JupiterOne announced the availability of Starbase, a new open-source
tool to collect assets and relationships from services and systems including
cloud infrastructure, SaaS applications, security controls, and more into an
intuitive graph view backed by Neo4j, a leading open-source graph data
platform, to be used for cyber asset management.
The new tool allows users to integrate Neo4j with JupiterOne
open-source data ingestion plugins, actively manage their cyber asset
environment, and gain security context for free. Users can clone any of the
JupiterOne open-source integrations and this
blog outlines steps to get started today. Additionally, the solution offers
interoperability with other Neo4j-based projects such as Lyft
Cartography. Security professionals can significantly increase the types
and amounts of cyber asset data they can collect.
Staying on top of transient environments and other cyber assets
is a challenge many organizations face. According
to ESG, 69% of organizations admit that they have experienced at least one
cyber-attack that started by exploiting an unknown, unmanaged, or poorly
managed internet-facing asset. The companies with the most cyber assets were
nearly twice as likely to fall victim.
Existing SQL-based solutions available today are complex and
lack in-depth understanding of asset relationships. The graph-data model
approach used by Starbase emphasizes the clear understanding of asset
relationships and makes it more effective and easier to perform complex
relationship analysis.
Starbase is designed to connect the open source-based
plugins of the JupiterOne CAASM platform with Neo4j, broadening the company's
commitment to the grassroots open-source community, with a long-term goal of
working with other local universities and researchers around North Carolina and
nationwide.
Starbase makes it immediately possible for security
professionals to ingest graph representations of over 70 open-source
integrations with the JupiterOne platform. The solution improves upon
traditional approaches to security by being significantly more intuitive,
helping organizations to understand their cyber asset attack surface, and
providing a more powerful way to accelerate security in their blind
spots. Every second counts when an attack strikes, and JupiterOne empowers
teams with complete visibility and accelerated action.
Security is a basic right. JupiterOne created the Starbase
tool to help democratize graph-based security analysis and overall visibility
into external services and systems. In order to secure any system or service,
organizations must have knowledge of the assets and asset relationships and the
ability to query their cyber asset landscape.
To get started with Starbase, visit GitHub here.
JupiterOne believes security is not a zero-sum game. So when
security engineers from different organizations collaborate to improve their
security postures, everyone except for the attacker wins. With JupiterOne,
security teams now have access to open-source integrations to many widely used
development platforms such as AWS, Microsoft Azure, Google Cloud Platform,
Github, and more.
In addition to this new open source project, JupiterOne
already offers a free tier for its SaaS-based CAASM platform that anyone can
sign up for and get started in minutes, with no credit card required.
The tech analyst firm Gartner recognized JupiterOne as an
"on the rise" vendor for cyber asset attack surface management, or CAASM, in
its most recent report on "Hype
Cycle for Security Operations, 2021" released in July 2021.
Sean Catlett, CSO at Slack
"As a CSO, I'm a big advocate of bringing graph-based
technology to security, given its power to reshape how we think about security
threat defense. Open source projects like Starbase from JupiterOne are
important for how we prioritize threats in security, because they can serve as
a great equalizer and communication medium between practitioners and
non-experts.'
Sri Viswanath, Investor & Advisor
"By contributing Starbase to the open-source community,
JupiterOne is democratizing global access to graph-based security models and
helping security practitioners gain richer insight into relationships between
assets, users, policy, and vulnerability. I believe the powerful combination of
graph-based security analytics and open-source community will ultimately create
a more secure future for all of us."
Erkang Zheng, founder and CEO at JupiterOne
"True vulnerability and attack surface management lies in
asset relationships, including direct and indirect ones. The graph-based
relationship model for security is key to understanding blast radius and true
risk. This open-source initiative is part of our company's broader
mission to empower every organization to protect themselves, regardless of size
or budget, because we believe security is a basic right."