Powered by CrowdStrike Falcon® LogScale, Reveald’s Cyber Defense Management 360° provides the firm with around-the-clock expertise from Reveald’s Fusion Center
With headquarters two U.S. states, and offices in over 60 U.S. cities and three Canadian provinces, The engineering firm is an award-winning professional firm that consistently ranks among the country’s top companies in several industries:
Throughout the United States and Canada, the firm’s professional, technical, and support personnel offer services to a broad and expanding client base.
The engineering firm initially enrolled in Reveald’s Cyber Defense 360° (CDM360°) managed security operations center (SOC) subscription service to enhance its success with CrowdStrike Falcon® LogScale. After a year of successful managed security operations, the firm enrolled in Reveald’s Continuous Exposure Management 360° (CEM360°) subscription service to perform continuous threat exposure management (CTEM) and thus significantly increase its ability to identify and resolve threats before they occur.
The engineering firm uses CrowdStrike Falcon Complete for endpoint protection and wanted to enhance its SOC management, reduce the cost of its security stack, minimize its attack surface, and have access to cyberattack experts 24/7.
With over 2,800 employees and offices in over 60 locations across the U.S. and Canada, including corporate headquarters in two U.S. states, the firm also needed improved support and response to ensure potential risks were addressed before they became an issue and potentially placed the company’s engineering projects at risk. The scope of the firm’s network includes a combination of over 3,700 active users and more than 9,300 active devices and computers.
The firm came on board with Reveald’s Cyber Defense Management 360° (CDM360°) subscription service in January 2023. Built on Reveald’s Epiphany Intelligence Platform, CDM360° provides managed security operations powered by CrowdStrike Falcon LogScale. With CDM360°, experts in Reveald’s Cyber Fusion Center deliver triage, investigation, and response to cyber threats, as well as security operations center (SOC) management, monitoring, and tuning. CDM360° provides a fast path to mature endpoint protection and enables companies to transition from reactive to predictive defense.
With CDM360°, Reveald’s Fusion Center experts collaborate closely with Client's SOC to provide these services:
Throughout onboarding, Reveald’s Fusion Center team collaborated closely with the engineering firm’s SOC team to establish and execute a deployment and configuration plan that included provisioning Falcon LogScale, connecting necessary data sources, and implementing detection rules.
During onboarding, the firm lost their employee who was leading the project. Their temporary replacement was doing double-duty while a permanent replacement was found. The Fusion Center team stepped in and filled in the gaps, supporting him and ensuring he had everything he needed. The value that the Fusion Center team added during this transition—which lasted several months—ensured the project stayed on track and accomplished its goals.
The engagement focused on reducing risk, reducing costs, and reducing friction by identifying and prioritizing potential material impact. The Fusion Center team then worked with the firm’s SOC to efficiently mitigate and reduce risk. The unique approach of the Fusion Center team allows the firm to avoid unnecessary effort by ensuring the work focuses on preemptively addressing what matters most and preventing what could potentially have the most material impact.
The Fusion Center analysts research and only reach out to the firm’s SOC when necessary. This eliminates time for taxed individuals, especially someone taking on double work. The Fusion Center analysts don’t notify on every alert that comes in. They investigate and only reach out when they absolutely know there’s a real threat. Otherwise the firm would have been bombarded with information and they wouldn’t know where to best apply resources. This is one of the key values of Reveald’s subscription services.
As part of CDM360°, Reveald’s Epiphany Intelligence Platform identified hundreds of attack paths that could allow an attacker to gain administrative rights in the firm’s environment. Epiphany does in minutes what an SOC analyst can take days or even weeks to perform. Manually it takes over 30 minutes to create a single attack path, meaning a typical analyst can create up to six or eight attack paths in a day. For the engineering firm, Epiphany identified hundreds of potential attack paths that could allow an attacker to gain administrative rights, and then prioritized the ones with the most potential for material harm so the firm could address those vulnerabilities before an attack could happen. This saved time and money and positioned the firm to focus on what matters most.
Epiphany and the Fusion Center team made recommendations for actions such as where to prevent domain admins from logging into non-domain controllers, thus removing attack paths into domain admins. Epiphany specifically identified where to make these changes allowing remediation to happen quickly and efficiently.
Epiphany also identified where to eliminate over 1,800 critical CISA vulnerability footholds by patching CISA vulnerabilities. It provided specific instructions on where and how to do this, again saving time and effort. These were vulnerabilities that had the most potential to do damage. Not patching them leaves systems exposed to potential breaches, enabling attackers to exploit the underlying attack paths, which can lead to data loss, service disruption, and a compromised network.
After employing CDM360° for one year, the engineering firm wanted to up their game and decided to add Reveald’s Continuous Exposure Management (CEM360°) subscription service. CEM360° will perform continuous threat exposure management (CTEM) and significantly increase the firm’s ability to identify and resolve threats before they occur. CEM360° leverages the Epiphany Intelligence Platform and is based on advanced attack graph analysis, leading to business risk reductions.
CEM360° and the expert analysts from the Reveald Fusion Center provide CTEM 24/7 and a number of other benefits:
The onboarding and implementation of CEM360° is currently underway and our Client expects to see results in Q2 2024.
The Epiphany Intelligence Platform uses modeling, heuristics, and analysis in real-time, building a database of all potential devices and user-based attack surfaces (on-prem, cloud, and remote) open to exploitation. Epiphany creates actionable intelligence in a meaningful and relevant manner, with the goal of finding exploits before there is a need to analze and respond. The risk analysis then determines targets of opportunity along attack paths, identifies an attacker’s transition points, explores potential outcomes, and sets prioritization based on business impact.
Epiphany follows a series of methodologies, drawing from industry best practices and its own internal tactics, techniques, and procedures (TTP’s), to analyze the technical risks present in an environment.
Reveald’s CDM360° subscription service allows organizations to force-multiply the success and outcomes from their CrowdStrike Falcon LogScale™ implementation with CDM360°. Organizations reduce risk and benefit from full program management and reporting with Reveald’s world class Fusion Center and Epiphany technology platform.
CDM360° provides managed security operations powered by CrowdStrike Falcon® LogScale.
The experts in Reveald’s Cyber Fusion Center deliver triage, investigation, and response to cyber threats, as well as management, monitoring, and tuning. Built on the Epiphany intelligence platform, CDM360° gives organizations a fast path to mature endpoint protection, and a clear path to predictive defense.
Reveald’s CEM360° leverages the Epiphany Intelligence Platform coupled with expert analysts from the Reveald Fusion Center to provide 24/7 cybersecurity vulnerability prioritization based on advanced attack graph analysis. This leads to business risk reduction through data integration and automated security analysis, validation, reporting, and guided resolution.
Expert analysts from Reveald’s Fusion Center work in partnership with clients’ teams to prioritize issues that are most likely to cause cybersecurity events across identity, configuration, and defensive controls. They continuously manage and tune the Epiphany Intelligence Platform, ensuring integrations with cybersecurity tools work flawlessly to generate the most valuable remediation.
Epiphany finds hidden risks in an organization’s environment that traditional scan tools can’t. It also displays attack chains between isolated networks via domain relationships and exposed services.
Epiphany uses AI-powered algorithms to identify areas of material risk, then prioritizes them based on several factors such as exploitability and how important a target is to the critical function of an organization. In addition to prioritizing the risks to an organization, several remediation recommendations are provided along attack paths. IT teams can take targeted action with minimal time investment on where and how to fix the problems.