Understanding and accelerating Cybersecurity Mesh Architecture

by

Cybersecurity Mesh Architecture (CSMA) is an approach that aims to provide modular design for security with shared data and control plane interoperability across security product silos, enabling hybrid security products to work together. In effect, CSMA gives up on platforms and centralized product silos and advocates for interoperability and integrations. However, this approach is no different than what the security industry has been dealing with for years: complexity. 

CSMA isn’t a product, it is not a thing you can buy off-the-shelf. Like Zero-Trust and other coined buzzwords, CSMA advocates for security products to work together, and at JupiterOne we agree. More open APIs, simplified ways to publish and subscribe to changes in the security environment, and simplified visualization and consumption models for security state are a core part of our roadmap. Our product thrives on complex integrations and making those simpler by applying graphed relationships between assets in the environment. If CSMA leads more customers to push for integrations between products we are supportive.

JupiterOne is a CSMA accelerator. We believe the only way you can truly mesh your security controls is by knowing what assets you have and the controls applied to your environment. This starts with asset management and the insights you have to have about your security capabilities. You need to know if they are fully deployed, up-to-date, and connected to your operations. 

How is JupiterOne a CSMA accelerator?

Any enterprise seeking to employ Cybersecurity Mesh Architecture will likely be concerned with reducing complexity and increasing the efficiency of its security operations. JupiterOne is uniquely positioned to help accelerate this transformation in several areas.

Adoption of CSMA - Know what you have

In defining an architectural mesh of data, identity, policy, and controls, the natural first questions are: 

  • What do I have? 
  • How does it work together? 
  • How does it not? 
  • What are my gaps? 

JupiterOne answers these questions easily via over 180 integrations. Modular design means that products should be able to be swapped, added, removed, or changed but the same security outcome should be achieved. Without a layer of assurance that the same control objectives are being met, CSMA would just be the current architecture of ‘expense-in-depth.”

Improving security integration outcomes

Utilizing a relationship-first, not list-first approach to your security integrations, it is faster to gain key insights into data that is missing, duplicated, out of date, or misaligned. This helps work back to the source of the information and get it cleaned, deduplicated, normalized, and performant, ensuring you aren’t wasting your most precious resource - the efforts of your team.

Single-pane-of-engagement (not glass)

Having an API-first technology partner like JupiterOne means you can integrate JupiterOne data in with where you want your architects, analysts, engineers, and responders to be working - in their workflow. Slack, Jira, SOAR solutions, and even custom-built tools can be enabled and enriched with JupiterOne data. 

Does JupiterOne have dashboards? Of course, but those can be easily copied, formatted, and embedded into where your team does its work. Only use JupiterOne’s dashboards when it makes sense for you.

Abstraction as a superpower

One of the key challenges to a hybrid environment is the taxonomy of security tools. Information security policies are often not consistent, which leads to mistakes in translation between your policy objectives and the technologies that implement them. 

Leveraging abstraction, JupiterOne creates a digital twin for thousands of entities in data and security products, and automatically maps the relationships between these entities. This enables simple queries to be asked repeatedly across the entire architectural stack, and as tools are added or removed, the same standards are achieved.

Broad insights

Having a visualization layer sitting above the many dashboards available within security siloed solutions, which is also completely customizable and API-driven, provides a layer of abstraction that meets the design goals for CSMA. Adding or removing security products should not change your entire workflow or visualization. Consistency and transparency is confidence in security and being able to clearly see if goals are being met should not require ‘swiveling your chair’ metaphorically between screens and tabs to get answers.

Layers of CSMA analytics

Insights for Cybersecurity Mesh Architecture come from horizontal layers. JupiterOne helps by illuminating various component design goals:

  • Security analytics: Know that your security tools are applied to the assets you believe they are, are up-to-date, and are operational. Find gaps quickly and trigger workflows for people to fix when a drift occurs, not after an incident occurs.
  • Identity analytics: Knowing the IdP, SaaS, local account, and key material issued to each of your users and their roles is achievable in CSMA only if you have the right partner integrating that data and tying the information to a user. Additionally, keeping consistent compliance questions answered across federated identity systems can only be done with the right integrations.
  • Policy and posture analytics: JupiterOne is a ‘write-once, use many’ technology partner that helps analyze infrastructure as code deployments, cloud design and posture issues, and identify key gaps quickly and consistently. By building relationships between environments and their risks, important actions that need to be taken are bubbled to the top and not buried.

Many top enterprises will likely explore employing CSMA in their environment. With broad integrations, visibility into cyber assets, and a wealth of analytics, JupiterOne can provide an invaluable boost to your CSMA adoption efforts.

Sean Catlett
Sean Catlett

Sean is the General Manager for EMEA at JupiterOne. Previously, Catlett served as Chief Security Officer at Slack and Chief Information Security Officer at Reddit. He also held senior leadership positions at some of the world’s largest financial institutions, including Fidelity Investments, Bank of America, and Barclays. Sean holds five U.S. patents in cybersecurity-related innovation. He is based in London, England.

Keep Reading

Now Available: JupiterOne’s Public Postman Workspace | JupiterOne
October 31, 2024
Blog
Now Available: JupiterOne’s Public Postman Workspace

Explore JupiterOne’s Public Postman Workspace to streamline your workflows and enhance your security operations.

Prioritizing Exploitable Vulnerabilities to Protect Your Business Critical Assets | JupiterOne
October 16, 2024
Blog
Prioritizing Exploitable Vulnerabilities to Protect Your Business Critical Assets

Vulnerability scanners flood teams with alerts, but CTEM helps prioritize based on exploitability and business impact, ensuring focus on the most critical threats.

How CTEM Prioritizes Critical Threats and Safeguards Your Most Valuable Assets | JupiterOne
October 9, 2024
Blog
How CTEM Prioritizes Critical Threats and Safeguards Your Most Valuable Assets

Learn how CTEM helps organizations reduce their attack surface, protect valuable assets, and stay ahead of attackers. Download our white paper to get started with CTE

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.