Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


01:30 PM
Connect Directly

Startup Aims to Map and Track All the IT and Security Things

Security service JupiterOne spins off from a healthcare service provider's homegrown technology.

A security-as-a-service startup that emerged from stealth last week with $19 million in Series A funding aims to tackle a longstanding challenge for IT and security teams: finding — and keeping up-to-date — all of an organization's online devices and assets, including cloud-native services and connections.

JupiterOne joins the ranks of the emerging and maturing IT and security asset management sector, with products and services that offer an automated inventory of devices and services running on increasingly growing and diverse enterprise networks. Misconfigured systems and network settings as well as unknown unpatched devices sitting on the network are among the most common weak links that expose enterprises to attacks and data breaches, and Internet of Things (IoT) devices have exacerbated the problem of managing network and IT assets. To date, it's been a mostly manual process.

Related Content:

6 Lessons IT Security Can Learn From DevOps

The Threat from the Internet—and What Your Organization Can Do About It

New on The Edge: A Hacker's Playlist

"We're 'the Google' of your digital infrastructure," explains Erkang Zheng, founder and CEO of startup JupiterOne, which spun off as a subsidiary of healthcare software-as-a-service (SaaS) firm LifeOmic, where as CISO Zheng had helped build JupiterOne's platform for the firm's internal use. The concept for the service came amid his own frustration as a former CISO of running multiple security tools (security information and event management; security orchestration and response, vulnerability management; governance, risk management, and compliance security) that require much manual correlation to get on top of security threats and vulnerabilities.

Zheng says his company's service drills down into functions and not just physical devices. "Not just every server instance, but also server functions," for example, he says. "Knowing what those are, how they are configured is one aspect. Second is knowing how it's connected and to be able to absorb and query it in a meaningful way. ... It's a graph to connect all the dots."

Some early adopters of the service are layering it with their security operations. Detailed inventory then provides a "database of the source of truth" when attackers get in, notes Caleb Sima, vice president of security for Databricks, which runs the SaaS. "We know instantly when a database has been opened or a new data store. ... It not only triggers [an alert] that there's a new AWS S3 bucket, but it also knows the user account and also maps to the Okta user" to reveal that User A opened a bucket without permission, for example, he says. The service then contacts the user via email or Slack and alerts them about the unauthorized activity and automatically closes down the bucket.

"When I was at CapitalOne, one of my first questions was 'Where is everything? How many firewalls do we have?' That was me being naive as an operator thinking this is stuff that is actually done," recalls Sima, who was formerly CISO at CapitalOne.

Sima says the sprawl of cloud services used at organizations has made keeping track of assets much more difficult. "You've got sprawl everywhere, and it's not created through a single entity" like physical network assets, he says. "Assets are really objects, not just IP assets," and that includes operating systems, web apps and what they're built from, and databases, authentication software, and services that the assets access.

Breaches most often occur when the victim organization doesn't know about a specific device or its configuration and software versions, he notes. He says JupiterOne places all assets into a central location with continuous updating of their status.

"It's foundational," Sima says of this type of technology. "It's going to be a big space," with many more vendors rolling out such services.

"I also believe a lot of products are going to be built on top of this," he says.

There are several IT asset inventory firms that identify products as physical devices and don't encompass the cloud-native assets nor the layers of a device. Sima say the closest thing to JupiterOne is Axonius, a security asset management tool provider.

Metasploit creator and renowned security expert HD Moore shook up the space last year with the release of his IT asset discovery tool, Rumble Network Discovery, which detects an organization's devices and their status on a network without requiring administrative access to reach them. IT asset management tools are not new — there's open source Nmap as well as commercial offerings from Armis, Claroty, Forescout, Senrio, and others — but Moore's approach was novel in that it doesn't require credentials to inventory devices or to monitor the ports.

Compliance Assist
Will Gregorian, CISO of wealth management service Addepar, ditched his GRC (government, risk management and compliance) tool for JupiterOne's service, in part because it was built with Zheng's perspective as a security practitioner, not a security vendor. "They [the GRC vendor] were more interesting in telling you how they think about security," Gregorian says.

Compliance is the financial service platform's key interest in JupiterOne's technology. "It looks at the entirety of everything out there, measures it, and teases out the potential [issues] no one seems to know about," he explains. Addepar, which now has automated its policies as well, has integrated the service with various security tools, including Okta and its security awareness platform.

JupiterOne's funding round was led by former Symantec CEO Enrique Salem — now with Bain Capital Ventures; Chenxi Wang at Rain Capital; and LifeOmic, a healthcare SaaS firm, from where JupiterOne spun off and is now a subsidiary.

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
9/23/2020 | 6:41:01 AM
Re: Pending Review

Great information you shared through this post! Here I found the exact information I wanted and didn't know who to ask.

Do you have some tips about digital signage solutions?

COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/27/2020
Chinese Attackers' Favorite Flaws Prove Global Threats, Research Shows
Kelly Sheridan, Staff Editor, Dark Reading,  10/27/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-10-28
NeoPost Mail Accounting Software Pro 5.0.6 allows php/Commun/FUS_SCM_BlockStart.php?code= XSS.
PUBLISHED: 2020-10-28
osCommerce Phoenix CE before allows admin/define_language.php CSRF.
PUBLISHED: 2020-10-28
osCommerce Phoenix CE before allows OS command injection remotely. Within admin/mail.php, a from POST parameter can be passed to the application. This affects the PHP mail function, and the sendmail -f option.
PUBLISHED: 2020-10-28
Shibboleth Identify Provider 3.x before 3.4.6 has a denial of service flaw. A remote unauthenticated attacker can cause a login flow to trigger Java heap exhaustion due to the creation of objects in the Java Servlet container session.
PUBLISHED: 2020-10-28
The Snap7 server component in version 1.4.1, when an attacker sends a crafted packet with COTP protocol the last-data-unit flag set to No and S7 writes a var function, the Snap7 server will be crashed.