Proactively assessing your organization’s vulnerability to threats requires piles of spreadsheets, dozens of hours poring over cloud security groups, and assembling snapshots of your entire environment. Even then, the confidence in your results is shaky. The steps and time required to capture detailed metadata of your environment, map the relationships between resources, and ensure the use of the most up-to-date data are some of the reasons assessing your attack surface takes significant time and effort and leaves potential gaps in confidence.
“Manual threat modeling, regardless of the analyst’s diligence, is prone to errors,” highlighted Zack, who heads up security at Aver Inc., the industry leader in value-based healthcare technology. “On the flip side, there is little appetite for errors when it comes to this sort of analysis.”
Threat modeling, though, is something security teams should prioritize and complete routinely. So, finding efficiencies and reliability in such analysis is critical, especially when considering the complexity of the analysis increases exponentially as your company grows.
Zack and the security team at Aver sought to reduce the burden of work required to perform threat analysis, without sacrificing the reliability of their takeaways. They then generated a detailed report for the senior management team to review.
Before leveraging JupiterOne to model threats or assess the risk of similar data breaches, Aver used JupiterOne’s automated resource identification, classification, and centralization to spot stale resources across their environment. Improving cloud hygiene drastically reduced noise in the data.
Once the data was up-to-date, Zack used JupiterOne to model threats and build reports.
Organizations leveraging the cloud are often surprised how resources living in the same ecosystem are siloed from each other. This complexity results in difficulty when it comes to understanding the scope of an organization’s environment.
Combining JupiterOne’s graph model with deep integrations with dozens of cloud services provides the Aver security team with clear cloud visibility. In addition, exposing vulnerabilities for remediation is simplified because the analysis occurs in one place rather than assembling reports from various places.
Confidence in the data you’ve assembled requires accuracy and detail. These details live in the metadata of resources – configurations, settings, permissions, etc. Without a tool, a security analyst must pore over security groups and policies, assess relationships between resources and assemble concise takeaways. Unfortunately, human involvement at this level is prone to mistakes as oversights can occur without notice.
Security teams must present accurate and reliable information to senior leadership. But, unfortunately, the stakes are simply too high when it comes to assessing your organization’s attack surface.
The Aver security team turns to JupiterOne, which routinely pulls the specific metadata and relationship details regarding their environment. As a result, Zack and his team can be confident that the picture they see is complete, accurate, and up-to-date.
Along with the analysis, security teams own the deliverable of a detailed report that highlights their organization’s security posture.
Unfortunately, building reports is painfully tedious. Rarely can reports be templatized because the analysis and takeaways are unique to each situation. That means creating visualizations and detailing analysis begins from scratch more often than not.
“A tool like JupiterOne is critical to completing a robust threat analysis,” said Zack.
The increased coverage around large-scale public data breaches has increased executive scrutiny on their own environments.
When a major breach hits the news cycle, senior management’s eyes shift towards security and IT teams. The question is simple: are we vulnerable to the same sort of attack? Unfortunately, the answer to that question can be elusive. Not because the data doesn’t exist. The challenge security teams face is that the data exists, mixed into a haystack of complex relationships.
For Zack, as is the case with most security teams, report requests assessing his own organization’s susceptibility to similar attacks occur regularly. “I would say news of large public data breaches happens once a quarter, with smaller requests occurring monthly – both of these require assessments of our own risk.”
With the demands for post-breach analysis and reliable threat modeling not going away, how can security teams assess their risk exposure to similar attacks when environments cover dozens of services and tools?
The insights Aver derives from JupiterOne regarding their environment rely on queries of data and relationships. These queries provided by JupiterOne offer a universally reliable and flexible way to view their environment.
Following the recent, largely publicized CapitalOne data breach, Zack reached out to the JupiterOne team and asked, “Is there a single query I can run to assess my organization’s risk to similar attacks as a result of overly broad permissions?”
Within a few hours, a query was assembled and distributed, allowing companies who use JupiterOne to ask the simple question: is my environment exposed to vulnerabilities similar to the Capital One data breach? In addition, this query can produce a complete list and relationship view of any critical resources that need to be addressed – in seconds.
Increasing the reliability of threat modeling and reducing the time and effort to assemble the reports directly impacts Zack’s and the security team’s operational efficiency. Robust analysis happens quickly through JupiterOne without disrupting the organization, and provides the detail and insights needed to present confidently to the leadership team.
In 2020, the Indeed leadership team saw an opportunity to innovate and mandate a company-wide strategy: Indeed would migrate its business infrastructure from data centers into a cloud-first environment. The goal was to transition to a 100% multi-cloud environment to better scale and support their changing business and customer needs.
Daniel leads the company’s asset and attack surface management program. His team is actively responsible for securing all cloud resources, physical devices, and SaaS applications that process sensitive financial and customer data across the online brokerage.
Sean Cooper joined LiveIntent three years ago to help build out their security program. As the company grew, and the security challenges evolved, Sean found that the security team needed better visibility into their environment and a better process for managing incident responses, audits, and day-to-day security operations.