Digital risk firm Digitalware launches Epiphany risk-hunting engine

Digitalware sees their new offering as unique in the market, because while many types of offerings do some of what they do, no one does all of it.

Dan Singer, CEO of Digitalware

New York City-based digital risk management provider Digitalware has announced the general release of their Epiphany Intelligence Platform, a risk hunting engine that acts much the same as a threat hunting engine, except that it provides security teams with the ability to identify, prioritize, and reduce technical risks that have business impact before an attack occurs.

“We are excited to bring this to market,” said Dan Singer, CEO of Digitalware. “We solve something that’s critical and hasn’t been met yet. There is not a product in the market yet that talks the way that we are talking.”

Digitalware actually started out in the vulnerability management space.

“Digitalware started on the managed services side selling vulnerability management to large enterprises,” Singer said. “We sold through the partner model, as I came from the partner side, with 15 years at systems integrator DynTek. Our pivot was moving from a people business to a utility model to answer questions that CISOs were asking. Typical vulnerability management products had a big chunk missing – being able to answer that risk question. That’s how we migrated to where we are today, from the services side to providing an enterprise grade product.”

Rob Bathurst, DigitalWare’s CTO, emphasized that Epiphany is unique in the market.

Rob Bathurst, DigitalWare’s CTO

“Others only do slices of what we do,” he said. “GRC risk management platforms for example, look at compliance, are very tree-driven and rule-based, and are centred on vulnerabilities and configuration issues. Our approach is designed the same way a Red teamer would approach it, by evaluating attack paths inside the organization. Epiphany services all the information from a business management level and allows digging into all these paths. It’s a business quantification tool first, backed up by all the technical data underneath.”

Epiphany is also extremely scalable.

“Our lowest customer based is around 500 or so but we scale up to around 800,000,” Singer said. “It’s a stand-alone platform, but there is a complement of supplementary services around it like maturity and posture evaluation, as well as things that partners might fit in.”

The platform is also MSSP-friendly.

“We are fully multi-tenant-capable,” Bathurst said. “One MSSP we work with is focused on small business and we provide them with the platform so they can look at the risk posture for this market.”

While Epiphany is being formally announced today, it has actually been around for almost two years.

“The platform was available to some of our larger customers by the end of 2018, ones whose program we managed,” Bathurst said. “This is our release to the general market.”

Digitalware sees the competitive marketplace for Epiphany as unusual in that while they compete with bits and pieces of many sectors, they don’t directly compete with much at all, which opens up the possibility of strategic partnerships.

“Because Epiphany sits as an overlay of a lot of systems, we compete with parts of them, but we don’t replicate their whole value,” Singer said. “This would include GRC ITSM, and vulnerability management.  On the GRC side, we aren’t going to pull down the latest regulations. We care what technical posture looks like.

“We are working on a larger partnership with one of the EDR type platforms,” Singer continued. “We have Crowdstrike, Cylance and McAfee integrations there, and ones with Tenable and Rapid7 vulnerability scanners.”

Looking ahead, DigitalWare is working on moving response time from minutes to near real time.

“Right now, it’s a state-based system, and we are moving toward moving it to more near real time, to look for the social engineering risk of a particular user,” Singer said. “We are pushing from moving from a 1-15 minute time cycle down to seconds or milliseconds to show real-time drift.

“We also have an operational tech part of the platform, Watchtower,” he added. “We are expanding those capabilities in the OT engineering space to be more robust. That’s on the roadmap as well.”

While partners are essential to the Go-to-Market strategy, a channel program isn’t in place yet, but the plan is to introduce one next year

“A channel program is critical, but we wanted to be mature in product before bringing it to market,” Singer said. “We are working with partners on the best way to work together. The channel needs a lot of handholding and training. We have been working with national partners like SHI and CDW who are very structured and because we have been working on some of those, when we get to the regional ones it will be plug and play for them. Getting to the regional ones is the ultimate goal, and to get beyond transactions.”