Case Study:  Auth0 Reduces Third-Party & Cloud Asset Risk with JupiterOne

by

Auth0 helps enterprise companies solve the most complex, large-scale identity use cases with its extensible and developer-friendly solution. To get to that level of scale and safeguard billions of login transactions each month, they have grown their cloud and cyber assets significantly to meet customer needs.

Auth0 Security Engineering Team Story

The Auth0 product team built an in-house solution on AWS Neptune to understand their growing number of cyber assets. They needed a solution that could help them understand the relationships between those assets and possible vulnerabilities. This was an extremely challenging and time-intensive project. Ultimately, the Auth0 team decided to look for an alternative solution to help manage their growing cloud asset complexity. Their choice of platforms was JupiterOne

George Vauter, Staff Security Engineer at Auth0 shared, “From a cloud security perspective, JupiterOne is the primary platform we use to anchor our asset management program now. JupiterOne brings all of our cloud assets, their configurations, and vulnerabilities into one platform. The team can prioritize issues and understand the impact quickly across all of our assets.”

Auth0 Security Challenges

Auth0's security engineering team focused on three priorities.

1) Visibility and response
  Siloed vulnerability management tools hampered visibility and response

2) Vulnerability inheritance
   Limited understanding of the impact of vulnerability inheritance

3) Third-party risks and permissions
  Unknown third-party risks and permissions to their AWS environment

Auth0 results with JupiterOne

Complete understanding and ability to prioritize issues across their assets.

With the consolidated view of their disparate security and IT tools, they were able to load context from their vulnerability assessment tools (AWS, Rapid7, GuardDuty, Bugcrowd, and more) into JupiterOne’s Graph View, a graph-based visualization tool showing connections and context between all cyber assets. The security team was able to see issues sooner and take actions in a more pragmatic approach.

Reduced third-party asset exposure across their entire cloud environment.

Vauter shared that, “All our third-party entities and potential risks were discovered by JupiterOne.” The Auth0 team created J1QL queries to analyze all AWS IAM roles used by third parties. They were able to answer questions such as, "Do we unknowingly grant outside entities (e.g., third-party consultants, partners, etc.) access to our AWS environment? Who are the third parties that have access to our environment?"

Conclusion

Building in-house solutions to manage the complexity of modern cybersecurity issues is difficult. Keeping up with technology expansion and tracking vulnerabilities within those systems takes a full time staff of knowledge experts and engineers. After trying to “roll their own” solution, Auth0 chose the JupiterOne platform because of the ability it provides to automate the finding, tracking, monitoring, and prioritization of issues across all their cyber assets.

Read the full case study to learn how Auth0 gained complete understanding of their third-party risks, while achieving end-to-end cloud security monitoring.
We would like to help you do the same.

Jennie Duong
Jennie Duong

Director of Product Marketing at JupiterOne. Eternal cynic and privacy advocate. Prior to JupiterOne, Jennie spent the past three years living, traveling, and working abroad across 25+ countries. She consulted and advised for several B2B cybersecurity and cloud startups.

Keep Reading

‘Type and go’ - New JupiterOne search bar enhancements
October 30, 2023
Blog
‘Type and go’ - New JupiterOne search bar enhancements

JupiterOne aggregates and normalizes data from hundreds of different sources so you can identify and triage security risks easily.

Identify and eliminate endpoint device security gaps using the new JupiterOne Unified Device Matrix
October 6, 2023
Blog
Identify and eliminate endpoint device security gaps using the new JupiterOne Unified Device Matrix

It seems like a simple question. “Are any of our deployed user endpoint devices missing an endpoint detection and response agent?”

Why Better Asset Visibility Matters in Cybersecurity | JupiterOne
August 30, 2023
Blog
Back to basics: Why better asset visibility matters in your security program

At the most basic level of the Incident Response Hierarchy, security teams must know the assets they are defending.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.