The worldwide annual price of cyber crime is estimated to be $6 trillion per 12 months, or 1% of the International GDP. On the similar time, cloud computing is quickly turning into the dominant mannequin utilized by enterprise each to develop new providers and to host information and purposes. Cloud computing dominates, however safety is a problem.
“As organizations proceed to extend their reliance on the cloud to centralize their operations, cloud safety options are seeing large progress and adoption,” Erkang Zheng, founder and CEO of JupiterOne, mentioned.
“As well as, the necessity to strengthen defenses — prematurely of macroeconomic modifications that might lead to a rise in financially-motivated assaults — boosts the demand for cybersecurity software program, particularly for cloud environments that hackers could discover extra handy to penetrate.”
That is how Zheng justifies JupiterOne’s estimated valuation of over $1 billion, which comes after in the present day’s announcement of a $70 million Sequence C funding spherical. Though unicorns should not what they was once, with the cybersecurity area alone itemizing over 50 of them, this market provides loads of room.
The cybersecurity market was valued at $217.87 billion in 2021, and it is projected to develop from $240.27 billion in 2022 to $345.38 billion by 2026, exhibiting a CAGR of 9.5% through the years 2022-2026 in accordance with Markets and Markets. In keeping with Gartner, cloud safety is the quickest rising phase of the safety market, with spending leaping from $595 million within the US in 2020 to $841 million final 12 months.
The necessity for JupiterOne is there. What’s price trying into is how the corporate defines and approaches its mission.
A graph-powered cybersecurity platform
Zheng touts JupiterOne as “the primary cloud-native cyber asset assault floor administration (CAASM) platform constructed on a graph information mannequin… uniquely positioned to steer this rising market.”
The corporate guarantees to assist purchasers simply determine, map, analyze, and safe cyber belongings. Its record of purchasers consists of cloud-native enterprises like Cisco, Databricks, Certainly, and Robinhood.
Step one to doing that is to connect with as many methods as attainable. As Zheng shared, JupiterOne presently helps over 180 integrations out of the field, with new integrations launched frequently. Some examples embrace cloud suppliers, vulnerability scanners, authentication and authorization methods, and identification administration instruments.
JupiterOne connects to all of a corporation’s infrastructure, cloud, and safety tooling and methods so as to accumulate, combine, and mannequin all of its cyber asset information. It is an agentless know-how that makes use of API-based connectivity to gather the information, Zheng mentioned.
The corporate has been creating the breadth and depth of its integrations for over 4 years. At this time, JupiterOne provides open supply options — corresponding to Starbase — that help its integrations. It additionally permits third events to create their very own integrations by way of JupiterOne’s public integrations examples and SDK.
JupiterOne’s CAASM platform is constructed on a graph information mannequin to reveal the intricate relationships between cyber belongings, one thing which Zheng recognized as key to the platform’s operation:
“Visibility is of little worth with out context. The power to attract connections between your cyber belongings enriches your safety investigations with a whole understanding of the incident, so you’ll be able to assess its affect, see what was affected, and optimize your incident response workflows.
“It additionally permits you to achieve structural context about your enterprise to grasp not simply what is happening, however the place. We use a graph-based back-end system to mannequin the nodes (belongings) and connections (relationships) so as to present sensible and actionable insights and evaluation of your atmosphere.”
JupiterOne’s platform and capabilities are constructed on a graph information mannequin. JupiterOne
Certainly, cybersecurity is among the domains during which graph shines. It comes down to 2 issues: the pliability of the information mannequin, which permits integration of knowledge from disparate sources, and the effectivity of the queries, which permits exploration of complicated paths and relationships.
Starbase, JupiterOne’s open supply framework aiming to “democratize graph-based safety evaluation,” collects belongings and relationships from providers and methods together with cloud infrastructure, SaaS purposes, safety controls, and extra right into a graph view backed by Neo4j.
JupiterOne’s core product encompasses a custom-built question language (J1QL), prebuilt queries, and a pure language-based search to reply any query.
Elaborating on how cyber asset information is monitored and up to date to serve completely different use circumstances and necessities, Zheng mentioned, “JupiterOne helps over 500 ‘out of the field’ English-language questions that customers can ask of their environments with a single click on. If these questions do not remedy your considerations, you should use our visible question builder or our direct search question language to ask any query of your selection.”
Zheng added, “Ask any query and get any reply. Questions might be become repeatedly monitored queries which are linked to alerts, and all information is out there by way of customizable dashboards”.
One platform, many use circumstances, sturdy progress
In addition to CAASM, JupiterOne addresses cloud safety posture administration; safety operations and engineering; and governance and compliance. However how can one thing like GDPR compliance for information generated by way of utility X and saved in cloud supplier Y be assessed and monitored?
As Zheng defined, the entire cyber asset information from utility X and cloud supplier Y are normalized and saved throughout the JupiterOne graph system. This enables customers to ask questions of that information in extraordinarily complicated methods.
“Compliance comes from figuring out what inquiries to ask after which asking them with the suitable frequency to search out dangers. As soon as you discover the dangers, you repair them, thus rising your safety alongside your compliance degree,” Zheng mentioned.
What concerning the monitoring vulnerabilities situation? For instance, how can one thing just like the potential affect of Log4j to a shopper’s purposes be assessed and corrective motion be instructed?
First, JupiterOne connects to utility scanning options to find out the place a code vulnerability, corresponding to Log4j, would exist in a person’s atmosphere. From there, customers can ask complicated questions like: Who wrote the code that incorporates the difficulty? What’s their safety coaching degree? Is that this code working in manufacturing? Whether it is working in manufacturing, who’s the appliance proprietor?
“JupiterOne connects vulnerabilities to the context surrounding them in your atmosphere that will help you resolve points and remediate them sooner than ever earlier than,” Zheng mentioned.
JupiterOne’s $70 million Sequence C funding spherical brings the corporate’s complete raised to greater than $119 million and its estimated valuation to over $1 billion. The spherical was led by Tribe Capital with participation from new buyers, together with Intel Capital and Alpha Sq. Group, and present buyers, together with Sapphire, Bain Capital Ventures, Cisco Investments, and Splunk Ventures.
Commenting on the corporate’s valuation, Zheng mentioned that monetary metrics and progress 12 months over 12 months have been sturdy. He added that the subscription mannequin promotes buyer retention and renewal, which helps venture continued progress for years to come back.
The funds might be used to develop go-to-market capabilities, develop engineering investments, and improve product improvement. That is all to deal with market wants throughout assault floor administration, together with unified asset stock, vulnerability administration, and safety posture automation.
Moreover, the funds might be used to increase the attain of the corporate’s intensive partnership and integration groups, additional increasing the capabilities of the CAASM platform. JupiterOne will look to scale the corporate’s direct and channel gross sales efforts for enterprise clients whereas increasing self-service capability for small and midsize companies.
