Cybersecurity is imperative for the Environmental Protection Agency. Its critical infrastructure—particularly its water treatment facilities—are increasingly targets of nation-state adversaries and other threat actors. Device and account hygiene is essential for the agency’s security.

Fearing an attack similar to the Colonial Pipeline ransomware attack that occurred in May 2021 and shut down Colonial Pipeline’s systems for several days, the Environmental Protection Agency needed to:

• Lock down accounts to appropriate privileges and access.
• Remove unnecessary administration accounts.
• Identify vulnerable accounts.
• Identify and secure service accounts.
• Assess and validate polices for password resets and then reset or lock accounts.
• Identify stale devices in Active Directory.

Complications

To complicate their situation, the Environmental Protection Agency is greatly short-staffed and under-resourced. They lacked the staffing to address these issues and needed a solution that would address their concerns in a timely manner.

The Environmental Protection Agency retained Reveald to use the Epiphany Intelligence Platform to perform continuous assessments and recommend solutions and actions to take to prevent a disastrous data breach or ransomware attack.

The Epiphany Intelligence Platform uses artificial intelligence to identify areas of material risk and prioritize them based on several factors such as ease of remediation, exploitability, and the value of a target to an organization’s critical business functions. This empowers an organization’s IT staff to take targeted action with minimal time investment.

Reveald deployed the Epiphany Intelligence Platform in the department’s IT environments. Epiphany is uniquely designed to quickly and easily ingest an organization’s infrastructure and security tools’ data and telemetry. Epiphany was immediately up and running.

Using Epiphany, Reveald delivered immediate and continuous value. In one day Epiphany detected issues that would have taken a year of effort to discover if performed manually, including identifying zombie accounts and devices and device and password policy weaknesses. It identified rogue systems and assets that lacked security controls. And it highlighted unmanaged systems that exposed the Environmental Protection Agency’s networks to risk.

Epiphany provided the Environmental Protection Agency with the information necessary to:

• Identify and prioritize remediation of attack paths to high value targets.
• Identify and prioritize remediation of vulnerabilities that provide attackers with footholds in the environment.
• Remove unused or unnecessary devices and user accounts.
• Address issues with account permissions and passwords.
• Strengthen policies to improve security.

The Epiphany Intelligence Platform enabled the Environmental Protection Agency to quickly understand exposure in its environment. It armed the department with decision intelligence to address issues and reduce exposure, all with the department’s limited resources.

Using Epiphany’s continuous monitoring, the Environmental Protection Agency has ongoing awareness of critical issues. Epiphany provides the ability to determine the highest priorities on a day-to-day basis.

Reveald’s security analysts meet with the Environmental Protection Agency’s IT staff on a weekly basis. The point of this meeting is for Epiphany analysts to scrutinize the Epiphany dashboard data and make recommendations to the Environmental Protection Agency’s IT staff on how best to perform offensive prevention and remediation efforts, which can vary from week to week. Epiphany’s security analysts can quickly identify the top attack paths or vulnerabilities and recommend what the Environmental Protection Agency’s IT staff should work on.

On an ongoing basis, the Environmental Protection Agency’s IT staff makes special requests to pull data on particular groups or user types. For example, they may want to identify all the users that have rights to a domain controller so they can ensure those rights are being used appropriately. Or they may want to identify service accounts that are used for login, which creates a lot of vulnerability.

Armed with this information on a continuous basis, the Environmental Protection Agency is able to remediate not just a large number of issues, but the most important issues that pose the greatest material risk to the organization.

The Environmental Protection Agency is very pleased with the process and its results. Having continuous access to the data and Epiphany’s vulnerability prioritization, along with guidance from Reveald’s analysts has greatly accelerated the department’s ability to stay ahead of material threats and has increased its ability to prioritize, remediated, and break attack paths.