CASE STUDY: Municipal Environmental Protection Department

Enhancing Environmental Protection Department’s Cyber Risk Program

with Reveald’s Epiphany Platform

Enhancing cybersecurity and mitigating risks for one of the nation’s largest environmental protection agencies.

read the full story

Endpoint Protection

Active Directory

Vulnerability Management

Environmental Protection Agency Cyber Risk Program Mitigates Attacker Potential with Reveald’s Epiphany Intelligence Platform

In one day, the Reveald Epiphany Intelligence Platform detected Issues that would have taken a year of manual effort to find—for just that one moment in time’s risk conditions


The Environmental Protection Agency is a large enterprise with nearly 6,000 employees. It manages and conserves the water supply for an extremely large municipality, distributing over one billion gallons of clean drinking water to a population of nearly 19 million. It collects and treats 1.3 billion gallons of wastewater daily through a vast network of pipes, regulators, and pumping stations. Additionally, it protects the region’s environment and regulates its air quality, hazardous waste, and noise.

Reveald was retained by the Environmental Protection Agency to perform a cybersecurity risk assessment and recommend solutions and actions to take to prevent a disastrous data breach or ransomware attack. Reveald used its Epiphany Intelligence Platform to perform assessments and provide continuous monitoring and ongoing awareness, guidance, and recommendations on critical issues.

Use Cases
Cyber Resilience
Design a cyber strategy across IT, IoT, and OT environments to eliminate attacker potential, improve resilience, and avoid breaches.

Identify exploitable vulnerabilities in attack paths to reduce the number of vulnerabilities that need to be patched or resolved

Rapidly identify systems a threat actor group will attack if they have the opportunity, including how the attack will occur and what actions are required to neutralize the issues.

Provide executive level communications on risk posture and recommendations for improvement.

Provide understanding of progress on success criteria for senior management.

Provide objective evaluation of existing security measures, providing actionable feedback and optimization strategies.

Show how changes in the environment will automatically remove or add new attack paths and provide recommendations.


The Challenge

Cybersecurity is imperative for the Environmental Protection Agency. Its critical infrastructure—particularly its water treatment facilities—are increasingly targets of nation-state adversaries and other threat actors. Device and account hygiene is essential for the agency’s security.

Fearing an attack similar to the Colonial Pipeline ransomware attack that occurred in May 2021 and shut down Colonial Pipeline’s systems for several days, the Environmental Protection Agency needed to:

  • Lock down accounts to appropriate privileges and access.
  • Remove unnecessary administration accounts.
  • Identify vulnerable accounts.
  • Identify and secure service accounts.
  • Assess and validate polices for password resets and then reset or lock accounts.
  • Identify stale devices in Active Directory.


To complicate their situation, the Environmental Protection Agency is greatly short-staffed and under-resourced. They lacked the staffing to address these issues and needed a solution that would address their concerns in a timely manner.

The Solutions

The Environmental Protection Agency retained Reveald to use the Epiphany Intelligence Platform to perform continuous assessments and recommend solutions and actions to take to prevent a disastrous data breach or ransomware attack.

The Epiphany Intelligence Platform uses artificial intelligence to identify areas of material risk and prioritize them based on several factors such as ease of remediation, exploitability, and the value of a target to an organization’s critical business functions. This empowers an organization’s IT staff to take targeted action with minimal time investment.

Reveald deployed the Epiphany Intelligence Platform in the department’s IT environments. Epiphany is uniquely designed to quickly and easily ingest an organization’s infrastructure and security tools’ data and telemetry. Epiphany was immediately up and running.

Using Epiphany, Reveald delivered immediate and continuous value. In one day Epiphany detected issues that would have taken a year of effort to discover if performed manually, including identifying zombie accounts and devices and device and password policy weaknesses. It identified rogue systems and assets that lacked security controls. And it highlighted unmanaged systems that exposed the Environmental Protection Agency’s networks to risk.

Epiphany provided the Environmental Protection Agency with the information necessary to:

  • Identify and prioritize remediation of attack paths to high value targets.
  • Identify and prioritize remediation of vulnerabilities that provide attackers with footholds in the environment.
  • Remove unused or unnecessary devices and user accounts.
  • Address issues with account permissions and passwords.
  • Strengthen policies to improve security.

Moving Forward

The Epiphany Intelligence Platform enabled the Environmental Protection Agency to quickly understand exposure in its environment. It armed the department with decision intelligence to address issues and reduce exposure, all with the department’s limited resources.

Using Epiphany’s continuous monitoring, the Environmental Protection Agency has ongoing awareness of critical issues. Epiphany provides the ability to determine the highest priorities on a day-to-day basis.

Reveald’s security analysts meet with the Environmental Protection Agency’s IT staff on a weekly basis. The point of this meeting is for Epiphany analysts to scrutinize the Epiphany dashboard data and make recommendations to the Environmental Protection Agency’s IT staff on how best to perform offensive prevention and remediation efforts, which can vary from week to week. Epiphany’s security analysts can quickly identify the top attack paths or vulnerabilities and recommend what the Environmental Protection Agency’s IT staff should work on.

On an ongoing basis, the Environmental Protection Agency’s IT staff makes special requests to pull data on particular groups or user types. For example, they may want to identify all the users that have rights to a domain controller so they can ensure those rights are being used appropriately. Or they may want to identify service accounts that are used for login, which creates a lot of vulnerability.

Armed with this information on a continuous basis, the Environmental Protection Agency is able to remediate not just a large number of issues, but the most important issues that pose the greatest material risk to the organization.

The Environmental Protection Agency is very pleased with the process and its results. Having continuous access to the data and Epiphany’s vulnerability prioritization, along with guidance from Reveald’s analysts has greatly accelerated the department’s ability to stay ahead of material threats and has increased its ability to prioritize, remediated, and break attack paths.

Are You Finding Attack Paths Before Attackers Find Them?

The Epiphany Intelligence Platform, Reveald’s AI-driven enterprise solution, is the first of its kind. It gathers attack data from thousands of devices and provides prioritized attack path analysis. It identifies the most likely attack paths to your critical IT assets and users and delivers specific, actionable recommendations on how to remove them.

Reveald’s Continuous Exposure Management 360° (CEM360°) subscription service leverages Epiphany coupled with expert analysts from Reveald’s Fusion Center to provide 24x7 cybersecurity vulnerability prioritization based on advanced attack graph analysis. This leads to business risk reduction through data integration and automated security analysis, validation, reporting, and guiding resolution.

Reveald’s experts work in partnership with its clients’ teams to prioritize issues that are most likely to cause cybersecurity events across identity, configuration, and defensive controls. They continuously manage and tune Epiphany, ensuring integrations with cybersecurity toolchains work flawlessly to generate the most valuable remediation information.

The CEM360° service includes full support for the implementation of a unique Epiphany instance, training for a client’s teams, reporting on business objective results, risk minimization, and continuous vulnerability prioritization updates. It is available in base and enhanced packages and supports Crowdstrike, Microsoft, Trellix, and other platforms.

Other subscription services are available.

Get a Demo

Trusted by industry-leading organizations across the globe.