One of the by-products of today’s IT environments — which can involve multiple clouds and data warehouses, on-premise servers, thousands or even millions of connected devices and users, a multitude of apps and more — is that this size and complexity is a minefield when it comes to security. Malicious hackers have a lot of potential points of entry to exploit, so the aim for security specialists is to have a complete picture of how things are looking across the whole of the network — regardless of how fragmented those operations might actually be.
Today a company called JupiterOne that’s built a platform that aims to do just this is announcing $70 million in funding at a valuation it says is over $1 billion — a sign not just of its own success but also of the opportunity investors see for growth.
Tribe Capital is leading the round, with participation from a number of others, including new backers Intel Capital and Alpha Square Group, and existing investors Sapphire, Bain Capital Ventures, Cisco Investments and Splunk Ventures. It brings the total raised by JupiterOne — based out of Morrisville, North Carolina — to $119 million.
You’ll notice a number of tech companies in that list. Part of JupiterOne’s special sauce is how it integrates data effectively from the many tools and vendors an organization might work with, and so all of these are strategic. Case in point: Just yesterday the company announced a deep integration with Splunk to provide better data visibility for Splunk users. Another example of that is a recent launch with Cisco for a new product, Cisco Secure Cloud Insights with JupiterOne.
“JupiterOne directly complements our cloud-first portfolio and our Splunk Ventures investment, coupled with a new integration partnership, will make it easier for organizations to analyze security insights,” said Varoon Bhagat, vice president of corporate development for Splunk Ventures, in a statement. “Splunk and JupiterOne share a commitment to offering our customers deep visibility to stay ahead of the threat landscape, the ability to safely scale, and use data to help power digital transformation opportunities.”
Erkang Zheng, JupiterOne’s founder and chief executive, launched the company initially as a spinout of LifeOmic, with Zheng himself having a long history of working in security for a number of major enterprises, including Fidelity and IBM. His thesis, which continues to today, is that you cannot conceive of “assets” simply as infrastructure, but that data and really anything and everything on the network (or existing in any way to connect to it) has to be considered part of that bigger picture of “cyber asset attack surface management”, as the bigger space that JupiterOne is in is called.
“JupiterOne was created from my own pain points and my own digital transformation journey,” he said. “How do we transform security organizations into more than just engineering? That is what digital transformation is about, helping use data to run more efficiency, so that for example remote work is not so painful, and so on. The only way to do that is to have some fundamental understanding and visibility into the entire digital operation. Those are the cyber assets.”
That firsthand experience is what helped inform him of the challenges of the fragmentation of the IT environment as it existed, and the fact that this would only become more complex over time (which it has). Customers number in the hundreds and include the likes of Robinhood and HashiCorp, and while it’s not disclosing many other current names or any other metrics today, others that have been mentioned in the past include Reddit, Databricks and Auth0.
“We’ve seen a tremendous amount of exponential growth to get the valuation we got,” Zheng told me in an interview. “We are definitely in your top tier in terms of customers, recurring revenue and team size.”
While the company will continue to invest in developing more tools and more integrations to built out the powerhouse of managing “assets” in the most general sense that Zheng described, that gives the startup the opportunity to take that data into new areas.
One of these is to start being able to do more with that data intelligence and analytics, it sounds like.
“We fundamentally believe that if you have all the right data aggregated into the right place and as a single source of truth, then you can fundamentally ask any question regardless of use case,” Zheng said. “It’s like Google.”
Second of all is a deeper move into open source.
Right now JupiterOne’s customers are primarily in the larger enterprise space, but there is an opportunity for the company to work more closely with potentially smaller or more cutting-edge organizations that are still scaling, in some ways similar to some of its existing customers that have been with the company “almost since the beginning,” Zheng said. “There is a sizable pool of customers who are still early stage.”
For them, they are offering a free version of its tools as part of its mission to “democratize” security, and alongside that it continues to develop an open source set of tools to help build out its wider community. There are just under 170 OS repos out there right now, Zheng told me. “It’s still early but we will continue to build out that community,” he said.
“JupiterOne supercharges cybersecurity teams by centralizing data from all their cyber assets and showing the relationship between them at all times,” said Sri Pangulur, partner, Tribe Capital, in a statement. “Aggregating the assets and making it possible to query is difficult, but JupiterOne has solved this problem and is becoming the centerpiece of any cybersecurity program. We couldn’t be more excited to partner with JupiterOne on their journey to help every security organization reach its full potential.”