JupiterOne raises $70M to secure the cloud attack surface 

Today, cloud-native cyber asset attack surface management (CAASM) provider JupiterOne announced it has raised $70 million as part of a series C funding round, bringing the company’s total funding raised to over $119 million, and its estimated valuation of over $1 billion. 

JupiterOne’s CAASM platform provides enterprises with a solution for mapping, analyzing, and securing cyber assets vulnerable to external attack including devices, networks, applications, data, and user identities, on-premises and in the cloud. 

The solution uses a graph data model to prioritize data and relationships between infrastructure to give security teams greater contextual awareness of true risk, so they can understand their assets from an attacker’s point of view. 

Visibility as the key 

With many organizations struggling to keep up with the complexity of multi-cloud and hybrid cloud environments and managing the sprawling external attack surface, visibility is becoming essential for keeping up with modern threats. 

“Visibility is the foundation of every security program. However, according to Gartner, just 1% of companies in 2022 have more than 95% visibility into their cyber assets. Limited visibility can be as dangerous as having zero visibility, as it leaves segments of your attack surface unaccounted for and exposed,” said founder and CEO at JupiterOne, Erkang Zheng. 

“Without this visibility and the ability to query it, security teams are struggling to answer basic yet critical questions like whether their EC2 instances are exposed to the public internet,” Zheng said. 

As a result, Zhen says that security teams need a “search engine-like experience” to understand assets, policies and the relationships they have in the environment. 

Focusing on gaining visibility over the organization’s security posture and attack surface is JupiterOne’s answer to attack surface complexity, giving security teams the ability to query disparate tools throughout their environment, to find out information about risk and dependencies. 

Attack surface management and vulnerability management 

Attack surface management solutions are a new category of risk management solutions that sit loosely in the global security and vulnerability management market, which researchers valued at $13.8 billion in 2021, and anticipate will reach $18.7 billion by 2026. 

The organization is competing against a number of other attack surface management providers including Axonius, which provides a cybersecurity asset management solution that provides an inventory of external facing assets, with automated responses whenever users, devices or apps deviate from security policies. 

Earlier this year Axonius raised $200 million as part of a series E funding round and achieved a $2.6 billion valuation. 

JupiterOne is also competing with Noetic Cyber, which launched last year with $20 million in funding with a continuous cyber asset management and controls platform that provides a dashboard-view of assets on-premises and in the cloud, with continuous scanning for insecure and misconfigured assets.

Zheng says that there are two main differentiators between JupiterOne’s solution and other attack surface management vendors; its use of the graph data model and its broad support for cyber assets in cloud-environments. 

“The JupiterOne platform includes graph catalogs and categorizes all cyber asset types and the relationships between these assets to reveal rich, contextual insight into transitive risk. For example, Jupiterone can reveal complex strings of relationships between a vulnerability in the cloud to the specific code commit in Github, and even which user identity is responsible for the issue,” Zheng said.