CASE STUDY: Global Industrial Company
heroimage

Cyber Defense for GIC's

Operational Technology

Protecting from breaches and identifying potential attack paths using the Epiphany Intelligence Platform

read the full story
Integrations


Active Directory



Global Industrial Company (GIC) Protects Operational Technology Systems from Security Breaches With Reveald’s Epiphany Intelligence Platform

The Epiphany Intelligence Platform Identifies Attack Paths Potentially Enabled Through Computers in the GIC’s Break Rooms

Synposis

A global industrial company (GIC) operating in over 80 countries with over 20,000 employees and over 200 factories needed to understand its security posture. Its ecosystem spans a broad array of holdings, technologies, and investments including public and private companies, world-class building solutions, performance materials, real estate, and next-generation solar technology.

Using the Epiphany Intelligence Platform, Reveald identified a number of issues, including several computers located in breakrooms that had the potential to enable attack paths leading to the compromise of high-value targets. Based on Reveald’s guidance, the GIC was able to remediate these issues in its IT environments and its factories’ OT environments.

Challenge

A global industrial company (GIC) initially approached Reveald at the annual Black Hat USA cybersecurity conference. They were impressed with the Epiphany Intelligence Platform, saying they’d never seen a tool do attack path analysis like Epiphany. The GIC initially asked Reveald to use the Epiphany Intelligence Platform to help them prioritize their attack surface vulnerabilities that needed to be patched as the focus of a proof-of-concept endeavor. The GIC includes IT and operational technology (OT) environments in its over 200 factories.

Reveald initially performed an adversarial assessment on the GIC’s IT side by incorporating the GIC’s vulnerability scanner, Active Directory, and endpoint protection. The GIC was very impressed with the results as it immediately identified account exposures and attack paths to critical systems. This was data no other tool was able to provide. Their representative said, “if Epiphany can do the same thing on the OT side in their manufacturing factories, it’s a huge win for us and something no other platform could do.”

This led to Reveald increasing the adversarial assessment from 10,000 endpoints in the corporate side to include all manufacturing factories on the OT side.

Use Cases

Cyber Resilience
Design a cyber strategy across IT, IoT, and OT environments to eliminate attacker potential, improve resilience, and avoid breaches.

VULNERABILITY MANAGEMENT PRIORITIZATION AND OPTIMIZATION
Identify exploitable vulnerabilities in attack paths to reduce the number of vulnerabilities that need to be patched or resolved

PRIVILEGED IDENTITY & ACCESS MANAGEMENT (PAM) AUDITING AND RISK IDENTIFICATION
Reduce the time and effort to identify and remedy PAM that likely lead to a cybersecurity incident or breach.

INCIDENT RESPONSE, RECOVERY, AND PREPARATION
Proactive strategies and reactive case data for swift incident management.

ASSET MANAGEMENT
Comprehensive tracking and understanding of systems and devices. Management of digital assets to ensure data integrity and value preservation.

NEUTRALIZE THREAT ACTORS
Rapidly identify systems a threat actor group will attack if they have the opportunity, including how the attack will occur and what actions are required to neutralize the issues.

EXECUTIVE REPORTING
Provide executive level communications on risk posture and recommendations for improvement.

PROGRAM REPORTING
Provide understanding of progress on success criteria for senior management.

ASSESS SECURITY PROGRAM EFFECTIVENESS
Provide objective evaluation of existing security measures, providing actionable feedback and optimization strategies.

Solution

For this adversarial assessment, Reveald used the Epiphany Intelligence Platform to analyze:

  • The GIC’s Active Directory and vulnerability data from Qualys.
  • CISCO and firewall data on the IT side.
  • Claroty data on the OT side.

The Epiphany assessment reviewed firewalls and their rules, over 10 networks, many Claroty devices, and direct paths from the IT network to the OT network. Reveald identified a number of issues:

  • Multiple attack paths led from the IT side into the OT’s manufacturing environment. Attack paths that originate in the IT environment and move into the OT environment can compromise the OT environment and put the GIC’s manufacturing facilities at risk of cyber breaches.
  • Over 200 domain admin and enterprise admin sessions were not on domain controllers.
  • Numerous Kerberoastable users with paths to domain admins.
  • Over 200 computers with vulnerabilities from the Cybersecurity and Infrastructure Security Agency (CISA) Known Exploited Catalog. Many of these are ones that produce footholds.
  • A number of kiosks (computers in accessible areas such as break rooms) that enabled attack paths that could lead to the compromise of high-value assets.

For each of the issues that were identified, the Epiphany Intelligence Platform provided prioritized guidance on how and where to remediate the situation. This guidance made it possible for the GIC’s IT staff to focus on the issues with the greatest likelihood for material impact, thus focusing resources for the greatest results.

Epiphany assessed 10+ networks globally, including direct paths from the IT network to the OT network and identified a number of issues:

Multiple attack paths from the IT side into the OT’s manufacturing environment.

200+
domain admin and enterprise admin sessions were not on domain controllers.
200+
computers with vulnerabilities from the Cybersecurity and Infrastructure Security Agency (CISA) Known Exploited Catalog. Many of these are ones that produce footholds.

About the Epiphany Intelligence Platform

The Epiphany Intelligence Platform is Reveald’s advanced exposure management software platform that enables organizations to quickly and efficiently identify, prioritize, and mitigate vulnerabilities and attack paths. It exposes the most likely attack paths to an organization’s most critical IT assets and users, and then delivers actionable recommendations on how to remove them.

Epiphany finds hidden risks in an organization’s environment that traditional scan tools can’t. It also identifies and displays attack paths between isolated networks via domain relationships and exposed services.

Epiphany uses artificial intelligence to identify areas of material risk, then prioritizes them based on several factors such as exploitability and how important a target is to the critical function of an organization. In addition to prioritizing the risks to an organization, several remediation recommendations are provided along attack paths. An IT team can take targeted action with minimal time investment on where and how to fix the problems.

image3

Trusted by industry-leading organizations across the globe.

heroheroheroherohero