Case Study:  Auth0 Reduces Third-Party & Cloud Asset Risk with JupiterOne

By

Auth0 helps enterprise companies solve the most complex, large-scale identity use cases with its extensible and developer-friendly solution. To get to that level of scale and safeguard billions of login transactions each month, they have grown their cloud and cyber assets significantly to meet customer needs.

Auth0 Security Engineering Team Story

The Auth0 product team built an in-house solution on AWS Neptune to understand their growing number of cyber assets. They needed a solution that could help them understand the relationships between those assets and possible vulnerabilities. This was an extremely challenging and time-intensive project. Ultimately, the Auth0 team decided to look for an alternative solution to help manage their growing cloud asset complexity. Their choice of platforms was JupiterOne

George Vauter, Staff Security Engineer at Auth0 shared, “From a cloud security perspective, JupiterOne is the primary platform we use to anchor our asset management program now. JupiterOne brings all of our cloud assets, their configurations, and vulnerabilities into one platform. The team can prioritize issues and understand the impact quickly across all of our assets.”

Auth0 Security Challenges

Auth0's security engineering team focused on three priorities.

1) Visibility and response
  Siloed vulnerability management tools hampered visibility and response

2) Vulnerability inheritance
   Limited understanding of the impact of vulnerability inheritance

3) Third-party risks and permissions
  Unknown third-party risks and permissions to their AWS environment

Auth0 results with JupiterOne

Complete understanding and ability to prioritize issues across their assets.

With the consolidated view of their disparate security and IT tools, they were able to load context from their vulnerability assessment tools (AWS, Rapid7, GuardDuty, Bugcrowd, and more) into JupiterOne’s Graph View, a graph-based visualization tool showing connections and context between all cyber assets. The security team was able to see issues sooner and take actions in a more pragmatic approach.

Reduced third-party asset exposure across their entire cloud environment.

Vauter shared that, “All our third-party entities and potential risks were discovered by JupiterOne.” The Auth0 team created J1QL queries to analyze all AWS IAM roles used by third parties. They were able to answer questions such as, "Do we unknowingly grant outside entities (e.g., third-party consultants, partners, etc.) access to our AWS environment? Who are the third parties that have access to our environment?"

Conclusion

Building in-house solutions to manage the complexity of modern cybersecurity issues is difficult. Keeping up with technology expansion and tracking vulnerabilities within those systems takes a full time staff of knowledge experts and engineers. After trying to “roll their own” solution, Auth0 chose the JupiterOne platform because of the ability it provides to automate the finding, tracking, monitoring, and prioritization of issues across all their cyber assets.

Read the full case study to learn how Auth0 gained complete understanding of their third-party risks, while achieving end-to-end cloud security monitoring.
We would like to help you do the same.

Jennie Duong
Jennie Duong

Director of Product Marketing at JupiterOne. Eternal cynic and privacy advocate. Prior to JupiterOne, Jennie spent the past three years living, traveling, and working abroad across 25+ countries. She consulted and advised for several B2B cybersecurity and cloud startups.

To hear more from Jennie, get our newsletter. No spam, just the good stuff once or twice a month. Sign up below.

Keep Reading

What’s new in JupiterOne: Reducing time to value with the new Query Builder (Part 2)
February 6, 2023
Blog
What’s new in JupiterOne: Reducing time to value with the new Query Builder (Part 2)

The new JupiterOne Query Builder streamlines your querying experience by eliminating errors, simplifying query builds, and reducing time to value.

The top 10 questions that every engineering leader should be able to answer
February 2, 2023
Blog
The top 10 questions that every engineering leader should be able to answer

We polled some of our engineering leaders to see what it takes to succeed. In part two, we see if their answers align with the CISOs we talked to.

Identify compromised versions of Github using JupiterOne
January 31, 2023
Blog
Identify compromised versions of GitHub apps using JupiterOne

As a preventative measure, Github will be deprecating the Mac and Windows signing certificates used to sign Desktop app versions 3.0.2-3.1.2 and Atom versions 1.63.0-

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.