CASE STUDY: Mid-size Municipality

Reveald’s Endpoint Defense Management 360°

Helps City of Aurora Respond to Cybersecurity Events

read the full story

The City of Aurora, Colorado, a mid-size municipality, enhances cybersecurity and receives expert guidance on risk minimization and vulnerability prioritization with Reveald’s Endpoint Defense Management 360° (EDM360°), Reveald’s Continuous Exposure Management 360° (CEM360°), and the Reveald Fusion Center


Endpoint Protection

Active Directory

Aurora’s CISO on CEM360°’s Outstanding Results

“Reveald is a partner, not a paycheck. They jumped into action when our previous MSSP left us in a bad situation and their quick response and professionalism ensured our transition was seamless. Since beginning our relationship with Reveald, our EDR tenant and process has matured significantly. So when I saw CEM360°, it was a no-brainer. CEM360° provided value within the first week of POV, finding exploit paths that had been unknowingly introduced into our environment by well-intentioned administrators.

“CEM360°’s reporting and visualization of attack paths augmented my team’s threat hunting capability overnight by providing real-time, actionable information. Unlike other vendors I’ve used in the past, Reveald has built the platform to provide understandable reporting that explains the threat in detail and provides clear guidance on how to fix the problem. Our IT teams can now visualize complex attacks and close the holes before they become a threat. It’s like having a pen tester on my team that never sleeps!”

Tim McCain, Chief Information Security Officer, City of Aurora


With a population of 399,000, the city of Aurora, Colorado spans 164 square miles and is Colorado’s third largest city. Just minutes away from Denver International Airport, the city includes four school districts and eight campuses of higher learning.

The city’s government includes over 4,000 employees across twenty-two distinct business units. The information technology (IT) department works with city departments to provide leading-edge technology to position the city of Aurora as a leader in the use of technology in local government. The IT department oversees citywide networking, telecom, servers, desktop support, technology planning, and cyber security. It manages over 6,000 endpoints (physical devices that connect to a network system such as computers, virtual machines, embedded devices, mobile devices, and servers).

To protect Aurora’s network and endpoints, the city brought in Reveald to enhance its cybersecurity and provide expert guidance and advanced protection from malicious cyberattacks for all agencies in the city.


The city of Aurora was using CrowdStrike Falcon for endpoint protection of its 6,000+ endpoints, real-time threat detection, and proactive threat hunting and was interested in an enhanced service solution to provide support for its CrowdStrike Falcon platform.


Aurora’s IT department chose Reveald’s Endpoint Defense Management 360° (EDM360°) subscription service and the Reveald Fusion Center to work with the CrowdStrike team to provide a complete turnkey experience. EDM360° provides Aurora with managed detection and response (MDR) for CrowdStrike Falcon. It reduces costs by consolidating tools and vendors, with comprehensive visibility across Aurora's full set of Falcon modules.

The experts in Reveald’s Cyber Fusion Center provide white glove service that manages deployment, configuration, tuning, and optimization of the Falcon environment, minimizing Aurora's attack service. At the same time, Reveald's Cyber Fusion Center collaborates closely with CrowdStrike Falcon OverWatch and the rest of the CrowdStrike team, ensuring fast, transparent resolution to security incidents. Aurora was confident that EDM360°’s features combined with the Fusion Center team would provide the level of cybersecurity service and support the city required.


Using a consistent and predictable onboarding approach, Reveald’s client success team held weekly onboarding meetings with Aurora’s IT department. One of the key benefits of the engagement is that the IT department has consistent contact with Reveald team members. Reveald’s client success team ensures that relationships are formed and that everything works well throughout the engagement and surpasses expectations. By ensuring Aurora has a relationship with a Reveald client support manager willing to meet at hours convenient to Aurora’s IT department, the city was confident that issues and unexpected events would be handled with remarkable responsiveness.

Once onboarding was complete, Aurora’s IT department began working with Reveald’s Fusion Center team and the combined group moved to bi-monthly or monthly meetings, depending on Aurora’s needs.

Reveald’s Fusion Center team provides 24/7 hands-on response to cyber threats in close collaboration with the CrowdStrike team. Throughout the engagement, and to the present day, the Reveald Fusion Center team delivers measurements and key results against the city of Aurora’s organizational objectives. Additionally, whenever things occur that need extra attention, Aurora can contact its Reveald client success manager (CSM) for a meeting and receive immediate attention and results, and the Fusion Center team is always happy and willing to spend whatever time necessary to address the city’s events, often going above and beyond.

At different points during the engagement, the city experienced escalated events. Reveald’s Fusion Center team partnered with Aurora’s IT team on the research, resolution, and strategy for responding to these events. The city has been using EDM360° and working with the Fusion Center team for over a year and Reveald continues to provide services to the city in any way necessary for endpoint management, defense, and alerts.

Use Cases
Cyber Resilience
Design a cyber strategy across IT, IoT, and OT environments to eliminate attacker potential, improve resilience, and avoid breaches.

Identify exploitable vulnerabilities in attack paths to reduce the number of vulnerabilities that need to be patched or resolved

Reduce the time and effort to identify and remedy PAM that likely lead to a cybersecurity incident or breach.

Proactive strategies and reactive case data for swift incident management.

Comprehensive tracking and understanding of systems and devices. Management of digital assets to ensure data integrity and value preservation.

Rapidly identify systems a threat actor group will attack if they have the opportunity, including how the attack will occur and what actions are required to neutralize the issues.

Provide executive level communications on risk posture and recommendations for improvement.


Next Steps

As a result of the successful EDM360° engagement, the Aurora’s IT department worked with Reveald to do an on-site proof of value (PoV) analysis to demonstrate the effectiveness of a continuous threat exposure management (CTEM) program delivered via Reveald’s Continuous Exposure Management package, CEM360°.

CEM360° leverages Reveald’s Epiphany Intelligence Platform and expert analysts from the Reveald Fusion Center to provide CTEM around-the-clock, 24/7. This service is based on attack graph analysis, leading to business risk reduction outcomes by ingesting and aggregating data from a variety of sources, automated security analysis, validation, reporting, and guided resolution.

The PoV went extremely well and the city of Aurora is embarking on a new and expanded relationship with Reveald as it begins implementing CTEM with CEM360°.

Contact Us

Trusted by industry-leading organizations across the globe.