JupiterOne & Reddit at RSAC

by

Last week, LifeOmic CISO and JupiterOne Founder Erkang Zheng spoke with Reddit CISO Sean Catlett at RSA Confererce 2020.

The topic, Continuous Security and Governance in the Cloud Using a Graph-Based CMDB, dove into how Reddit uses JupiterOne's graph-based CMDB capabilities to be the foundation for its vulnerability management process.

Key Presentation Highlights

The more you can centralize and connect the data across your environment, the greater your understanding and the quicker you are able to detect and remediate vulnerabilities. By leveraging a graph-based CMDB that maps and maintains the relationships between resources instead of a traditional list-based approach, organizations are able to get on a more level footing with attackers, who are often in an organization's environment for weeks or months before being detected.

Sean and his team think of vulnerability management in 3 cycles:

  1. Detection, including the impacted Infrastructure (Packages) and Applications (Libraries)
  2. Reporting, including knowing what has been scanned and the progress of scans
  3. Remediation, including the Owners of specific resources and the Agreed SLAs to patching a vulnerability

Using a graph-based cloud CMDB has allowed Reddit to achieve a streamlined vulnerability management process. The visibility and centralization makes it easy for the team to prove the percentage of servers in production that are scanned daily, how many services/products exist in our organization, which EC2 instances are missing the correct tagging and who is ultimately responsible for those resources.

The data reliability improves accountability across the organization and ultimately results in less time needed to remediate vulnerabilities.

The Best Part

In response to one of the questions toward the end of the session, Sean highlighted that getting the resources into JupiterOne as their graph-based CMDB was only an undertaking of a couple of days. This applies to any organization leveraging Jupiterone.

Generally speaking, managed integrations with more than 2 dozens tools and nearly 3-dozen cloud services across AWS and Azure, organizations are able to lay the foundation for their security operations using a graph-based CMDB in a matter of hours versus months.

Listen or Read through the Session

Watch a complete recording of our session in the video above, or download the slides from the presentation here.

JupiterOne Team
JupiterOne Team

The JupiterOne Team is a diverse set of engineers and developers who are working on the next generation of cyber asset visibility and monitoring.

Keep Reading

How are CAASM and CSPM different? | JupiterOne
June 13, 2024
Blog
How are CAASM and CSPM different?

Comparing Cloud Security Posture Management to Cyber Asset Attack Surface Management

CAASM and IAM to Strengthen Your Security Posture | JupiterOne
June 5, 2024
Blog
CAASM and IAM to Strengthen Your Security Posture

Discover how CAASM and IAM can reduce security risks from over privileged accounts and inefficient user deprovisioning.

Next-Gen CMDB or Paradigm Shift? CAASM Leads the Way to Proactive Defense | JupiterOne
May 30, 2024
Blog
Next-Gen CMDB or Paradigm Shift? CAASM Leads the Way to Proactive Defense

CAASM empowers proactive defense by integrating internal insights and external threat visibility, enabling prioritization of critical cybersecurity risks.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.