A deep dive into cyber assets
Learn how cyber asset analysis is the catalyst for a modern cybersecurity program
Each digital “city” has assets like computers, servers, databases, cloud storage, software applications, data at rest and in motion - just like a real city’s buildings, roads, people, vehicles, and more.
Just like a city’s ongoing building renovations, zoning changes and traffic detours, nothing stays the same. Now, imagine trying to keep this city running smoothly, its citizens safe, and its infrastructure up to code. What if you didn’t have a reliable record of building permits? Or know whose car is permitted to park where?
Cybersecurity teams ask similar questions as they fulfill their mission to protect their organization from cyberattacks.
Asset visibility is essential
- The migration to the cloud, shadow IT, M&A activity, and incomplete CMDBs pose significant challenges for security and IT teams.
- Tracking cyber assets has become difficult, creating a dangerous cybersecurity risk.
- The lack of awareness about existing assets can lead to hidden security gaps and increased breach risks.
Asset device information lives in siloed tools like EDR, XDR, SOAR, and VM, making it difficult to determine whether your endpoint agent is deployed everywhere and whether all your assets are covered.
Before we get to the technology involved, let’s align on an important point: What is a cyber asset?
A closer look
Cyber assets: More than meets the eye
In a nutshell, a cyber asset is any physical or software-defined entity an organization uses to conduct its business.
Perception vs Reality
How people perceive cyber assets
Many organizations still look at cyber assets as just devices and users; things like laptops, workstations, servers, and the people to whom those devices belong to.
This view is particularly outdated for security teams as they design what needs to be protected in today’s post-digital transformation landscape.
Cyber asset categorization
Cyber assets can be categorized in many ways; the Cyber Defense Matrix provides a useful approach, defining cyber assets in the following categories:
Devices
Physical as well as software-defined, like laptops, phones, workstations, servers, hosts, and storage devices
Applications
The software that runs on top of devices, separate from operating systems and firmware, like business or web apps, serverless functions, micro servers, and APIs
Networks
Including protocols and channels that enable communication between applications and devices, like TCP/IP, DNS, VPCs, VPNs, or email and web gateways
Data
Information stored, transported, or used by devices, applications, and on the network, including databases, code repositories, and S3 buckets
Users
Identities that utilize the other asset classes, like employees, contractors, outside vendors, or service accounts
Context vs. asset lists
Equally vital to understanding asset categories is understanding how assets are interconnected. Organizations use assets together as part of systems to achieve business goals. In the mission to secure them, teams have to view them as an interconnected whole. It is important to know, at a glance:
- Who owns the asset?
- What else is the asset connected to?
- Where do I go for remediation?
- Is the asset vulnerable?
It’s gotten much harder to understand the scope, status and context of all cyber assets.
Making your asset (data) work for you
Thanks to the democratization of IT and adoption of new technologies, business applications and infrastructure can spring to life or be abandoned as needed – much like urban expansion, renewal, and decay.
Trying to collect and make sense of all this rapidly changing asset data is practically impossible.
The good news here is that all this asset data already exists. Data about the assets themselves, their relationships with all the other assets, findings, and configurations – it’s all available. Security teams just need help pulling together and organizing it all in order to operationalize it.
A cyber asset analysis platform centrally collects, connects, and analyzes this data and becomes the system of record for all security questions about cyber assets.
Remember those questions before? These platforms help you answer the essential questions of what assets you have, what's critical, who owns it and if it poses a risk to you, all in one place.
How is cyber asset analysis different?
Amidst a sea of point solutions working in a silo, cyber asset analysis platforms help security teams see the bigger picture.
The bigger picture
These platforms can spot patterns, detect anomalies, and measure compliance drift. They can see the smoke before the fire, allowing them to take proactive measures to mitigate cyber threats.
In short, cyber asset analysis provides the enterprise's eye in the sky, offering a panoramic view of the cyber threat landscape.
Cyber asset analysis takes you from “This server is vulnerable” to “This server, owned by Brad, is vulnerable, connected to a database with critical business data and has a path to the internet through an improperly configured firewall.”
The first requires investigation to determine what to do next. The second has clear action and direction. (Ah, that Brad, always causing trouble.)
This server is vulnerable
This server
owned by Brad
is vulnerable
connected to a database with critical business data
has a path to the internet through an improperly configured firewall
Unified cyber insights
The ‘holy grail’ of cybersecurity
What is the end goal of cyber asset analysis? It’s something we call unified cyber insights.
Modern security teams understand that the key to the strongest cybersecurity program is to first understand all of their assets, but lists of assets without context are meaningless.
Only with a robust cyber asset analysis platform can you bring unified cyber insights to your security program. Unified cyber insights come from the knowledge gained by cyber asset analysis and used to inform decisions about your environment, know where to place defensive measures, and guide future development.
These insights help security teams to identify hidden risks, prioritize remediation actions, and optimize the deployment of response actions and security tools.
Our vision
A strong foundation for a more secure future
Once you know what assets you have, and their context to the rest of the organization, your whole security program is strengthened - from vulnerability management to compliance management and more.
At JupiterOne, we feel uniquely qualified to share our vision of what a modern cyber asset analysis platform should look like. Why? Because our founder and CEO built JupiterOne from his struggles as a former CISO to answer those five fundamental questions that asset analysis platforms are built to answer.
Unified cyber insights involves leveraging the data and aggregating it, connecting the dots to provide contextual insights and an understanding of our environment.”
Trying to build a solution in-house for this universal cybersecurity problem took up too many resources. With so much at stake, there had to be a better way for security teams to know what they have and where to go, quickly, to remediate priority issues and prevent a breach.
This vision culminated into the launch of JupiterOne, backed by years of development work with some of the brightest engineers in the business.
Contextual understanding
Charting the course towards unassailable cybersecurity
We believe a detailed understanding of your assets and a comprehensive view of your cyber threat landscape leads to unified cyber insights, empowering enterprises to build robust cybersecurity defenses.
With this approach, it becomes a simple matter to find what you have by asking natural language questions of your cyber asset analysis platform, determine if any vulnerabilities or issues exist, assess the level of risk they present, and assign ownership to remediate the problem quickly.