JupiterOne raises $19 million to automate IT asset management

JupiterOne, a cybersecurity management automation startup whose customers include Reddit, Databricks, and Auth0, today closed a $19 million funding round led by Bain Capital Ventures. Cofounder and CEO Erkang Zheng says the funds will be put toward bolstering JupiterOne’s R&D and go-to-market efforts.

Cybersecurity asset management, or the process of creating and continually updating an inventory of IT resources, can be a resource drain. According to a 2019 Deloitte survey, executives spend 13% of their time addressing cyber monitoring and operation challenges. Despite this, relatively few businesses are proactive about asset management, perhaps owing to logistical challenges. Gartner estimates that only 35% of companies are designing, documenting, and regularly testing assets using inventory tools and software.

JupiterOne claims to make security teams more efficient by centralizing the data from dozens of cloud services into a single hub for management, analysis, and alerts. Via the platform’s integrations and API, it automatically pulls in read-only data to generate a real-time inventory of resources and assets, including code, repositories, and endpoints. A one-word search across the inventory returns detailed information like account access, devices in use, resources, and even user-made changes to code repositories.

JupiterOne’ s algorithms fetch and classify entities in environments automatically and map them to tools like the compliance dashboard. There, users get an overview of the top-level controls and policies that make up their company’s security framework. Users can dig into specific requirements or use JupiterOne’s policy builder to review, update, and visualize asset relationships and craft a set of procedures from templates covering 24 major security policy domains.

Using the JupiterOne Insights app, users can build customized reporting dashboards and visualizations with searches and queries for inadvertent self-reviews, suspicious code commits, pull requests, code repos, and more. Each dashboard can be configured as a shared team board or as a personal board, and the layout of each board is individually saved per user, allowing a user to customize layouts without impacting other users.

For alerts, JupiterOne’s rules panel leverages a knowledge graph to factor in things like a user’s permissions and whether multifactor authentication has been enabled before triggering a new alert. JupiterOne boasts a library of preconfigured rules and intelligent rules that can be set to run from every 15 minutes to 24 hours to ensure security teams remediate when a new, high-severity alert occurs.

JupiterOne was founded as a subsidiary of Indianapolis, Indiana-based health software company LifeOmic. Erkang served as LifeOmic’s chief information security officer and initially built JupiterOne to support LifeOmic’s security and compliance needs. In pursuit of a cybersecurity asset management segment that’s anticipated to reach $8.5 billion in spending by 2024, according to Zheng, LifeOmic productized the solution as JupiterOne and spun it out in March 2018.

“JupiterOne is currently at 20 employees, with an expectation to triple that number by the end of 2021. We are in a high growth phase and will be focused on bringing on the best engineering and go-to-market talent available today,” Zheng told VentureBeat via email.

Rain Capital, LifeOmic, and individual investors also participated in the round.