Every fire starts with a little spark; every journey begins with a single step…
Three years ago, I joined LifeOmic, the latest of three companies founded by successful serial entrepreneur Donald Brown, with the crazy idea of building a startup in a startup.
Two years ago, I started building JupiterOne with a core team of talented engineers — Phillip Gates-Idem, Charlie Duong, Austin Kelleher, Adam Williams, Carter Hesterman, Erich Smith, and David Fuller.
One year ago, we onboarded our first enterprise customer — Reddit — and were honored with the Firestarter award by 451 Research.
Today I am excited to announce that we have secured $19 million in funding to tackle the urgent need for cyber asset management and security. The Series A funding round was led by Bain Capital Ventures, with additional investment from Rain Capital, LifeOmic, and individual investors.
This is a very special moment and milestone and is a direct result of all of the hard work that the team at JupiterOne has put into the life of this project. It’s been a fun and challenging road and we’re proud to continue this journey forward with great vigor and excitement.
For those of you that might be new to JupiterOne and the project, we are a cyber asset management and security offering that comes from an actual need in an actual company. Unlike many startup technologies we didn’t come up with an idea and hope for a market. I was formerly the CISO at LifeOmic, a software company that leverages the cloud, machine learning, and mobile devices to offer disruptive solutions to healthcare providers. Before I was a CISO, I had led security practices at both Fidelity Investments and IBM Security. And I still remember the days if you could spell “firewall”, you were a security person…
In my own journey of cybersecurity and digital transformation, there were two questions that increasingly bothered me:
- First, I realized that as an organization, most of us don’t know ourselves all that well, despite the increasing number of IT and security tools that we continue to add to our operations. Why is knowing what I have and who owns it so hard?
- Second, organizations spend lots of time and effort to achieve compliance, yet we all know for a fact that compliance does not equal security. Why doesn’t compliance help us maintain security posture and why isn’t compliance more of a natural outcome of doing security correctly?
The answer to both of these fundamental questions is asset visibility. An asset, in today’s digital operations, is much more than just an endpoint or a device with an IP address. It is anything from an identity, an access policy, to a container, a workload, an application, a code repository, or even a process such as user awareness training. Visibility to an asset is more than just knowing the “what”, but also knowing the “so what” – specifically, how these assets are connected to one another.
I was appalled by the lack of solutions that could provide such visibility and discovery of cyber assets. Sure, there are technologies out there that would help me discover my endpoints, or visualize my cloud workloads, but why wasn’t there a solution that collected every software-defined asset and normalize them all into a single source of truth. With the help of a great team of engineers we set out to build this exact solution.
The encouraging part of the story is that technology has advanced to the point where it’s now feasible to automatically gather all of these resources and configurations together from a myriad of systems. A decade or so ago, that wasn’t possible. We couldn’t tap robust APIs from different data infrastructure providers. Now we can – all these infrastructure providers and Software-as-a-Service systems have APIs that makes this aggregation viable and practical.
Fast forward nearly two years and JupiterOne is now a stand-alone enterprise. We have 50 customers and 20 employees. We are growing leaps and bounds. With the recent funding round from Enrique Salem (he is joining our board too!) and Bain Capital Ventures, we are going to grow even faster.
In the last two years we’ve taken the vision for a better, stronger, easier to use cyber asset management system and begun the process of creating the “Google” for your cyber assets.
Today we support the ability to ask difficult questions and get easy to understand answers. Our relationship query and graph visualization engine make it possible to truly understand the contextual complexity among all of your assets. That’s the vision we are building!
Our customers, including Hashicorp, Reddit, Addepar, Databricks, and many others, are using JupiterOne’s platform to answer a broad range of questions. Many of them have made JupiterOne the foundation to their cyber operations and a required tool for their vulnerability management and incident response efforts. Knowing what’s in compliance and what’s not, getting alerted on cloud security posture and configuration drift, centralizing vulnerability management, automating security reviews during code deploys, improving threat hunting, and generating audit evidence are all directly supported in the JupiterOne platform.
“JupiterOne and its asset monitoring capability has become the foundation and the core to almost everything in our security operations. It is our one source of truth.”
This funding round is a recognition of the important work that we’re doing to provide businesses with data-driven, complete and contextual visibility across their entire range of cyber assets and system configurations. It’s a challenge the biggest enterprises and the smallest startups struggle with every day. Shooting in the dark is the worst defense strategy.
- Visibility of your global asset inventory:We offer visibility across cloud, human, and digital operations through direct integrations with dozens of providers and services. Our solutions automate the discovery, security, and compliance for your global cyber asset inventory.
- Threat and risk reduction:We allow you to ask questions of your inventory to discover unknowns, gaps and vulnerabilities at their source. This makes your data work for you, not the other way around with rapid querying of up-to-date asset data.
- Significant cash savings:Less is more. We reduce overall asset inventory costs and maintenance overhead with JupiterOne’s apps and technologies. This means doing more with fewer resources while lowering your costs.
- Achieve compliance quickly:We speed up evidence collection and enable continuous controls monitoring by mapping data to requirements. This helps customers satisfy compliance goals faster and more accurately than ever before.
Ultimately, our goal is to get our customers to the point where compliance is no longer a separate initiative but a natural outcome of doing security correctly. It’s a future whose time has arrived.
I am overjoyed to see that spark grow into the fire today; I am humbled to be surrounded with such an amazing team; and I am beyond excited to lead JupiterOne into the bright future that lies ahead!
Posted By Erkang Zheng
I envision a world where decisions are made on facts, not fear; teams are fulfilled, not frustrated; breaches are improbable, not inevitable. Security is a basic right.
I am a cybersecurity practitioner and founder with 20+ years across IAM, pen testing, IR, data, app, and cloud security. An engineer by trade, entrepreneur at heart, I am passionate about technology and solving real-world challenges. Former CISO, security leader at IBM and Fidelity Investments, I hold five patents and multiple industry certifications.
I am building a cloud-native software platform at JupiterOne to deliver knowledge, transparency and confidence to every digital operation in every organization, large or small.
To hear more from Erkang, get our newsletter. No spam, just the good stuff once or twice a month. Sign up below.
Subscribe to our newsletter!
Get updates from JupiterOne Mission Control
Fresh content and cool cybersecurity news alerts delivered to your inbox at least 2x a month! Just let us know where to send it.