Kris’ team is a part of the broader Security Operations group at Indeed, a company that continuously innovates for their customers. The labor market has changed in the past few years. And it’s clear that the way we hire, work, and live has evolved across all industries.
Indeed recognizes that supporting companies as they continue to innovate their hiring practices and employee cultures has never been more important. Indeed’s company-wide mission is to continuously grow and innovate to better serve job seekers and employers around the world.
In 2020, the Indeed leadership team saw an opportunity to innovate and mandate a company-wide strategy: Indeed would migrate its business infrastructure from data centers into a cloud-first environment. The goal was to transition to a 100% multi-cloud environment to better scale and support their changing business and customer needs. This meant managing their growing number of cloud assets amidst the growing complexity.
“Indeed was going through a significant transformation as a company with the new multi-cloud migration. Security is one of the key initiatives in this change,” said Kris. The Cloud Security team recognized a challenge early in their cloud journey: centralized cyber asset inventory across their multi-cloud infrastructure and accounts. Andrew Bitson, Platform Security Engineer and part of the Cloud Security team at Indeed said, “We started our search for a solution like JupiterOne because we didn’t have a comprehensive view of our AWS cloud assets.”
“Cyber asset management is hard but it’s the key to doing anything well in security,” said Kris. “Although it’s fundamental to knowing what you have and where it lives — it’s a difficult problem to solve. Previously, we weren’t able to solve this problem with AWS native and other tools.”
The closest solution Indeed had to a centralized asset inventory was AWS Config. However, the Cloud Security team noted that AWS Config was an event-driven solution that only shared half of the story with limited telemetry. As the team assessed their cloud security posture and strategy, they realized that services like AWS Config, AWS GuardDuty, and AWS Systems were a good starting point; but these tools didn't offer a deep enough level of visibility and actionability across their growing AWS cloud footprint.
Kris saw an opportunity for his team to build an expansive cloud security program and securely support the company-wide strategy and journey to a cloud-first infrastructure. His team prioritized two objectives in their search for a cloud security platform: 1) gain complete visibility and inventory across all public cloud assets and 2) align their cloud posture with best practices like CIS Security Benchmarks and Compliance.
The Indeed Cloud Security team identified their cloud compute instances as critical cloud assets they needed to secure as the business migrated and scaled up to a multi-cloud infrastructure. Compute instances enabled teams and customers to access Indeed’s products and boost productivity.
The Cloud Security team took a proactive approach to managing their growing number of compute instances with JupiterOne through asset categorization, business unit tagging, and monitoring to better segment and improve reporting on security efforts. For example, they created rules to continuously monitor and alert on any new compute instances and check if the cloud asset had security coverage. At Indeed, an EDR agent must be enabled for any compute instance for better security. “JupiterOne’s continuous monitoring of assets enables me to quickly identify non-compliant deployments, as well as work with other teams to correct insecure applications in the cloud,” said Andrew. Every team across the business could now pull reporting instantly and benchmark their compute instance security over time.
“As a leader, I need to be able to provide answers to the questions that our board is asking about our cloud security posture,” said Kris. “I want to be able to share that these are the CIS frameworks and measurements we’ve built into JupiterOne for all cloud assets. Additionally, I want to share with the executive leadership and board that this is how our organization aligns with our cloud security strategy and business metrics.”
With JupiterOne, Indeed is now able to measure and report on the cloud security coverage of each business unit within the organization and benchmark their efforts over time. The ideal state is to delegate all of Indeed’s business units to work towards 100% protection across known and unknown cloud assets. The ability to share important security and benchmarking data across teams empowers them to continuously improve and fix the gaps based on the CIS metrics that Indeed has committed to. Continuous monitoring simplifies security and allows all reporting to be rolled up and shared via JupiterOne’s queries, visualizations, and Dashboards.
Besides the Cloud Security team, the Incident Response (IR) team at Indeed has also found value in the JupiterOne platform. JupiterOne empowers the Incident Response team to gain instant visibility across AWS cloud accounts without being subject matter experts in cloud infrastructure or cloud security. The IR team uses JupiterOne’s powerful graph database and visualization to understand unique insights like relationships across all assets to accelerate their workflows. They can immediately see what set off a CrowdStrike alert related to an impacted or risky AWS cloud asset. The IR team can also see the full blast radius of any asset — what it was connected to, who owned it, and any potential misconfigurations.
“Instead of our teams culling through various AWS services and systems, they can quickly disseminate the full blast radius of any cloud asset through JupiterOne’s powerful graph visualization,” said Kris. “It’s all there and centralized in JupiterOne and gives them that holistic view that they need to expedite their workflows and processes.”
At Indeed, JupiterOne’s value continues to grow as more teams including Cloud Foundations and Compliance scale up the platform.
JupiterOne’s platform empowers Indeed’s teams to achieve complete asset inventory, as well as visibility and actionability across their organization's growing number of cloud assets. JupiterOne’s platform centralizes, normalizes, and makes their entire multi-cloud environment and data queryable. The entire Indeed team gained a holistic view of all the asset relationships and growing attack surface within JupiterOne’s graph database. JupiterOne is the platform Indeed needed to be successful within their Cloud Security and the Cloud Center of Excellence teams and their initiatives.
“One of the biggest selling points for my team and business is that I can solve asset management for AWS right now with a single purchase of the JupiterOne platform,” said Kris. “With continuous monitoring, I can now see everything and any new cloud asset that comes up between our automated scanning and alerts. I also see JupiterOne as an operational tool. We have some existing tools that overlap with what JupiterOne’s platform does but they CAN NOT do what JupiterOne does.”
Andrew added “Out of all the solutions that we evaluated, we appreciated JupiterOne’s focus on showing all relationships across all assets. With JupiterOne, we now see how everything is connected. This is a huge bonus and win for Indeed’s overall cloud posture and assessment.”
In the long-term Kris believes that JupiterOne will become a centralized repository for all things cloud that teams need. JupiterOne’s platform will be the centralized repository across all assets at Indeed and will provide a holistic picture of the entire tech stack.
The Mercury Financial team established complete cyber asset visibility and were able to reallocate their time and resources to create automated, streamlined processes that maintained PCI compliance and identified vulnerabilities.
Daniel leads the company’s asset and attack surface management program. His team is actively responsible for securing all cloud resources, physical devices, and SaaS applications that process sensitive financial and customer data across the online brokerage.
Sean Cooper joined LiveIntent three years ago to help build out their security program. As the company grew, and the security challenges evolved, Sean found that the security team needed better visibility into their environment and a better process for managing incident responses, audits, and day-to-day security operations.