JupiterOne raises $70 million to secure cloud attack surface

Cloud-native cyber asset attack surface management (CAASM) provider JupiterOne announced today that it has raised $70 million in a Series C funding round, bringing the company’s total funding to over $119 million. dollars and increased its estimated valuation to over $1 billion.

JupiterOne’s CAASM platform provides organizations with a solution for mapping, analyzing and securing cyber assets vulnerable to external attacks, including devices, networks, applications, data and user identities, on-premises and in the cloud.

The solution uses a diagram data model to prioritize data and relationships between infrastructures to give security teams better contextual awareness of real risks so they can understand their assets from an attacker’s perspective.

Visibility as the key

As many organizations struggle to keep up with the complexities of multi-cloud and hybrid-cloud environments and to manage the sprawling external attack surface, visibility becomes increasingly important to keep pace with modern threats.

“Visibility is the foundation of any security program. However, according to Gartner, only 1% of organizations will have more than 95% visibility into their cyber assets by 2022. Limited visibility can be as dangerous as zero visibility, leaving segments of your attack surface unexplained and unprotected,” said JupiterOne Founder and CEO Erkang Zheng.

“Without that visibility and the ability to query it, security teams struggle to answer basic but critical questions like: For example, whether their EC2 instances are exposed to the public internet,” Zheng said.

As a result, Zhen says security teams need a “search engine-like experience” to understand assets, policies, and the relationships they have in the environment.

JupiterOne’s response to attack surface complexity is to focus on gaining visibility into the enterprise’s security posture and attack surface by enabling security teams to query disparate tools across their environment for risk and dependency intelligence.

Attack surface management and vulnerability management

Attack surface management solutions are a new category of risk management solutions loosely positioned in the global security and vulnerability management market estimated by researchers at $13.8 billion in 2021 and projected to reach $18.7 billion by 2026 will reach US dollars.

The company competes with a number of other attack surface management providers, including Axonius, which offers a cybersecurity asset management solution that provides an inventory of outward-facing assets with automated responses when users, devices, or apps deviate from security policies.

Earlier this year, Axonius raised $200 million in a Series E funding round and achieved a valuation of $2.6 billion.

JupiterOne also competes with Noetic Cyber, which launched last year with $20 million in funding with a continuous cyber asset management and control platform that provides a dashboard view of assets on-premises, in the cloud, and continuously looks for insecure and misconfigured assets.

According to Zheng, there are two key differentiators between JupiterOne’s solution and other attack surface management vendors; its use of the Graph data model and its broad support for cyber assets in cloud environments.

“The JupiterOne platform contains catalogs of charts and categorizes all cyber asset types and the relationships between those assets to provide comprehensive, contextual insights into transitive risk. For example, Jupiterone can uncover complex correlations between a vulnerability in the cloud and the specific code commit in Github, and even which user identity is responsible for the problem,” Zheng said.