JupiterOne & Reddit at RSAC

By

Last week, LifeOmic CISO and JupiterOne Founder Erkang Zheng spoke with Reddit CISO Sean Catlett at RSA Confererce 2020.

The topic, Continuous Security and Governance in the Cloud Using a Graph-Based CMDB, dove into how Reddit uses JupiterOne's graph-based CMDB capabilities to be the foundation for its vulnerability management process.

Key Presentation Highlights

The more you can centralize and connect the data across your environment, the greater your understanding and the quicker you are able to detect and remediate vulnerabilities. By leveraging a graph-based CMDB that maps and maintains the relationships between resources instead of a traditional list-based approach, organizations are able to get on a more level footing with attackers, who are often in an organization's environment for weeks or months before being detected.

Sean and his team think of vulnerability management in 3 cycles:

  1. Detection, including the impacted Infrastructure (Packages) and Applications (Libraries)
  2. Reporting, including knowing what has been scanned and the progress of scans
  3. Remediation, including the Owners of specific resources and the Agreed SLAs to patching a vulnerability

Using a graph-based cloud CMDB has allowed Reddit to achieve a streamlined vulnerability management process. The visibility and centralization makes it easy for the team to prove the percentage of servers in production that are scanned daily, how many services/products exist in our organization, which EC2 instances are missing the correct tagging and who is ultimately responsible for those resources.

The data reliability improves accountability across the organization and ultimately results in less time needed to remediate vulnerabilities.

The Best Part

In response to one of the questions toward the end of the session, Sean highlighted that getting the resources into JupiterOne as their graph-based CMDB was only an undertaking of a couple of days. This applies to any organization leveraging Jupiterone.

Generally speaking, managed integrations with more than 2 dozens tools and nearly 3-dozen cloud services across AWS and Azure, organizations are able to lay the foundation for their security operations using a graph-based CMDB in a matter of hours versus months.

Listen or Read through the Session

Watch a complete recording of our session in the video above, or download the slides from the presentation here.

JupiterOne Team
JupiterOne Team

The JupiterOne Team is a diverse set of engineers and developers who are working on the next generation of cyber asset visibility and monitoring.

To hear more from the JupiterOne Team, get our newsletter. No spam, just the good stuff once or twice a month. Sign up below.

Keep Reading

What’s new in JupiterOne: Reducing time to value with the new Query Builder (Part 2)
February 6, 2023
Blog
What’s new in JupiterOne: Reducing time to value with the new Query Builder (Part 2)

The new JupiterOne Query Builder streamlines your querying experience by eliminating errors, simplifying query builds, and reducing time to value.

The top 10 questions that every engineering leader should be able to answer
February 2, 2023
Blog
The top 10 questions that every engineering leader should be able to answer

We polled some of our engineering leaders to see what it takes to succeed. In part two, we see if their answers align with the CISOs we talked to.

Identify compromised versions of Github using JupiterOne
January 31, 2023
Blog
Identify compromised versions of GitHub apps using JupiterOne

As a preventative measure, Github will be deprecating the Mac and Windows signing certificates used to sign Desktop app versions 3.0.2-3.1.2 and Atom versions 1.63.0-

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.