Accelerating Incident Response with JupiterOne’s New Insights Dashboards

When you can’t account for every single cyber asset in your digital environment and you want to conduct a security investigation or run a query to retrieve specific information, you might as well consult a Magic 8 Ball to provide an answer. Even the smallest gap in visibility will keep you in the dark about something critical that needs your immediate attention. With such gaps, the accuracy of your querying results are akin to your Magic 8 Ball’s “reply hazy, try again.”

With JupiterOne, you gain complete visibility across all cyber assets in your ecosystem. However, querying such depth and breadth of visibility can be overwhelming and time consuming without a starting point. That’s why we’ve created the Insights Dashboards for Incident Response.

 

Dashboard: Insights > IR - Cloud Instance/Workload Analysis

Imagine you’ve lost your keys somewhere inside your home. If you live in a studio apartment, looking for your keys will take you a lot less time than if you lived in an 18-room, two-story mansion. Similarly, when your digital environment spans multiple cloud service providers (CSPs) with several instances within them storing hundreds of thousands of entities, finding your “lost keys” can take you substantially longer than if your cloud operations were limited to one provider and a manageable number of instances and entities. With the Insights Dashboards for Incident Response, that’s all about to change.

JupiterOne’s new Insights Dashboard for IR - Cloud Instance/Workload Analysis puts all the information you need about any cloud instance or workload at your fingertips, including:

  • Resources connected to a specific instance or workload
  • The impact or blast radius of a compromised instance or workload
  • How resources are connected to the internet
  • Who has access to target resources
  • What data stores the instance or workload has access to
  • What problems or configuration issues exist in any instance or workload
  • And much more

In a matter of seconds, you can navigate through this valuable data in traditional list format or by interacting with the JupiterOne graph viewer. Drill down and visually analyze the connections between resources in your cloud instances or workloads.

2_1_IR - Cloud Instance-Workload Analysis 2_2_IR Cloud Instance-Workload Analysis

If you leverage a multi-cloud strategy, JupiterOne lets you toggle between your cloud environments without having to use a different tool, log out and log back in, or even change dashboards. Simply enter a different query variable — such as host name, instance ID, or IP address — without leaving the dashboard, and immediately get updated insights on any instance or workload, be it in AWS, Azure, or Google Cloud. The new query variable automatically appends to the dashboard’s URL, giving you and others a direct way to access that specific instance or workload’s dashboard anytime in the future. Include the link in your ticketing system or incident report and make it easy to collaborate with fellow incident responders on your team.

Optimizing your incident response wouldn’t be complete without giving you this same level of in-depth analysis for your endpoints. Fortunately, we have a new dashboard for that as well. 

 

Dashboard: Insights > IR - User Endpoint Blast Radius

Now you know that, no matter how many rooms you have in your digital “mansion”, finding your “lost keys” doesn’t have to be a hassle. But what if you knew for a fact that you left them somewhere specific and that, since they’re no longer there, someone must’ve taken them or placed them somewhere else? You would probably also want to know if this key thief took or moved other things around, who let them into your home, and what rooms they entered. Or more importantly … did they sit on your favorite chair?! This calls for an investigation.

The same goes for the security investigations in your digital environment. JupiterOne’s new Insights Dashboard for IR - User Endpoint Blast Radius lets you visualize the impact and scope of exposure of any specific endpoint. This dashboard allows you to quickly understand everything that an endpoint has access to, determine how it is connected to other users, accounts, endpoints, and applications, and see findings and problems related to that endpoint that you may need to address.

2_IR - User Endpoint Blast Radius

Both dashboards are included in the latest version of the JupiterOne platform. Take advantage of them today so you can:

  • Get to the bottom of any security investigation - Drill down on any specific endpoint, instance, or workload to find answers to specific questions that can help you solve any security investigation.
  • Accelerate your incident response times - Save valuable time by accessing all the pertinent information about any instance or workload in one place, no matter what major cloud provider or providers your infrastructure is built on.
  • Uncover new risks - See how all cyber assets in your endpoints, instances, and workloads are related to each other to reveal suspicious connections, out-of-policy access rights, and other security risks.  


Want to learn more? Check out this brief demo video of the new Insights Dashboards for Incident Response or request a demo to speak with a JupiterOne representative today.

 

avatar

Posted By Ale Espinosa

Ale is JupiterOne’s VP of Product Marketing and Partnerships. With over 20 years of experience in high-tech marketing, including a decade in cybersecurity, Ale has navigated the alphabet soup of infosec acronyms throughout her career, including EDR/XDR, DFIR, SIEM, UEBA, SOAR, AI/ML, and now, CAASM. When she’s not in front of her laptop drafting go-to-market plans, Ale can be found walking on the beach, hiking local trails, or obsessing about green tea, audiobooks, philosophy, and ‘80s music.

PREVIOUS ARTICLE