Argus2026.01
Crown-Jewel Exposure
The two hops between the internet
and regulated financial data.
79
Crown jewel · db-finance-01 · 10.30.9.2
PostgreSQL financial datastore — PII & transaction records
Reachable from an internet-facing host in two hops. Exposure score 79 (High). No EDR coverage on the asset itself — an intrusion here would be invisible to existing tooling.
Reachability
How an AI-driven adversary gets there
Entry
Internet
Public edge surface
→
Foothold
edge-api-01
Swagger schema exposed · KEV CVE-2024-3400 · FP-0042
→
Pivot
stg-app-07
Shared SSH key reuse · FP-0013
→
Objective
db-finance-01
Regulated financial datastore · no EDR
Business impact
What's at stake
The datastore holds regulated PII and transaction records. Compromise triggers breach-notification obligations and direct regulatory exposure.
Because the asset has no endpoint telemetry, an intrusion would likely be detected late — increasing dwell time and blast radius.
Resolution
What breaks the path
| Step | Fix Pack | Effect |
|---|---|---|
| Close foothold | FP-0042 | Breaks hop 1 |
| Rotate shared key | FP-0013 | Breaks hop 2 |
| Deploy EDR | FP-0238 | Adds visibility |
Either single fix severs the chain. Closing FP-0042 alone removes the only internet-reachable foothold; the crown jewel drops out of the reachable set entirely. Argus re-validates the break on the next scan — no exploitation, just proof the path is gone.