Mission Control Blog

Discover how to advance your security program with the latest content from our community.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Blind Spots Turn Cybersecurity into a Big Data Search Problem
May 10, 2022
Blog
Blind Spots Turn Cybersecurity into a Big Data Search Problem

Orphaned assets are a familiar story for every cybersecurity professional. Like something out of a horror movie, these legacy devices lurk neglected, forgotten, and

  • CAASM
Where to Find the JupiterOne Team in May
May 6, 2022
Blog
Where to Find the JupiterOne Team in May

The JupiterOne team is excited to return to in-person events and share a drink or chat with you. May will be a great warm-up to the “Summer of JupiterOne,” a jam-pack

Third-party Code and Supply Chain Security Increase Complexity and Risk
May 6, 2022
Blog
Third-party Code and Supply Chain Security Increase Complexity and Risk

To paraphrase the tagline of Capital One’s credit card ads: What’s in your enterprise code? For many companies, the answer to that question has brought considerable

  • CAASM
JupiterOne Press Book Release: Reinventing Cybersecurity
May 3, 2022
Blog
JupiterOne Press Book Release: Reinventing Cybersecurity

Reinvention is certainly not a new idea, especially for cybersecurity practitioners who are continuously challenged to adapt to new threats, an expanding attack

Using JupiterOne to Find Unqualified Lambda ARNs Before They Cause a Production Outage
April 28, 2022
Blog
Using JupiterOne to Find Unqualified Lambda ARNs Before They Cause a Production Outage

A couple of months ago, we received the following email from AWS: Hello, You are receiving this email because AWS Lambda is making a change to the IAM policy

JupiterOne Adds Orca Security, Snyk, Qualys and Veracode Integrations to Expand Vulnerability Management Capabilities
April 28, 2022
Blog
JupiterOne Adds Orca Security, Snyk, Qualys and Veracode Integrations to Expand Vulnerability Management Capabilities

“Know what you have, focus on what matters.” That’s our mantra. While that usually directs people toward taking stock of their cyber assets, it also means that you

The Next-Gen Cloud Security Posture Management Guide | CSPM
April 28, 2022
Blog
The Next-Gen Cloud Security Posture Management Guide | CSPM+

Organizations are transitioning to the cloud at a rate faster than ever. As your company’s cloud presence grows, so does the importance of your cloud security posture

  • CAASM
  • CSPM
Ultra-reliable, Dynamic Network Architecture Demands Automated Security
April 26, 2022
Blog
Ultra-reliable, Dynamic Network Architecture Demands Automated Security

In the modern world, speed is everything. Customers demand constant innovation, while sudden market disruption makes agility essential for survival. To remain

  • CAASM
Cyber asset context is like six degrees of Kevin Bacon
April 19, 2022
Blog
Cyber asset context is like six degrees of Kevin Bacon

There are two converging problems for security operations resulting in a big flaming dumpster fire - the expanding modern attack surface and an ever-growing backlog

  • CAASM
Introducing Critical Assets - Building Blocks to Secure Your Cyber Asset "Crown Jewels"
April 14, 2022
Blog
Introducing Critical Assets - Building Blocks to Secure Your Cyber Asset "Crown Jewels"

Complete cyber asset inventory and visibility is foundational to any security program and strategy. We’ve written a number of pieces that share this sentiment

  • CAASM
  • SecOps
Empowering Security with Critical Assets & Connecting Business Context
April 14, 2022
Blog
Empowering Security with Critical Assets & Connecting Business Context

You’ve identified and collected all your cyber assets into one place. Now what? There are thousands, or even hundreds of thousands assets and potentially countless

  • CAASM
  • SecOps
Where to Find the JupiterOne Team in April
April 6, 2022
Blog
Where to Find the JupiterOne Team in April

After a busy start to 2022, April almost feels like we are taking a breather—a spring break, if you will. While April will be relatively quieter compared to the begin

Growing Security Skills Gap Calls for a New Approach to Training
April 5, 2022
Blog
Growing Security Skills Gap Calls for a New Approach to Training

As the scope of the cyber hygiene challenge outpaces the expert resources available, security teams are losing ground in the effort to protect their organization

  • CAASM
Expanding Attack Surface and Cybersecurity Alert Fatigue Hinder Cyber Hygiene Basics
March 29, 2022
Blog
Expanding Attack Surface and Cybersecurity Alert Fatigue Hinder Cyber Hygiene Basics

Cybersecurity alert fatigue is an issue that is long overdue for a real solution. The average cybersecurity team is facing a backlog of 120,561 findings and alerts

  • CSPM
  • CAASM
  • SecOps
How To Automate "Meeting Evidence" As Code
March 24, 2022
Blog
How To Automate "Meeting Evidence" As Code

Last month, Yvie Djieya wrote a blog post describing how JupiterOne’s security team manages “meeting evidence” as code. Yvie covered the difficulty of managing

  • SecOps
Introducing the 2022 State of Cyber Assets Report
March 22, 2022
Blog
Introducing the 2022 State of Cyber Assets Report

Complete cyber asset inventory and visibility is foundational to any security program and strategy. We’ve written a number of pieces that share this sentiment

  • CAASM
Why Security Practitioners Often Misjudge Risk to Cyber Assets
March 17, 2022
Blog
Why Security Practitioners Often Misjudge Risk to Cyber Assets

Digital transformation has created remarkable and irreversible growth in the cyber asset landscape. Each business shift towards digital workflows has yielded a steady

  • CAASM
Engineering Spotlight: Ben Johnson
March 15, 2022
Blog
Engineering Spotlight: Ben Johnson

There’s nothing better than hiring an engineer that takes true pleasure in solving highly complex, brain-bending problems. That’s what we saw when we talked to Ben

How We Generate a Software Bill of Materials (SBOM) with CycloneDX
March 9, 2022
Blog
How We Generate a Software Bill of Materials (SBOM) with CycloneDX

Generating a software bill of materials (SBOM) is no small feat. In this post, I’ll walk through the steps I used to generate our SBOM when Sounil Yu joined the

  • CAASM
  • SecOps
13 Resources for Cybersecurity Pros & How to Avoid Burnout
March 3, 2022
Blog
13 Resources for Cybersecurity Pros & How to Avoid Burnout

In this post, I’m sharing my favorite resources to stay on top of all the things cloud, security, and self-improvement—because mental well-being is crucial to success

  • CSPM
Where to Find the JupiterOne Team in March
March 2, 2022
Blog
Where to Find the JupiterOne Team in March

The saying goes, “March comes in like a lion, and goes out like a lamb.” While we all think lambs are adorable, there are no lambs here because the JupiterOne team is

JupiterOne Adds Microsoft 365, Salesforce, and Google Workspaces SaaS Applications to Integrations Ecosystem
March 1, 2022
Blog
JupiterOne Adds Microsoft 365, Salesforce, and Google Workspaces SaaS Applications to Integrations Ecosystem

JupiterOne has a much broader definition of cyber assets than other security vendors, covering more than just IP addresses, devices, and internet facing-assets.

How JupiterOne's DevOps Team Uses CAASM to Understand Service Coupling & Deployment Order
February 24, 2022
Blog
How JupiterOne's DevOps Team Uses CAASM to Understand Service Coupling & Deployment Order

In the current microservice landscape, there are more than enough automation tools and infrastructure as code (IaC) solutions to make deployments swift and effortless

  • CAASM
Democratizing Graph-Based Security: Introducing Starbase
February 23, 2022
Blog
Democratizing Graph-Based Security: Introducing Starbase

Security is a basic human right, but many security teams struggle to answer even seemingly basic questions about attack surface or blast radius due to poor visibility

  • CSPM
  • CAASM
  • SecOps
Launching Starbase: A New Open-Source Contribution from JupiterOne
February 23, 2022
Blog
Launching Starbase: A New Open-Source Contribution from JupiterOne

I started JupiterOne with two strong core beliefs that shape how to address the technical challenges I was facing and overall battles in the cybersecurity industry as

  • CSPM
  • CAASM
  • SecOps
Does Your CAASM Tool Capture Transitive Risk? It Really Should.
February 16, 2022
Blog
Does Your CAASM Tool Capture Transitive Risk? It Really Should.

You are likely familiar with the cybersecurity adage: “You can’t protect what you don’t know about.” It’s common-sense enough wisdom, but if we’re being honest, we

  • CAASM
J1 Spotlight: Patricia Arnedo, Software Engineer
February 14, 2022
Blog
J1 Spotlight: Patricia Arnedo, Software Engineer

Individuals in STEM are often described as innately methodical, detail-oriented, and curious. However, their creative, artistic qualities are the ones that make them

JupiterOne Press Releases New Book: Cyber Defense Matrix
February 10, 2022
Blog
JupiterOne Press Releases New Book: Cyber Defense Matrix

In a world where cybersecurity threats evolve and proliferate at dizzying speed, a confusing and disordered cybersecurity landscape makes it all too difficult to

  • CAASM
  • GRC
  • SecOps
Building a Healthy Cybersecurity Culture
February 9, 2022
Blog
Building a Healthy Cybersecurity Culture

Every company has a workplace culture and a security culture. Many people would define the former as “flexible PTO and cold brew on tap” (which, of course, is a gross

Case Study: Auth0 Reduces Third-Party & Cloud Asset Risk with JupiterOne
February 8, 2022
Blog
Case Study:  Auth0 Reduces Third-Party & Cloud Asset Risk with JupiterOne

Auth0 helps enterprise companies solve the most complex, large-scale identity use cases with its extensible and developer-friendly solution. To get to that level of

  • CAASM
  • SecOps
How JupiterOne's Security Team Manages "Meeting Evidence" as Code
February 7, 2022
Blog
How JupiterOne's Security Team Manages "Meeting Evidence" as Code

If you’re anything like me (which I hope you’re not), or let’s say if you’re anything like my mind, you spend 75% of your time overthinking. You reach for the closest

  • SecOps
JupiterOne Takes Home the Gold in Cybersecurity Excellence Awards
February 4, 2022
Blog
JupiterOne Takes Home the Gold in Cybersecurity Excellence Awards

We are honored to announce our company founder and Chief Executive Officer Erkang Zheng, named as Cybersecurity CEO of the Year-North America by the Cybersecurity

Introducing Compliance 2.0 - Compliance is the Byproduct of Great Security
February 3, 2022
Blog
Introducing Compliance 2.0 - Compliance is the Byproduct of Great Security

Many companies invest in compliance activities to follow various laws and regulations but not necessarily to improve their overall security posture. Whether you are

  • GRC
The OWASP Podcast: New Ideas. New Voices. New Hosts.
February 2, 2022
Blog
The OWASP Podcast: New Ideas. New Voices. New Hosts.

Eight years ago I took over the OWASP Podcast from Jim Manico, originator of the project. In that time 160 episodes have been published, with over 500,000 downloads

Where to Find the JupiterOne Team in February
February 2, 2022
Blog
Where to Find the JupiterOne Team in February

February is normally the big kick-off to the security conference circuit. Although the RSA Conference has been postponed to June, the JupiterOne team won’t be taking

2022 Lunar New Year Video Greeting from Erkang Zheng
January 31, 2022
Blog
2022 Lunar New Year Video Greeting from Erkang Zheng

As we prepare to celebrate Lunar New Year, we offer you a personal story of what the new year tradition means to Erkang Zheng, CEO of JupiterOne.

A Data Privacy Day Call to Arms: The Shared Responsibility to Protect Customer Data
January 27, 2022
Blog
A Data Privacy Day Call to Arms: The Shared Responsibility to Protect Customer Data

Today, millions of people worldwide are becoming aware of how their personal data is collected, shared, and monetized in our modern digital economy. Studies show that

  • CAASM
  • CSPM
  • GRC
CAASM for the Blue Team
January 27, 2022
Blog
CAASM for the Blue Team

Recently, life has been chaotic. For two years, events have shattered our perspective on what work, health, and community means to us. As we try to sleep through this

  • CAASM
  • CSPM
Introducing the AskJ1 Community
January 24, 2022
Blog
Introducing the AskJ1 Community

If you couldn’t tell from the video, we are so excited to launch the AskJ1 Community! By bringing together our users, team, and security professionals at large, we’re

Red Team, Go!
January 20, 2022
Blog
Red Team, Go!

As we continue to build our security teams at JupiterOne, we asked Kenneth Kaye, Security Automation Architect, to describe our Red Team approach, and Chasen

  • CSPM
  • SecOps
J1 Spotlight: Kenan Warren, Principal Software Engineer
January 18, 2022
Blog
J1 Spotlight: Kenan Warren, Principal Software Engineer

Engineers are the individuals who sit in the magical area between an exciting idea and a promising product in any organization. JupiterOne is lucky enough to have

25 On-Point Cybersecurity Conferences in 2022
January 12, 2022
Blog
25 On-Point Cybersecurity Conferences in 2022

Most security practitioners admit they spend their free time upskilling. Learning can occur in settings ranging from the practitioner’s home labs to security

Book Preview: What is a Modern Cyber Asset
January 11, 2022
Blog
Book Preview: What is a Modern Cyber Asset

On October 19, 2021, we published the book, "Modern Cybersecurity: Tales from the Near-Distant Future". This is an excerpt from a chapter by Sounil Yu.

  • CAASM
  • SecOps
Podcast:  The InfoSec Color Wheel with Jasmine Henry
January 10, 2022
Blog
Podcast:  The InfoSec Color Wheel with Jasmine Henry

We’ve all heard of “Red Teams” and “Blue Teams” when it comes to cybersecurity. But what about the “Purple Team”, the “Yellow Team” or the “Blue Team”. What are those

Rapid Response: Finding NPM libs 'colors' and 'faker'
January 10, 2022
Blog
Rapid Response: Finding NPM libs 'colors' and 'faker'

On January 9, 2022, journalist and researcher Ax Sharma wrote an article, "Dev corrupts NPM libs 'colors' and 'faker' breaking thousands of apps".

The 5 Most Common Questions About Cyber Asset Management
January 5, 2022
Blog
The 5 Most Common Questions About Cyber Asset Management

The cybersecurity forecast for 2022: More of the same—only worse. Yes, the sophistication of cyberattacks is growing by the minute. Unfortunately, so are the rewards

  • CAASM
  • CSPM
Best of 2021 - Downloads and Resources
January 4, 2022
Blog
Best of 2021 - Downloads and Resources

It's that time of year where I poll my friends to see what kind of cool downloads and resources they found in 2021. Hopefully, you'll see something you like.

Book Preview: Preparing your organization to adopt a security practice
January 3, 2022
Blog
Book Preview: Preparing your organization to adopt a security practice

On October 19, 2021, we published the book, "Modern Cybersecurity: Tales from the Near-Distant Future". This is an excerpt from a chapter by Yolonda Smith.

  • CAASM
  • SecOps
The Top 5 JupiterOne Articles from 2021
December 29, 2021
Blog
The Top 5 JupiterOne Articles from 2021

JupiterOne published hundreds of blog articles in 2021, including some by our friends in the community. We checked to see how the community voted "with its eyes" this

Understanding Suspicious Updates to AWS Managed Policies
December 28, 2021
Blog
Understanding Suspicious Updates to AWS Managed Policies

As you stand knee deep in the water watching waves form, you set your sights on the perfect one to ride into shore. “This is it!”, you think. “It’ll carry me to shore

  • CAASM
  • SecOps
Log4Shell Remediation Visibility with JupiterOne and Log4Shell_Sentinel
December 27, 2021
Blog
Log4Shell Remediation Visibility with JupiterOne and Log4Shell_Sentinel

If you’re neck-deep in Log4Shell remediation and wanting the assurance of an automated process to ensure your hosts are patched and stay patched, the following

Potential CloudFront/S3 takeover risks
December 23, 2021
Blog
Potential CloudFront/S3 takeover risks

We recently helped a customer identify some potential CloudFront/S3 takeover risks. You can find the details of the risk described in the article, "Simple Route53/Clo

  • CSPM
  • CAASM
  • SecOps
You're in our Hearts
December 22, 2021
Blog
You're in our Hearts 💜

2021 is coming to a close, so naturally, we’re feeling a bit sentimental about everything our community has accomplished this year. But without your support, we would

The Debate: Should You Build or Buy CAASM?
December 21, 2021
Blog
The Debate: Should You Build or Buy CAASM?

Should you build or buy a CAASM solution? It’s a valid question, especially in an ecosystem rich with open source and low-cost security tools. You don’t need

  • CAASM
Lessons from Log4Shell: Mapping Code Dependencies and Investigating Code Deployments
December 20, 2021
Blog
Lessons from Log4Shell: Mapping Code Dependencies and Investigating Code Deployments

Let me open by saying that If you are currently remediating the Log4Shell vulnerability in your environment, this article is not designed for you, although some thing

  • CAASM
CAASM Should Be an Early Security Investment in Every CISO's Playbook
December 15, 2021
Blog
CAASM Should Be an Early Security Investment in Every CISO's Playbook

It’s possible to improve your security posture on a shoestring budget. There are a growing number of open source tools for security and compliance, but there are also

  • CAASM
Rapid Response: Search for malicious discord tokens in the npm repository
December 14, 2021
Blog
Rapid Response: Search for malicious discord tokens in the npm repository

On December 8, 2021, our friends at jFrog published an article, "Malicious npm Packages Are After Your Discord Tokens – 17 New Packages Disclosed".

The 3 Biggest Challenges of Cyber Asset Management and How to Solve Them
December 14, 2021
Blog
The 3 Biggest Challenges of Cyber Asset Management and How to Solve Them

To protect your IT ecosystem, you need to know what's in it, but for a growing number of organizations, that’s easier said than done. According to the latest ESG

  • CAASM
  • CSPM
  • GRC
  • SecOps
Book Preview: Metrics that Matter - The business context of cyber risk management
December 13, 2021
Blog
Book Preview: Metrics that Matter - The business context of cyber risk management

On October 19, 2021, we published the book, "Modern Cybersecurity: Tales from the Near-Distant Future". This is an excerpt from a chapter by Keyaan Williams.

  • CAASM
Book Preview: Reinventing the Cybersecurity Workforce
December 9, 2021
Blog
Book Preview: Reinventing the Cybersecurity Workforce

On October 19, 2021, we published the book, "Modern Cybersecurity: Tales from the Near-Distant Future". This is an excerpt from one of the chapters.

This is some text inside of a div block.
This is some text inside of a div block.
This is some text inside of a div block.
This is some text inside of a div block.

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.

  • This is some text inside of a div block.
  • This is some text inside of a div block.
  • This is some text inside of a div block.
  • This is some text inside of a div block.
  • This is some text inside of a div block.