Published on December 12th, 2022 📆 | 2913 Views ⚑
0JupiterOne pinpoints cures to cybersecurity ailments
One of the big topics of discussion at AWS re:Invent 2022 was cybersecurity, and with good reason: Bad actors are getting more sophisticated. Cloud security needs to respond in kind.
JupiterOne Inc., a âcyber asset attack surface managementâ company, believes the trend hasnât been good in the cybersecurity industry â perhaps one issue gets resolved, but a hundred follow in its wake.
âI do think that weâre at a point where we have enough painkillers and Band-Aids,â said Erkang Zheng (pictured), founder and chief executive officer of JupiterOne. âWe need to start looking at how we can do better, fundamentally, with the basics and do the basics well. Because a lot of times, itâs the basics that get you into trouble.â
That might seem like a simple solution, but itâs not always the case in practice. Itâs easy to think that users should have multi-factor authentication, or MFA, enabled or endpoint protection on devices.
âBut the question being, how do you know it is working 100% of the time? How do you know that?â Zheng asked.
Zheng discussed that issue, and JupiterOneâs potential solutions, during a conversation with theCUBE industry analyst John Walls at AWS re:Invent, during an exclusive broadcast on theCUBE, SiliconANGLE Mediaâs livestreaming studio. (* Disclosure below.)
Boiling it down to five questions
JupiterOne believes security is a data problem that needs an engineering approach and a platform for consolidation. It raised $70M on a $1 billion valuation to boost its market capabilities earlier this year.
For Zheng, itâs essential not to find out MFA or endpoint protection is not functioning after the fact, when itâs too late. To prevent that, organizations need to ask themselves five basic questions: What do I have? Whatâs important out of all the things I have? Out of those things, do I have a problem? If so, who can fix it? And, finally, over time, am I getting better?
âYou just keep asking these questions in different areas, in different domains, with a different lens,â Zheng said. âMaybe thatâs endpoints. Maybe thatâs cloud. Maybe thatâs users. Maybe thatâs product and applications. But it really boils down to these five questions. Thatâs the foundation for any good security program.â
Approaching it that way â thinking about it as diagnosing a problem and applying medicine to it â forms the essence of JupiterOneâs approach.
âWe spend a lot of time doing attacker research from the outside, but we donât fundamentally understand, in a complete way, whatâs the complexity within our own environment in terms of digital assets,â Zheng said. âAnd thatâs almost like the DNA of your own work.â
On trying to find experts in everything
For years, thereâs been a constraint refrain in the cybersecurity space: There is a lingering skills shortage, making it difficult for organizations to find and retain skilled staff.
Why is there a skills shortage when many talented people are out there? It has to do with the âmind-bogglingâ number of tasks requested of security people, according to Zheng. For example, suppose one asks a security analyst how to protect something or deal with an incident. What one is asking that individual to do is not only understand the security concept and be a domain expert in security, but also to understand AWS, other clouds, endpoints, code, and applications to do an analysis and a response properly.
âItâs impossible. You have to have a person whoâs then an expert in everything,â Zheng stated. âThatâs one thing we have to resolve; itâs how we use technology like JupiterOne to provide an abstraction so that thereâs automation in place to help the security teams be better at their jobs without having to be an expert in deep technology.â
JupiterOne models the data and provides the analysis and visualization out of the box so organizations can just focus on security practices. Then, the company seeks to change mindsets â for example, regarding vulnerability management.
âThe mindset for vulnerability management has been, how do I manage findings? Now we have to change it to the concept of more proactive, how to manage assets,â he said.
If mindsets arenât fundamentally changed, that poses a problem, Zheng added.
âI have to look at things, not from a reactive, findings perspective, but really starting from an asset-centric, day-one perspective, to look at that and have this foundation â have this map built,â he said. âIf I need direction, I go to Google Maps. But the reason that it works is because somebody has done the work of creating the map.â
Hereâs the complete video interview, part of SiliconANGLEâs and theCUBEâs coverage of the AWS re:Invent 2022 Global Startup Program:
(* Disclosure: JupiterOne Inc. sponsored this segment of theCUBE. Neither JupiterOne Inc. nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)
Gloss