What are cyber assets?

A cyber asset includes anything at an organization, physical or software-defined components, that comprise part of the organization’s attack surface.
Cyber assets continue to grow as enterprises adopt cloud solutions more broadly. While this expansion is essential for doing business in an increasingly distributed business environment, cyber assets represent opportunities for malicious actors to compromise an enterprise.

Cyber assets can be classified in many ways. JupiterOne classifies cyber assets using the following categories:

- Devices
- Networks
- Data
- Users
- Findings
- Policy

Findings and policies are slightly different and can be considered as cyber asset attributes.

What does software-defined mean?

A software-defined component is anything in the organization that’s managed, controlled, or improved by software. In a software-defined environment, software carries out activities that in the past may have been performed by hardware. Another way to describe a software-defined environment is virtualization.

What is the difference between a cyber asset and a critical asset?

Critical assets are a subset of cyber assets, defined by the individual organization as essential to maintaining operations and fulfilling the organization’s mission. If the confidentiality, integrity, or availability of a critical asset is compromised, it will result in significant business consequences.

What are some examples of cyber assets?

Cyber assets have grown more diverse as technology has evolved. Using the categories mentioned above, here are some examples of cyber assets:

Devices
- Computers
- Mobile phones
- Printers
- IoT devices
- Virtual machines
- Cloud hosts

Networks
- Network interfaces
- IP addresses
- Firewalls
- Gateways
- Domains
- Certificates

Applications
- Functions
- Modules
- Pull requests
- Repositories

Data
- Images
- Disks
- Records
- Tasks
- Data stores

Users
- People
- Groups
- Access roles

Findings
- Alerts
- Results
- Incident data
- Threat intelligence
- Vulnerabilities

Policies
- IAM policies
- Controls
- Configurations
- Requirements
- Rulesets

Related Topics
Cyber asset management
Cyber asset attack surface management (CAASM)
Cloud asset management
Critical assets

Stay Connected

Subscribe to the latest JupiterOne news

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Recommended resources

Datasheet
CSPM Datasheet | JupiterOne + AWS
Report
The 2023 State of Cyber Assets Report
Datasheet
CAASM Datasheet | JupiterOne
Report
Forrester | Total Economic Impact of JupiterOne
eBook
The Cyber Defense Matrix
Video
CEO Erkang Zheng answers 5 critical cybersecurity questions for organizations