The Devil's in the (Meta) Details

by

Security Confidence & Data Reliability

Whether you are gathering evidences for SOC 2 Type II or just doing some vulnerability analysis and reporting, data reliability is critical. Your confidence in your security posture is proportionally tied to your confidence in the data you have gathered.

For most organizations, there is a smooshy, gray area that exists. Why? Complete snap shots require assembling data from numerous locations over a period of time. This process is prone to errors because of its manual nature. These snap shots also only represent a single point in time.

Moving from a point to a vector

Math analogies aside (don't worry, there are more), security assurance takes place when an organization moves beyond the limit of measuring their security posture at a point in time to looking at their posture over time, confidently.

<img src="https://info.jupiterone.com/hubfs/Imported_Blog_Media/Time.png" width="258" height="113" alt="" data-uniqueid="67685-174360" data-guid="https://jupiterone.com/wp-content/uploads/Time.png" data-path="Time.png" data-width="800" data-height="350" data-singlew="12" data-singleh="" data-crop="" data-fixed="">

Metadata Reliability

Both vulnerability management and compliance analysis depend on your teams ability to assess the configuration of your critical resources. All of those details (access, ownership, changes, etc.) live in the metadata of your environment and represent the actual state of what is going on.

When your team gathers a position of your configuration metadata, they can be completely confident in the takeaways of their analysis.

Metadata Over Time

As you routinely gather your resource metadata and configuration details, your team can begin to assemble a picture of what has been going on in your environment over time. The more frequent the data is collected, the more detailed the picture.

When this data collection is automated on a 30 minute or hourly cadence, it becomes easier to see changes in the states of your critical resources to see if there were periods of time where your environment was vulnerable to an attack.

Think about it in a context of compliance. If you go through SOC 2 each year, you have an annual data point highlighting that your resources and your greater environment are configured the way they should. But in between those 365 days, the state of your environment could have fluctuated considerably from less to more to less secure. At a 30,000 foot view, everything was great. From the trenches, however, it's a mystery.

And since attackers are often within an organizations for months before detection, it suggests more frequent assessments would catch those gaps sooner, leaving your exposed for less time.

Connecting Metadata on a Graph

Traditionally, insights are time intensive to gather. Even if your environment's metadata is regularly collected, context depends on the relationships between resources. A traditional list with fall way short and leave your team still scrambling to make sense of what is happening and why.

By connecting all of your resources on a graph of your environment, however, you are able to bring speed, or v, into the equation. The context is powered by the relationships between the resources and the relationships are mapped automatically on the graph.

The (Meta)Data You Need to Act Quickly

Knowing what to do and how to prioritize your time is the ultimate challenge your team faces. By surfacing change and context, you can quickly identify which actions take precedent from those that can wait. Leveraging your resource's metadata and the relationships between those resources will increase your security assurance.

JupiterOne Team
JupiterOne Team

The JupiterOne Team is a diverse set of engineers and developers who are working on the next generation of cyber asset visibility and monitoring.

Keep Reading

‘Type and go’ - New JupiterOne search bar enhancements
October 30, 2023
Blog
‘Type and go’ - New JupiterOne search bar enhancements

JupiterOne aggregates and normalizes data from hundreds of different sources so you can identify and triage security risks easily.

Identify and eliminate endpoint device security gaps using the new JupiterOne Unified Device Matrix
October 6, 2023
Blog
Identify and eliminate endpoint device security gaps using the new JupiterOne Unified Device Matrix

It seems like a simple question. “Are any of our deployed user endpoint devices missing an endpoint detection and response agent?”

Why Better Asset Visibility Matters in Cybersecurity | JupiterOne
August 30, 2023
Blog
Back to basics: Why better asset visibility matters in your security program

At the most basic level of the Incident Response Hierarchy, security teams must know the assets they are defending.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.