CASE STUDY

Streamlined, Reliable Threat Modeling  

How Aver has drastically reduced the time and effort to assemble detailed attack surface reports - plus, see how they are using simple queries to complete post-public data breach analysis.

Aver is an industry leader in value-based healthcare technology providing software, analytics, and services. Their Bundle Benefit Management (BBM) offering provides end-to-end solutions for initiating and operationalizing bundle programs, saving clients 15-20% in medical spend as well as more than a 40% reduction in complications for bundle cases.

Aver's Story

Quick Summary  

  • Proactive threat modeling is critical to security assurance 
  • Security assurance starts with a reliable, baseline understanding of what is happening in your environment – from the objects themselves to their metadata 
  • Centralizing cloud asset management across all services saves time, shines a light on underutilized resources and allows for relationship mapping 
  • Good habits translate directly to evaluating similar risk assessment when breaches hit the news 
  • By reducing demands of threat modeling and risk reporting, security teams can increase confidence in their security posture 

"...There is little appetite for errors when it comes to this sort of analysis.”  

Threat Modeling Demands 

Proactively assessing your organization’s vulnerability to threats requires piles of spreadsheets, dozens of hours poring over cloud security groups and assembling snapshots of your entire environment. Even then, the confidence in your results is shaky.  

The steps and time required for capturing detailed metadata of your environment, mapping the relationships between resources and ensuring you are using the most up to date data are just some of the reasons assessing your attack surface takes significant time and effort and leaves potential gaps in confidence.  

“Manual threat modeling, regardless of the analyst’s diligence, is prone to errors,” highlighted Zack, who heads up security at Aver Inc., the industry leader in value-based healthcare technology. “On the flip side, there is little appetite for errors when it comes to this sort of analysis.”  

Threat modeling, though, is something security teams should prioritize and complete routinely. So, finding efficiencies and reliability in such analysis is critical, especially when considering the complexity of the analysis increases exponentially as your company grows.  

Zack and the security team at Aver sought out a way to reduce the burden of work required to perform threat analysis, without sacrificing the reliability of their takeaways, and then generate a detailed report for the senior management team to review.  

“A tool like JupiterOne is critical to completing a robust threat analysis."

Using JupiterOne to Streamline & Centralize Analysis

Improving Data Hygiene

Before leveraging JupiterOne to model threats or assess the risk of similar data breaches, Aver was able to use JupiterOne’s automated resource identification, classification and centralization to spot stale resources across their environment. By improving cloud hygiene, noise in the data was drastically reduced.  

Once the data was up to date, Zack used JupiterOne to model threats and build reports.  

Centralized Analysis  

Organizations leveraging the cloud are often surprised how resources living in the same ecosystem are siloed from each other. This complexity results in difficulty when it comes to understanding the scope of an organization’s environment.

Combining JupiterOne’s graph model with deep integrations with dozens of cloud services provides clear cloud visibility for the Aver security team. Exposing vulnerabilities for remediation is simplified because the analysis occurs in one place rather than assembling reports from various places.  

Reliable Takeaways  

Confidence in the data you’ve assembled requires accuracy and detail. These details live in the metadata of resources – configurations, settings, permissions, etc. Without a tool, a security analyst has to pore over security groups and policies, assess relationships between resources and assemble into concise takeaways. Human involvement at this level is prone to mistakes as oversights can occur without notice. 

It’s critical that security teams present accurate and reliable information to senior leadership. The stakes are simply too high when it comes to assessing your organizations attack surface.  

The Aver security team turns to JupiterOne, which routinely pulls the specific metadata and relationship details regarding their environment. Zack and his team can be confident that the picture they see is complete, accurate and up-to-date 

Streamlined Reporting  

Along with the analysis, security teams own the deliverable of a detailed report that highlights their organization’s security posture.  

Unfortunately, building reports is painfully tedious. Rarely can reports be templatized because the analysis and takeaways are unique to each situation. That means creating visualizations and detailing analysis begins from scratch more often than not.  

“A tool like JupiterOne is critical to completing a robust threat analysis,” said Zack.

“Manual threat modeling, regardless of the analyst’s diligence, is prone to errors.”

From Modeling Threats to Post-Breach Analysis  

The increased coverage around large scale public data breaches has increased executive scrutiny on their own environments.  

When a major breach hits the news cycle, senior management’s eyes shift towards security and IT teams. The question is simple: are we vulnerable to the same sort of attack? Unfortunately, the answer to that question can be elusive. Not because the data doesn’t exist. Actually, the challenge security teams face is the fact that the data exists, mixed into a haystack of complex relationships.  

For Zack, as is the case with most security teams, report requests assessing his own organizations susceptibility to similar attacks occur regularly. “I would say news of large public data breaches happens once a quarter, with smaller requests occurring monthly – both of these require assessments of our own risk.”  

With the demands for post-breach analysis and reliable threat modeling not going away, how can security teams assess their risk exposure to similar attacks when environments cover dozens of services and tools? 

Power in a Single Query  

The insights Aver derives from JupiterOne regarding their environment rely on queries of data and relationships. These queries provided by JupiterOne offer a universally reliable and flexible way to view their environment. 

Following the recent, largely publicized CapitalOne data breach, Zack reached out to the JupiterOne team and asked “is there a single query I can run to assess my organization’s risk to similar attacks as a result of overly broad permissions?”  

Within a few hours, a query was assembled and distributed, allowing companies who use JupiterOne to ask the simple question: is my environment exposed to vulnerabilities similar to the Capital One data breach? This query is capable of producing a complete list and relationship view of any critical resources that need to be addressed – in seconds.  

The Value of Speed and Reliability   

Increasing the reliability of threat modeling and reducing the time and effort to assemble the reports directly impacts Zack’s and the security team’s operational efficiency. Robust analysis can happen quickly through JupiterOne without disrupting the organization, but still provides the detail and insights needed to present confidently to the leadership team. 

See How JupiterOne Can Streamline your Threat Modeling and Attack Surface Analysis

Request a Demo