CASE STUDY: Multinational Engineering Firm
heroimage

Multinational Engineering Firm Employs Cyber Defense Management

With Reveald’s CDM360° Managed Security Operations Center

Powered by CrowdStrike Falcon® LogScale, Reveald’s Cyber Defense Management 360° provides the firm with around-the-clock expertise from Reveald’s Fusion Center

read the full story
Integrations

Endpoint Protection

Active Directory

Microsoft Entra ID

Synopsis

With headquarters two U.S. states, and offices in over 60 U.S. cities and three Canadian provinces, The engineering firm is an award-winning professional firm that consistently ranks among the country’s top companies in several industries:

  • Transportation infrastructure, including rail, mass transit, highways, and bridges
  • Water
  • Social infrastructure such as healthcare, education, and justice

Throughout the United States and Canada, the firm’s professional, technical, and support personnel offer services to a broad and expanding client base.

The engineering firm initially enrolled in Reveald’s Cyber Defense 360° (CDM360°) managed security operations center (SOC) subscription service to enhance its success with CrowdStrike Falcon® LogScale. After a year of successful managed security operations, the firm enrolled in Reveald’s Continuous Exposure Management 360° (CEM360°) subscription service to perform continuous threat exposure management (CTEM) and thus significantly increase its ability to identify and resolve threats before they occur.

Challenge

The engineering firm uses CrowdStrike Falcon Complete for endpoint protection and wanted to enhance its SOC management, reduce the cost of its security stack, minimize its attack surface, and have access to cyberattack experts 24/7.

With over 2,800 employees and offices in over 60 locations across the U.S. and Canada, including corporate headquarters in two U.S. states, the firm also needed improved support and response to ensure potential risks were addressed before they became an issue and potentially placed the company’s engineering projects at risk. The scope of the firm’s network includes a combination of over 3,700 active users and more than 9,300 active devices and computers.

Solution

The firm came on board with Reveald’s Cyber Defense Management 360° (CDM360°) subscription service in January 2023. Built on Reveald’s Epiphany Intelligence Platform, CDM360° provides managed security operations powered by CrowdStrike Falcon LogScale. With CDM360°, experts in Reveald’s Cyber Fusion Center deliver triage, investigation, and response to cyber threats, as well as security operations center (SOC) management, monitoring, and tuning. CDM360° provides a fast path to mature endpoint protection and enables companies to transition from reactive to predictive defense.

With CDM360°, Reveald’s Fusion Center experts collaborate closely with Client's SOC to provide these services:

  • Onboarding and planning.
  • Deployment and configuration.
  • Expert alert triage and investigation of emerging threats and development of fast plans of action.
  • Real-time notifications and detailed incident reports.
  • Ongoing health checks to ensure data pipeline is operating cleanly and Falcon LogScale continues to be properly configured for optimal defense.
  • Reporting and collaboration, including regular review meetings.
  • Troubleshooting and support to ensure issues are tracked closely and resolved quickly.
Use Cases
Cyber Resilience
Design a cyber strategy across IT, IoT, and OT environments to eliminate attacker potential, improve resilience, and avoid breaches.

VULNERABILITY MANAGEMENT PRIORITIZATION AND OPTIMIZATION
Identify exploitable vulnerabilities in attack paths to reduce the number of vulnerabilities that need to be patched or resolved

PRIVILEGED IDENTITY & ACCESS MANAGEMENT (PAM) AUDITING AND RISK IDENTIFICATION
Reduce the time and effort to identify and remedy PAM that likely lead to a cybersecurity incident or breach.

ASSET MANAGEMENT
Comprehensive tracking and understanding of systems and devices. Management of digital assets to ensure data integrity and value preservation.

NEUTRALIZE THREAT ACTORS
Rapidly identify systems a threat actor group will attack if they have the opportunity, including how the attack will occur and what actions are required to neutralize the issues.

EXECUTIVE REPORTING
Provide executive level communications on risk posture and recommendations for improvement.

ASSESS SECURITY PROGRAM EFFECTIVENESS
Provide objective evaluation of existing security measures, providing actionable feedback and optimization strategies.

Results

Throughout onboarding, Reveald’s Fusion Center team collaborated closely with the engineering firm’s SOC team to establish and execute a deployment and configuration plan that included provisioning Falcon LogScale, connecting necessary data sources, and implementing detection rules.

During onboarding, the firm lost their employee who was leading the project. Their temporary replacement was doing double-duty while a permanent replacement was found. The Fusion Center team stepped in and filled in the gaps, supporting him and ensuring he had everything he needed. The value that the Fusion Center team added during this transition—which lasted several months—ensured the project stayed on track and accomplished its goals.

The engagement focused on reducing risk, reducing costs, and reducing friction by identifying and prioritizing potential material impact. The Fusion Center team then worked with the firm’s SOC to efficiently mitigate and reduce risk. The unique approach of the Fusion Center team allows the firm to avoid unnecessary effort by ensuring the work focuses on preemptively addressing what matters most and preventing what could potentially have the most material impact.

The Fusion Center analysts research and only reach out to the firm’s SOC when necessary. This eliminates time for taxed individuals, especially someone taking on double work. The Fusion Center analysts don’t notify on every alert that comes in. They investigate and only reach out when they absolutely know there’s a real threat. Otherwise the firm would have been bombarded with information and they wouldn’t know where to best apply resources. This is one of the key values of Reveald’s subscription services.

As part of CDM360°, Reveald’s Epiphany Intelligence Platform identified hundreds of attack paths that could allow an attacker to gain administrative rights in the firm’s environment. Epiphany does in minutes what an SOC analyst can take days or even weeks to perform. Manually it takes over 30 minutes to create a single attack path, meaning a typical analyst can create up to six or eight attack paths in a day. For the engineering firm, Epiphany identified hundreds of potential attack paths that could allow an attacker to gain administrative rights, and then prioritized the ones with the most potential for material harm so the firm could address those vulnerabilities before an attack could happen. This saved time and money and positioned the firm to focus on what matters most.

Epiphany and the Fusion Center team made recommendations for actions such as where to prevent domain admins from logging into non-domain controllers, thus removing attack paths into domain admins. Epiphany specifically identified where to make these changes allowing remediation to happen quickly and efficiently.

Epiphany also identified where to eliminate over 1,800 critical CISA vulnerability footholds by patching CISA vulnerabilities. It provided specific instructions on where and how to do this, again saving time and effort. These were vulnerabilities that had the most potential to do damage. Not patching them leaves systems exposed to potential breaches, enabling attackers to exploit the underlying attack paths, which can lead to data loss, service disruption, and a compromised network.

Moving Forward

After employing CDM360° for one year, the engineering firm wanted to up their game and decided to add Reveald’s Continuous Exposure Management (CEM360°) subscription service. CEM360° will perform continuous threat exposure management (CTEM) and significantly increase the firm’s ability to identify and resolve threats before they occur. CEM360° leverages the Epiphany Intelligence Platform and is based on advanced attack graph analysis, leading to business risk reductions.

CEM360° and the expert analysts from the Reveald Fusion Center provide CTEM 24/7 and a number of other benefits:

  • Attack path analysis performed by AI processes to continuously enumerate and analyze thousands of potential paths that might lead to a damaging breach.
  • Identity risk analysis to understand the viability of the complex web of trust across the organization.
  • Intelligent prioritization identify security gaps that cybercriminals could use to compromise digital infrastructure.
  • Targeted remediation to identify where to focus remediation efforts on areas with the most material risk.
  • Objective metrics to understand results in easy-to-understand metrics.

The onboarding and implementation of CEM360° is currently underway and our Client expects to see results in Q2 2024.

About the Epiphany Intelligence Platform


The Epiphany Intelligence Platform uses modeling, heuristics, and analysis in real-time, building a database of all potential devices and user-based attack surfaces (on-prem, cloud, and remote) open to exploitation. Epiphany creates actionable intelligence in a meaningful and relevant manner, with the goal of finding exploits before there is a need to analze and respond. The risk analysis then determines targets of opportunity along attack paths, identifies an attacker’s transition points, explores potential outcomes, and sets prioritization based on business impact.

Epiphany follows a series of methodologies, drawing from industry best practices and its own internal tactics, techniques, and procedures (TTP’s), to analyze the technical risks present in an environment.

About Reveald’s Subscription Services

Managed Security Operations Center with Cyber Defense Management 360°

Reveald’s CDM360° subscription service allows organizations to force-multiply the success and outcomes from their CrowdStrike Falcon LogScale™ implementation with CDM360°. Organizations reduce risk and benefit from full program management and reporting with Reveald’s world class Fusion Center and Epiphany technology platform.

CDM360° provides managed security operations powered by CrowdStrike Falcon® LogScale.

The experts in Reveald’s Cyber Fusion Center deliver triage, investigation, and response to cyber threats, as well as management, monitoring, and tuning. Built on the Epiphany intelligence platform, CDM360° gives organizations a fast path to mature endpoint protection, and a clear path to predictive defense.

Continuous Threat Exposure Management (CTEM) with Continuous Exposure Management CEM360°

Reveald’s CEM360° leverages the Epiphany Intelligence Platform coupled with expert analysts from the Reveald Fusion Center to provide 24/7 cybersecurity vulnerability prioritization based on advanced attack graph analysis. This leads to business risk reduction through data integration and automated security analysis, validation, reporting, and guided resolution.

Expert analysts from Reveald’s Fusion Center work in partnership with clients’ teams to prioritize issues that are most likely to cause cybersecurity events across identity, configuration, and defensive controls. They continuously manage and tune the Epiphany Intelligence Platform, ensuring integrations with cybersecurity tools work flawlessly to generate the most valuable remediation.

Epiphany finds hidden risks in an organization’s environment that traditional scan tools can’t. It also displays attack chains between isolated networks via domain relationships and exposed services.

Epiphany uses AI-powered algorithms to identify areas of material risk, then prioritizes them based on several factors such as exploitability and how important a target is to the critical function of an organization. In addition to prioritizing the risks to an organization, several remediation recommendations are provided along attack paths. IT teams can take targeted action with minimal time investment on where and how to fix the problems.

Trusted by industry-leading organizations across the globe.

heroheroheroGOB.pe logohero