Danger is a situation that pre-exists an incident. Should you scale back safety threat, you’ll scale back safety incidents. Epiphany is a brand new threat detection and quantification platform that highlights, qualifies and quantifies the dangers that happen inside the technical construction and customers of a community, giving the safety workforce the chance to remove the danger earlier than an incident.
The Epiphany Intelligence Platform from DigitalWare gathers info on the IT infrastructure and its customers, after which makes use of adversarial modeling and countermeasure evaluation to find dangers and quantify the probability of adversarial success towards that threat. On this approach, it may be seen as automated threat triaging in the identical approach as analysts manually triage alerts — however earlier than the alert stage is reached.
The system gathers info on each node on the community, inspecting each its customers and connections to different nodes. With its information of exploits and vulnerabilities, Epiphany can plot a possible attacker’s route from entry to focus on asset, and measure the success probability of this route being exploited.
The outcomes are reported in a way that might be as significant to enterprise leaders as they’re to safety leaders. For instance, at one degree threat is measured and reported as successful proportion: a threat given successful price of 70% or above is a severe threat that must be remediated instantly. Something measured at 30% or under could possibly be left till extra time is obtainable. However from this very excessive degree, the reporting can drill all the way down to particular person nodes or property and present how they are often exploited for community traversal.
An instance of Epiphany’s threat detection will be present in phishing. Phishing is a threat that can not be eradicated. Nonetheless, Epiphany can plot the danger arising from the profitable phish of any consumer’s credentials. It is aware of what property will be accessed by these credentials, and what potential routes will be opened by these credentials. It evaluates and experiences on the power of current safety controls to dam these routes.
“We have a look at the nexus between the state of the asset the consumer is working on, and the consumer’s operational context,” Rob Bathurst, DigitalWare CTO, informed SecurityWeek; “which means what permissions have they got, what sort of area are they on, what teams do they belong to — after which we have a look at that consumer’s significance to the enterprise. Is the consumer in government administration, does she or he have necessary connections to different folks. If we perceive the construction of the group, and we perceive the technical attributes related to the account — its area presence — does this make the consumer much less secure or extra secure in a given operational state of affairs. It is actually the distinction between whether or not the consumer is driving down the highway in an armored automotive are they driving down the freeway on a bicycle. The chance is totally completely different.”
The client group tells Epiphany what its vital property are, and Epiphany builds all of the routes by which these property will be reached and compromised. The numerous 1000’s of potential routes are compressed into the most definitely routes — the principle avenues — by which a compromise could possibly be achieved. “The attacker might use this mix of accounts and vulnerabilities and configuration points and accesses to maneuver from the entry level to focus on,” continued Bathurst, “which could possibly be something from a site admin account to an utility or database,” A report on the routes discovered not solely provides the potential assault route, however the methodology that may be exploited to maneuver from one node to the subsequent en path to the vital asset.
“Epiphany thinks the identical approach an adversary would within the setting and it provides you kind of the treasure map that in the event you have been an attacker you could possibly use to traverse the community to achieve the goal.”
Passwords are one other threat discovered and measured by Epiphany. It appears to be like at frequent dangers, like passwords over 180 days previous, or whether or not area admin accounts are getting used as service accounts. It appears to be like at commonality of keys, the place SSH keys is perhaps shared throughout completely different privilege ranges. It might look at your entire Energetic Listing construction for the entire group or completely different divisions inside the group. “The consumer’s persona, all the accounts and all the accesses, is captured by Epiphany,” stated Bathurst. “So, we will say that if this consumer is compromised in any approach, the attacker now positive factors entry to all these extra credentials.”
This threat visibility may also be supplied inside the Operational Know-how (OT) community. “It might discover assault paths from machine to machine contained in the OT community, which your typical vulnerability scanner can’t,” he continued. “Should you have a look at the BlackEnergy assault that passed off within the Ukraine, that was truly a controller to controller assault — they by no means left the OT community. It went via one PLC to a different PLC. Epiphany would have been in a position to mannequin the connection between them to indicate that if an attacker have been in a position to get right here, they may then straight assault this different weak PLC with out ever going again to the core community.”
Epiphany gives the info for enterprise to know the dangers that lurk within the community, and the safety workforce to know which dangers are most pressing. It doesn’t at present try to repair the dangers routinely, however merely gives the info to the safety workforce. It’s engaged on elevated automation, however is concentrating on areas the place it may embody ‘a human within the loop’ situation the place a human will approve the change earlier than it occurs.
Associated: OT Networks Important Elements of IT Danger Administration, Governance
Associated: Realizing Worth of Knowledge Belongings is Essential to Cybersecurity Danger Administration
Associated: Cease Utilizing CVSS to Rating Danger
Associated: Danger-Based mostly Vulnerability Administration is a Should for Safety & Compliance