JupiterOne Cyber Asset Management Platform

Our main use case for JupiterOne  is as an asset catalog tool where we document all our assets that are integrated from different platforms such as Device42 , Qualys, Microsoft M365, and Defender. We are aggregating all our assets from different tools into JupiterOne .

A specific example of how we use JupiterOne day-to-day is being able to draw a network flow of how network traffic travels through the network, starting from the edge devices to the internal devices. We are also using JupiterOne to track assets that are being brought in and assets that are leaving the environment. Additionally, we are using JupiterOne as the source of truth for many other things that we are doing. Some of my other teammates in areas such as data are tapping into it for asset categorization.

JupiterOne has had a significant impact on our organization. Previously, when looking at security alerts, we would need to examine different tools separately. Now, we often take the IP address or the FQDN and input it into JupiterOne, which usually tells us what that asset is. We are ingesting data from places such as AWS , Azure , Device42 , Qualys, Defender, and Trend Micro. These are different tools that, on a good day without JupiterOne, we would have to look at separately to determine where a particular asset is. JupiterOne helps us aggregate all those things on one single platform, allowing us to quickly identify what environment that asset lives in and what type of asset it is.

One feature we also value is the ability to enter custom tags so we can create asset types or asset locations and detail who owns the asset. These features have positively impacted us at Landmark Information Group.

I think one of the best features JupiterOne offers is blast radius, being able to see assets that could be directly or indirectly affected by any cyber incident or to see how some assets communicate with other assets and some do not communicate with other assets. I also think it is easy to query assets and find assets using queries and build out graphs that often make it easy for us to drill down on certain types of assets or categories of assets.

The blast radius feature has helped our team because, in security operations, one of the first places we look when investigating an alert is JupiterOne. We might enter the IP address or the FQDN of the server to find out where it is, who owns it, and what it does. At that point in time, we identify other assets that might be in the same environment or the same place where that asset lives, which helps us when we are doing security operations and investigating alerts.

There are some features that I have shared with our customer service manager. One of them that is relevant to us at this time is the need for better determination of unified devices. Currently, JupiterOne uses hostname weights, MAC addresses, or IP addresses to tie devices together, but we have actually requested a way for us to make those determinations ourselves. For example, when externally scanning a device using Qualys, internally it gives an IP address or FQDN, while externally it might be different. We want to be able to decide ourselves that these two devices are the same device even when they have different names and IP addresses for external and internal use. The unified devices feature is valuable and did not used to exist, and it has been fantastic. However, I believe more can be done regarding unified devices, and giving users the privilege to tie them together would be a good addition to the platform.

One of the other things that interest us in JupiterOne and why we really wanted to use the tool is the compliance feature. We wanted to use it to track our compliance since we are ISO 27001 certified. However, the compliance module has not worked well, and we have had to continue tracking our compliance manually with the tools we use. Although there are some works in progress to improve the compliance part of the tool, I think if they can get it up to speed, that would be a really good improvement.

I have been using JupiterOne for three years. I was initially recruited with Landmark Group to be a subject matter expert for JupiterOne.

JupiterOne has many features. Although none comes to mind almost immediately, I know it often depends on how we are able to write or craft the queries. JupiterOne has been very instrumental to me in my work. Being the subject matter expert for JupiterOne at Landmark, I think it has been very beneficial for me.

JupiterOne has been quite helpful to us, especially in information security. One of the things it helps us with is housekeeping, allowing us to see where there are duplicates and address those.

I would rate JupiterOne an eight. JupiterOne is a strong tool, and there are some issues that need to be addressed, but overall, I think it is a good tool. The reason I am giving it an eight is that there are features that are not its strengths, which is understandable, but it performs very well in the aggregation of assets from different platforms.

I would definitely recommend JupiterOne because some of the features I have mentioned here are part of what makes it strong. The aggregation of tools from different platforms into one single repository allows you to easily query assets by typing their IP address, hostname, or FQDN. I believe that is JupiterOne's greatest strength. Additionally, you can create dashboards or widgets for a high-level overview, and JupiterOne can track trends over time, telling you if something is increasing, decreasing, or remaining stable. Those are part of the great features that JupiterOne has, and I would recommend it to anyone needing a single cyber asset tool.

We use the solution for writing all the queries. There is a lot of variation for machine learning projects like data processing, data analysis, and pipeline creation. It has the flexibility to work on different kinds of things like ML projects and clustering algorithms like regression analysis.

The product’s UI is pretty decent and fast. You can increase GPUs and other features like importing files and everything, which is tricky in Google Collab but better in Jupiter.

There should be more integration or an update to the visualization part of the charts or other graphs we plot. Currently, it integrates from your local directive with your local PC. If it is integrated into other platforms, that would be great. You can only write Python queries in Jupiter, not other languages, like, SQL or PySpark. Databricks is a software that provides writing queries in different languages. Jupiter should allow us to write in different languages.

I have been using JupiterOne for more than three years. We are using the latest version of the solution.

The product is stable. I rate the solution’s stability an eight out of ten.

We have 50+ users using this solution. I rate the solution’s scalability a seven out of ten.

There is not much support needed for the software.

I’ve used PyCharm before, but I switched to Jupiter because of its interface, query writing, and sequence capabilities. I find it better to write short-form notebooks, as these are easier to see and understand. The flow is also more intuitive, and the output certificate is displayed on the same line.

The initial setup is decent and takes a minute to deploy. It would have taken maybe 15 to 30 minutes for the first time, but it’s not a difficult job to do. One person is enough for setup and maintenance. I rate the initial setup an eight, where one is difficult, and ten is easy.

Overall, I rate the solution an eight out of ten.