JupiterOne & Reddit at RSAC

by

Last week, LifeOmic CISO and JupiterOne Founder Erkang Zheng spoke with Reddit CISO Sean Catlett at RSA Confererce 2020.

The topic, Continuous Security and Governance in the Cloud Using a Graph-Based CMDB, dove into how Reddit uses JupiterOne's graph-based CMDB capabilities to be the foundation for its vulnerability management process.

Key Presentation Highlights

The more you can centralize and connect the data across your environment, the greater your understanding and the quicker you are able to detect and remediate vulnerabilities. By leveraging a graph-based CMDB that maps and maintains the relationships between resources instead of a traditional list-based approach, organizations are able to get on a more level footing with attackers, who are often in an organization's environment for weeks or months before being detected.

Sean and his team think of vulnerability management in 3 cycles:

  1. Detection, including the impacted Infrastructure (Packages) and Applications (Libraries)
  2. Reporting, including knowing what has been scanned and the progress of scans
  3. Remediation, including the Owners of specific resources and the Agreed SLAs to patching a vulnerability

Using a graph-based cloud CMDB has allowed Reddit to achieve a streamlined vulnerability management process. The visibility and centralization makes it easy for the team to prove the percentage of servers in production that are scanned daily, how many services/products exist in our organization, which EC2 instances are missing the correct tagging and who is ultimately responsible for those resources.

The data reliability improves accountability across the organization and ultimately results in less time needed to remediate vulnerabilities.

The Best Part

In response to one of the questions toward the end of the session, Sean highlighted that getting the resources into JupiterOne as their graph-based CMDB was only an undertaking of a couple of days. This applies to any organization leveraging Jupiterone.

Generally speaking, managed integrations with more than 2 dozens tools and nearly 3-dozen cloud services across AWS and Azure, organizations are able to lay the foundation for their security operations using a graph-based CMDB in a matter of hours versus months.

Listen or Read through the Session

Watch a complete recording of our session in the video above, or download the slides from the presentation here.

JupiterOne Team
JupiterOne Team

The JupiterOne Team is a diverse set of engineers and developers who are working on the next generation of cyber asset visibility and monitoring.

Keep Reading

The Ultimate CAASM Guide for 2025 | JupiterOne
November 20, 2024
Blog
The Ultimate CAASM Guide for 2025

Discover how Cyber Asset Attack Surface Management (CAASM) is providing enhanced visibility of internal and external assets in 2025.

Introducing Continuous Controls Monitoring (CCM) | JupiterOne
November 7, 2024
Blog
Introducing Continuous Controls Monitoring (CCM)

CCM delivers real-time visibility, proactive risk management, and streamlined compliance for security.

Now Available: JupiterOne’s Public Postman Workspace | JupiterOne
October 31, 2024
Blog
Now Available: JupiterOne’s Public Postman Workspace

Explore JupiterOne’s Public Postman Workspace to streamline your workflows and enhance your security operations.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.