One of the big topics discussed at AWS re:Invent 2022 was cybersecurity. There are good reasons for this. Cloud security should be similarly addressed.
JupiterOne Inc., an “Attack Surface Management for Cyber Assets” company, believes the trends in the cybersecurity industry are not good. Perhaps he has one problem solved, but more than 100 problems follow.
Erkang Zheng (pictured), Founder and CEO of JupiterOne, said: “You need to start thinking about how you can radically improve the basics and do the basics well. It’s the basics that often get you into trouble.”
This may seem like a simple solution, but in practice it is not always so. It’s easy to assume that users should enable multi-factor authentication (MFA) or use endpoint protection on their devices.
“But the question is, how can you be sure it’s always working 100%? How do you know?” Zheng asked.
In a conversation with theCUBE industry analyst John Walls at AWS re:Invent, Zheng discusses the problem and JupiterOne’s potential solution during an exclusive broadcast on SiliconANGLE Media’s live streaming studio, theCUBE. Did. (*disclosed below)
Summarize in 5 questions
JupiterOne believes security is a data issue, requiring an engineering approach and a platform for integration. The company raised $70 million at a $1 billion valuation earlier this year to boost its market capabilities.
For Zheng, it’s essential not to discover after the fact that MFA or endpoint protection isn’t working. To prevent that, organizations should ask themselves her five basic questions. What’s important in all that I have? Which of them do I have a problem with? If so, who can fix it? And finally, am I getting better over time?
“Just keep asking these questions with different disciplines, different disciplines, different lenses,” says Zheng. “Maybe it’s the endpoint. Maybe it’s the cloud. Maybe it’s the user. Maybe it’s the product and the application. But really these he boils down to five questions. This is the foundation of any good security program. is.”
Approaching it that way—diagnosing problems and applying medicines and thinking about it—forms the essence of JupiterOne’s approach.
“We spend a lot of time researching external attackers, but we don’t fully understand what the complexities are within our own environment when it comes to digital assets,” Zheng said. said. “And it’s kind of like the DNA of your own work.”
About trying to find all the experts
For years, the cybersecurity field has been constrained. There is a persistent skills shortage that makes it difficult for organizations to find and retain skilled staff.
Why is there a shortage of skills when there are so many talented people? According to Zheng, this has to do with the “daunting” number of tasks required of security personnel. For example, Security, she asks an analyst how to secure something or handle an incident. Not only is the individual expected to understand security concepts and become an expert in her domain of security, but she also understands AWS, other clouds, endpoints, code, and applications to properly analyze them. is to deal with
“It’s impossible. We need someone who is an expert in everything,” said Zheng. “It’s one of the things we have to solve him. It’s how we use technology like JupiterOne to provide abstraction so that the security team can go deep and be an expert in his technology. It’s a way to achieve automation so that you can do your job more efficiently without it.”
JupiterOne models data and provides out-of-the-box analytics and visualizations so your organization can focus on security practices. Second, companies are changing the way they think about vulnerability management, for example.
“The idea of vulnerability management, how do we manage our findings? Now we have to shift to a more proactive concept of how we manage our assets,” he said.
Zheng added that if the mindset doesn’t fundamentally change, that’s the problem.
“You have to look at things from an asset-centric first-day perspective and look at it and build this foundation and build this map, not in terms of after-the-fact findings,” he said. . “If I need directions, I go to Google Maps. But the reason it works is because someone did the work of making the map.”
Here’s the full video interview, part of SiliconANGLE and theCUBE’s coverage of the AWS re:Invent 2022 Global Startup Program:
(* Disclosure: JupiterOne Inc. sponsored this segment of theCUBE. Neither JupiterOne Inc. nor any other sponsor has the authority to edit theCUBE or SiliconANGLE content.)
