Companies rely on their cyber assets to effectively conduct business and transmit customer information.

As organizations grow, scale up and acquire more customers, those cyber assets also sprawl to become more intricate. Exploitable threat gaps can manifest when accurate, up-to-date inventorying isn’t performed. That’s where JupiterOne Inc. comes in, by helping companies take proper stock of cyber assets in their ever-changing form.

“That’s anything that your business needs to operate its business and to be able to transit customer information to your customers,” said Sean Catlett (pictured), general manager for EMEA at JupiterOne. “But those are also things that are hyper-complex when you think of how those are built out of massive lists today. Our approach is really to modernize that, connect them and make those into contextual pieces of information around what those assets do for the business and then how they can be secured more effectively.”

Catlett spoke with theCUBE industry analyst Lisa Martin, during a CUBE Conversation ahead of the “Cybersecurity” AWS Startup Showcase event on September 14, an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio.. They discussed JupiterOne’s asset-first security approach and the real-life use cases where it’s shown enterprise value. (* Disclosure below.)

Assessing real customer scenarios

In the end, cybersecurity aims for two outcomes — mitigating attacks in the first place and salvaging business functioning where the former isn’t possible. A challenge enterprises face in achieving either objective is pinpointing the threat’s originating source — whether it be compromised identities, access or assets, according to Catlett.

“One of the key challenges that we all face … is, ‘How do I see this environment where maybe something has occurred — what does that environment have access to?” he said. “Who are the user identities or machine identities involved that might have additional capability in another part of the environment? What data would potentially be exposed in that environment or elsewhere, and how would an attacker navigate the environment to either get to the data or get the data out?”

By keeping organizations constantly equipped with up-to-date asset situation reports, JupiterOne creates a “single source of truth” where wide visibility across environments is maintained, according to Catlett.

“For us to be able to do that quickly at scale and kind of provide those insights at speed and know that they’re always up to date, it just really becomes something that organizations can rely on to be that single source of truth for the types of information that they’re looking for and securing their attack surface,” he said.

JupiterOne’s key value proposition is understanding a business and its cyber assets and, subsequently, linking those assets together — so that it’s equipped with the information to answer tough security questions, according to Catlett.

On the topic of compliance, it should be seen as a positive consequence of stellar security practices and policies, not a cybersecurity goal in itself, Catlett added. The mindset should shift from a focus on good-looking audit reports to a company-wide prioritization to put security first, even when no one is watching.

Visibility with the added benefit of context

From analytics dashboards to cloud management tools, “visibility” has become an enterprise buzzword. JupiterOne takes a different approach to the concept, however, by applying context to bring coherence to all those asset data points, according to Catlett.

“What we mean by that is the visibility that you gain if I just take hundreds of thousands of log lines and different pieces and just make that visible to you, it actually can be quite overwhelming,” he explained. “And it actually is something that is in many cases hurting security teams with all that complexity. It just becomes extremely frustrating to get tons of information, tons of updates and actually not be able to make sense of it.”

Contextual visibility is about tying information to the relevant assets. So, in the case of a vulnerability finding, for instance, the viewer is able to pinpoint what’s at risk and make informed inferences about the vulnerability source.

“It’s also important how we can use the tooling to talk to the business in a different way, because the graph and the ways to look at link analysis between systems … it’s just in manual forms,” Catlett explained. “When we provide them the context of what needs to be fixed, they’re able to match and earn a lot of trust versus just bringing them a list of things that are not linked to anything that they’ve ever seen before.”

Here’s the complete CUBE Conversation, part of SiliconANGLE’s and theCUBE’s pre-event coverage of the “Cybersecurity” AWS Startup Showcase event:

(* Disclosure: JupiterOne Inc. sponsored this segment of theCUBE. Neither JupiterOne nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE