Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

9/22/2020
01:30 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Startup Aims to Map and Track All the IT and Security Things

Security service JupiterOne spins off from a healthcare service provider's homegrown technology.

A security-as-a-service startup that emerged from stealth last week with $19 million in Series A funding aims to tackle a longstanding challenge for IT and security teams: finding — and keeping up-to-date — all of an organization's online devices and assets, including cloud-native services and connections.

JupiterOne joins the ranks of the emerging and maturing IT and security asset management sector, with products and services that offer an automated inventory of devices and services running on increasingly growing and diverse enterprise networks. Misconfigured systems and network settings as well as unknown unpatched devices sitting on the network are among the most common weak links that expose enterprises to attacks and data breaches, and Internet of Things (IoT) devices have exacerbated the problem of managing network and IT assets. To date, it's been a mostly manual process.

Related Content:

6 Lessons IT Security Can Learn From DevOps

The Threat from the Internet—and What Your Organization Can Do About It

New on The Edge: A Hacker's Playlist

"We're 'the Google' of your digital infrastructure," explains Erkang Zheng, founder and CEO of startup JupiterOne, which spun off as a subsidiary of healthcare software-as-a-service (SaaS) firm LifeOmic, where as CISO Zheng had helped build JupiterOne's platform for the firm's internal use. The concept for the service came amid his own frustration as a former CISO of running multiple security tools (security information and event management; security orchestration and response, vulnerability management; governance, risk management, and compliance security) that require much manual correlation to get on top of security threats and vulnerabilities.

Zheng says his company's service drills down into functions and not just physical devices. "Not just every server instance, but also server functions," for example, he says. "Knowing what those are, how they are configured is one aspect. Second is knowing how it's connected and to be able to absorb and query it in a meaningful way. ... It's a graph to connect all the dots."

Some early adopters of the service are layering it with their security operations. Detailed inventory then provides a "database of the source of truth" when attackers get in, notes Caleb Sima, vice president of security for Databricks, which runs the SaaS. "We know instantly when a database has been opened or a new data store. ... It not only triggers [an alert] that there's a new AWS S3 bucket, but it also knows the user account and also maps to the Okta user" to reveal that User A opened a bucket without permission, for example, he says. The service then contacts the user via email or Slack and alerts them about the unauthorized activity and automatically closes down the bucket.

"When I was at CapitalOne, one of my first questions was 'Where is everything? How many firewalls do we have?' That was me being naive as an operator thinking this is stuff that is actually done," recalls Sima, who was formerly CISO at CapitalOne.

Sima says the sprawl of cloud services used at organizations has made keeping track of assets much more difficult. "You've got sprawl everywhere, and it's not created through a single entity" like physical network assets, he says. "Assets are really objects, not just IP assets," and that includes operating systems, web apps and what they're built from, and databases, authentication software, and services that the assets access.

Breaches most often occur when the victim organization doesn't know about a specific device or its configuration and software versions, he notes. He says JupiterOne places all assets into a central location with continuous updating of their status.

"It's foundational," Sima says of this type of technology. "It's going to be a big space," with many more vendors rolling out such services.

"I also believe a lot of products are going to be built on top of this," he says.

There are several IT asset inventory firms that identify products as physical devices and don't encompass the cloud-native assets nor the layers of a device. Sima say the closest thing to JupiterOne is Axonius, a security asset management tool provider.

Metasploit creator and renowned security expert HD Moore shook up the space last year with the release of his IT asset discovery tool, Rumble Network Discovery, which detects an organization's devices and their status on a network without requiring administrative access to reach them. IT asset management tools are not new — there's open source Nmap as well as commercial offerings from Armis, Claroty, Forescout, Senrio, and others — but Moore's approach was novel in that it doesn't require credentials to inventory devices or to monitor the ports.

Compliance Assist
Will Gregorian, CISO of wealth management service Addepar, ditched his GRC (government, risk management and compliance) tool for JupiterOne's service, in part because it was built with Zheng's perspective as a security practitioner, not a security vendor. "They [the GRC vendor] were more interesting in telling you how they think about security," Gregorian says.

Compliance is the financial service platform's key interest in JupiterOne's technology. "It looks at the entirety of everything out there, measures it, and teases out the potential [issues] no one seems to know about," he explains. Addepar, which now has automated its policies as well, has integrated the service with various security tools, including Okta and its security awareness platform.

JupiterOne's funding round was led by former Symantec CEO Enrique Salem — now with Bain Capital Ventures; Chenxi Wang at Rain Capital; and LifeOmic, a healthcare SaaS firm, from where JupiterOne spun off and is now a subsidiary.

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
dwallonline
50%
50%
dwallonline,
User Rank: Apprentice
9/23/2020 | 6:41:01 AM
Re: Pending Review

Great information you shared through this post! Here I found the exact information I wanted and didn't know who to ask.

Do you have some tips about digital signage solutions?

Overcoming the Challenge of Shorter Certificate Lifespans
Mike Cooper, Founder & CEO of Revocent,  10/15/2020
US Counterintelligence Director & Fmr. Europol Leader Talk Election Security
Kelly Sheridan, Staff Editor, Dark Reading,  10/16/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-3995
PUBLISHED: 2020-10-20
In VMware ESXi (6.7 before ESXi670-201908101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x before 15.1.0), Fusion (11.x before 11.1.0), the VMCI host drivers used by VMware hypervisors contain a memory leak vulnerability. A malicious actor with access to a virtual machine may be able to tr...
CVE-2020-7363
PUBLISHED: 2020-10-20
User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of UCWeb's UC Browser allows an attacker to obfuscate the true source of data as presented in the browser. This issue affects UCWeb's UC Browser version 13.0.8 and prior versions.
CVE-2020-7364
PUBLISHED: 2020-10-20
User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of UCWeb's UC Browser allows an attacker to obfuscate the true source of data as presented in the browser. This issue affects UCWeb's UC Browser version 13.0.8 and prior versions.
CVE-2020-7369
PUBLISHED: 2020-10-20
User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of the Yandex Browser allows an attacker to obfuscate the true source of data as presented in the browser. This issue affects the Yandex Browser version 20.8.3 and prior versions, and was fixed in version ...
CVE-2020-7370
PUBLISHED: 2020-10-20
User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of Danyil Vasilenko's Bolt Browser allows an attacker to obfuscate the true source of data as presented in the browser. This issue affects the Bolt Browser version 1.4 and prior versions.