CASE STUDY: Top US School District
heroimage

Securing Schools

Intel® and Reveald Partnership

Reveald's Epiphany Intelligence Platform helps a top U.S. school district transform security posture with Intel®'s support.

read the full story
Integrations

Active Directory

Vulnerability Management

Intel® Delivers Reveald’s Epiphany Intelligence Platform to Top U.S. School District

Synopsis

Reveald collaborated with Intel® to bring the Epiphany Intelligence Platform’s cybersecurity solutions to identify and enhance the to address critical vulnerabilities for one of the largest school districts in the U.S. With over 650 schools and more than 40,000 employees, it has some of the most critical assets to protect—the buildings and IT infrastructure supporting over 300,000 students.

Intel is one of the most prominent companies in the world, developing technology solutions that impact every corner of the planet. With revenues of over $60 billion, it provides complete technology solutions in every industry.

The Intel® Connection

Reveald is an Intel® market-ready solution partner. Intel sells the Epiphany Intelligence Platform to different companies it has relationships with. Through its relationship with Intel, the school district let Intel know it was concerned about the cyber posture of its buildings and schools and the potential risks that existed between its building systems and campus IT systems. Intel recommended that the school district consider the Epiphany Intelligence Platform.

As a state-of-the-art cybersecurity and exposure management platform, Epiphany capitalizes on powerful hardware and cloud resources to function optimally. Intel, being a leading hardware technology manufacturer, offers products and libraries that can seamlessly enhance Epiphany’s performance. Integrating Epiphany with Intel’s advanced hardware provides numerous benefits (see box).

Use Cases

Cyber Resilience
Design a cyber strategy across IT, IoT, and OT environments to eliminate attacker potential, improve resilience, and avoid breaches.

VULNERABILITY MANAGEMENT PRIORITIZATION AND OPTIMIZATION
Identify exploitable vulnerabilities in attack paths to reduce the number of vulnerabilities that need to be patched or resolved

PRIVILEGED IDENTITY & ACCESS MANAGEMENT (PAM) AUDITING AND RISK IDENTIFICATION
Reduce the time and effort to identify and remedy PAM that likely lead to a cybersecurity incident or breach.

INCIDENT RESPONSE, RECOVERY, AND PREPARATION
Proactive strategies and reactive case data for swift incident management.

ASSET MANAGEMENT
Comprehensive tracking and understanding of systems and devices. Management of digital assets to ensure data integrity and value preservation.

NEUTRALIZE THREAT ACTORS
Rapidly identify systems a threat actor group will attack if they have the opportunity, including how the attack will occur and what actions are required to neutralize the issues.

EXECUTIVE REPORTING
Provide executive level communications on risk posture and recommendations for improvement.

PROGRAM REPORTING
Provide understanding of progress on success criteria for senior management.

image2

Achieving Predictive Security with Epiphany

The Epiphany Intelligence Platform enhances an organization’s defensive security controls by providing an offensive analysis that identifies the most likely attack paths to critical IT assets and users, and delivers specific, actionable recommendations on how to remove them.

Epiphany uses AI-powered algorithms to identify areas of material risk, then prioritizes them based on several factors such as exploitability and how important a target is to the critical function of an organization. In addition to prioritizing the risks to an organization, several remediation recommendations are provided along attack paths. IT teams can take targeted action with minimal time investment on where and how to fix the problems.

image4

Challenge

Driven by the desire to reduce energy and operational costs, the school district was undergoing digital transformation of its building automation systems. Its leadership team wanted to place an emphasis on management controls and monitoring its buildings’ mechanical and electrical systems such as HVAC, lighting, power, fire, and security systems. However, the challenge was in gaining the benefits of improving building automation systems while at the same time managing and monitoring cyber risks.

With over 650 schools and buildings, the school district suspected there were risks they were unaware of because of the many systems and interconnections used by its platforms. This created a large threat landscape for attack. The scope of the school district network needing assessment included a combination of systems and technologies: over 120,000 computers, more than 1.2 million users, and over 300,000 devices. The school district did not have the tools nor the systems in place to comprehensibly inspect the environment for vulnerabilities, so based on Intel’s recommendation they decided to use the Epiphany Intelligence Platform.

The Epiphany Intelligence Platform is uniquely positioned for organizations as large in size and scope as the school district because large environments are where Epiphany functions best. The larger and more complex the environment, the more likely that numerous small mistakes have been made, and it’s the small mistakes that allow an attacker to gain full control over an environment. Epiphany focuses on thousands or millions of minutiae easily overlooked by IT analysts and analyzes large, complex landscapes that would be impossible for a single person or even an IT staff to analyze in a realistic time.

Solution

The Epiphany Intelligence Platform uses modeling, heuristics, and analysis in real-time, building a database of all potential devices and user-based attack surfaces (on-prem, cloud, and remote) open to exploitation. Epiphany creates actionable intelligence in a meaningful and relevant manner, with the goal of finding exploits before there is a need to analyze and respond. The risk analysis then determines targets of opportunity along attack paths, identifies an attacker’s transition points, explores potential outcomes, and sets prioritization based on business impact.

Epiphany follows a series of methodologies, drawing from industry best practices and its own internal tactics, techniques, and procedures (TTP’s), to analyze the technical risks present in an environment.

Epiphany provided dedicated resources to accomplish tasks such as connecting Epiphany to the school district’s data sources (such as vulnerability scanners), Active Directory services, and endpoint protection data, and identifying targets of material value to the functionality of the school district’s infrastructure. Epiphany evaluated potential points of exposure through automated and manual means within the school district network to determine if there were opportunities for an attacker to gain footholds into the school district’s IT environment.

Epiphany’s adversarial assessments provided actionable reporting data that the school district was able to use to address critical vulnerabilities in a prioritized mitigation strategy, including:

  • Identification, guidance, and prioritization for remediation of critical vulnerabilities on computers that allow for attackers to gain a foothold in the environment.
  • Identification of high-value identities exposed on vulnerable computers that can allow an attacker to directly escalate to a higher level of privilege in the environment.
  • Identification, guidance, and prioritization for remediation of attack paths starting from vulnerable computers and devices leading to high-value targets.
  • Identification of permission-based misconfigurations in Active Directory that enable attack paths from footholds to high-value targets, with prioritization and guidance for their remediation.
image5

Identified attack paths between facilities and IT systems.

1 M+
Active Directory accounts analyzed and prioritized
200,000+
devices scanned

Results

The school district found several critical vulnerabilities within the first hour of using the Epiphany Intelligence Platform and continues to use Epiphany to ensure its lines of business applications are secure and its security tools are performing as expected.

Epiphany provided the school district with adversarial assessments of its environments, which identified attack paths between facilities and IT systems. This included analyzed and prioritized attack paths across 1M+ Active Directory accounts and more than 200,000 devices.

Epiphany identified threats and provided actionable recommendations so the school district could begin addressing its vulnerabilities immediately. For each of Epiphany’s recommendations, specific servers, hosts, and users were identified along with exactly what needed to be upgraded, removed, or changed. This essentially became an actionable worklist for the school district to use to proactively address its vulnerabilities before an attack could occur.

With Epiphany, the school district found an affordable and efficient way to manage and report on cybersecurity risks across multiple existing platforms, bridging the information gaps in those systems. This resulted in immediate critical risk remediation through better awareness and prioritization.

About the Epiphany Intelligence Platform

Epiphany is a risk reduction platform. It enhances an organization’s existing defensive security controls by providing an offensive perspective. It exposes the most likely attack paths to an organization’s most critical IT assets and users, and then delivers actionable recommendations on how to remove them.

Epiphany finds hidden risks in an organization’s environment that traditional scan tools can’t. It also displays attack chains between isolated networks via domain relationships and exposed services.

Epiphany uses algorithms to identify areas of material risk, then prioritizes them based on several factors such as exploitability and how important a target is to the critical function of an organization. In addition to prioritizing the risks to an organization, several remediation recommendations are provided along attack paths. An IT team can take targeted action with minimal time investment on where and how to fix the problems.

Intel and the Intel logo are trademarks of Intel Corporation or its subsidiaries.

image6

Are You Finding Attack Paths Before Attackers Find Them?

The Epiphany Intelligence Platform, Reveald’s AI-driven enterprise solution, is the first of its kind. It gathers attack data from thousands of devices and provides prioritized attack path analysis. It identifies the most likely attack paths to your critical IT assets and users and delivers specific, actionable recommendations on how to remove them.

Reveald’s Continuous Exposure Management 360° (CEM360°) subscription service leverages Epiphany coupled with expert analysts from Reveald’s Fusion Center to provide 24x7 cybersecurity vulnerability prioritization based on advanced attack graph analysis. This leads to business risk reduction through data integration and automated security analysis, validation, reporting, and guiding resolution.

Reveald’s experts work in partnership with its clients’ teams to prioritize issues that are most likely to cause cybersecurity events across identity, configuration, and defensive controls. They continuously manage and tune Epiphany, ensuring integrations with cybersecurity toolchains work flawlessly to generate the most valuable remediation information.

The CEM360° service includes full support for the implementation of a unique Epiphany instance, training for a client’s teams, reporting on business objective results, risk minimization, and continuous vulnerability prioritization updates. It is available in base and enhanced packages and supports Crowdstrike, Microsoft, Trellix, and other platforms.

Other subscription services are available.

Get a Demo
eagle

Trusted by industry-leading organizations across the globe.

heroheroheroherohero