name, IP address, risk level (critical, high, medium, or low), their common vulnerabilities and exposures (CVEs), the group to which they belong, their operating system, and entry points.