JupiterOne, a cybersecurity management automation startup whose customers include Reddit, Databricks, and Auth0, today closed a $19 million funding round led by Bain Capital Ventures. Cofounder and CEO Erkang Zheng says the proceeds will be put toward bolstering JupiterOne’s R&D and go-to-market efforts.
Cybersecurity asset management, or the process of creating and continually updating an inventory of IT resources, can be a resource drain. According to a 2019 Deloitte survey, executives spend 13% of their time addressing cyber monitoring and operations challenges. Despite this, relatively few businesses are proactive about asset management, perhaps owing to logistical challenges. Gartner estimates that only 35% of companies are designing, documenting, and regularly testing assets using inventory tools and software.
JupiterOne claims to make security teams more efficient by centralizing the data from dozens of cloud services and services into a single hub for management, analysis, and alerting. Via the platform’s integrations and API, it automatically pulls in read-only data to generate a real-time inventory of resources and assets including code, repositories, and endpoints. A one-word search across the inventory is sufficient to return detailed information like account access, devices in use, resources, and even changes to code repositories made by users.
JupiterOne’ s algorithms fetch and classify entities in environments automatically and map them to tools like the compliance dashboard. From JupiterOne’s compliance dashboard, users get an overview of top-level controls and policies making up their company’s security framework. They can dig into specific requirements if they so choose, or they can use JupiterOne’s policy builder to review, update, and visualize asset relationships and craft a set of procedures from templates covering 24 major security policy domains.
Using the JupiterOne Insights app, users can build customized reporting dashboards and visualizations with searches and queries for inadvertent self-reviews, suspicious code commits, pull requests, code repos, and more. Each dashboard can be configured as a shared team board or a personal board and the layout of each board is individually saved per user, so that users can customize layouts according to their preferences without impacting other users.
On the alerting side, there’s JupiterOne’s rules panel, which leverages a knowledge graph to factor in things like a user’s permissions to resources and whether or not multifactor authentication has been enabled before triggering a new alert. JupiterOne boasts a library of preconfigured rules and intelligent rules that can be set to run from every 15 minutes to 24 hours to ensure security teams remediate when a new, high-severity alert occurs.
JupiterOne was founded as a subsidiary of LifeOmic, an Indianapolis, Indiana-based health software company. Erkang served as LifeOmic’s chief information security officer and initially built JupiterOne to support LifeOmic’s security and compliance needs. In pursuit of a cybersecurity asset management segment that’s estimated to reach $8.5 billion in spending by 2024, according to Zheng, LifeOmic productized the solution as JupiterOne and spun out the company in March 2018.
“JupiterOne is currently at 20 employees with an expectation to triple that number by the end of 2021. We are in a high growth phase and will be focused on bringing on the best engineering and go to market talent available today,” Zheng told VentureBeat via email.
Rain Capital, LifeOmic, and individual investors also participated in the venture funding round.