Cisco teamed up with JupiterOne on a new cloud security product that the startup's CEO Erkang Zheng calls cloud security posture management plus.

The product, called Cisco Secure Cloud Insights, uses the cyber asset data that JupiterOne analyzes — this includes vulnerability management, compliance reviews, public cloud inventories, and gaps in security controls — to provide better context for the telemetry collected across Cisco’s extended detection and response (XDR) SecureX platform. This gives customers public cloud inventory and insights, relationship mapping to navigate cloud-based entities and access rights, and security compliance reporting capabilities, according to Zheng and Cisco SVP Al Huger.

“You can use our SecureX platform for a number of things, but what it does tend to focus on primarily is around threat response,” said Huger, who is also the GM of Cisco security platform and response. “One of the places that the industry writ large lacks good visibility into is cloud infrastructure because it’s so rapidly deployed. It’s a bit of a Wild West.”

Cloud infrastructure tends to be distributed, and it’s not centrally controlled like an enterprise data center. “So you end up with an extraordinary amount of threat exposure inside those environments, and it’s difficult to map and understand them,” Huger continued. This is why Cisco partnered with JupiterOne on Secure Cloud Insights, he added.

The companies’ combined technologies give security analysts added context in the threat investigation process. “It’s the ability for our responders … to instantly be able to pull data in context out of cloud environments and merge them with what they also see in enterprises to give you a fluid view all the way through,” Huger said.

“In the event when you’re hunting down a threat in your environment, it can be a really long cold winter between discovery and remediation if you lack visibility in your cloud assets, and that’s something that JupiterOne gives us,” Huger added. “Context matters in the event of an incident: Is the asset important? What exactly does the asset do? Who can speak to it? Those are single-query resolutions with JupiterOne in a way that we couldn’t do with any other product in the marketplace.”

JupiterOne is a 3-year-old startup that falls into the emerging cyber asset attack surface management (CAASM) category. It has raised $49 million to date, and its investors include Cisco Investments and Splunk Ventures.

The startup signed more than 100 new customers and quadrupled its headcount in 13 months, claims Zheng, who also founded JupiterOne.

“There’s a challenge that we’re solving around what’s called CSPM,” he said, referring to cloud security posture management. “The way I describe it is a knowledge base for digital operations for cloud-native operations.”

And these cloud operations span more than public clouds, he added. It also includes all of the software-defined elements in an organization’s IT environment. “So JupiterOne is basically this platform and this knowledge base that collects all that information and maps out the relationships among all those resources,” Zheng said.

“It’s almost like doing DNA sequencing at a digital and cyber level,” he continued. Companies can use this data for CSPM but also for compliance reporting, incident response, and other purposes, Zheng said. “It provides all that context for what you need to do.”

While Cisco initially integrated Secure Cloud Insights with SecureX, the vendor has bigger plans for the joint product in the future.

“Early research suggests force multiplier effects through interactions with SecureX’s Device Insights, and a symbiotic relationship with Cisco Secure Cloud Analytics (formerly Stealthwatch Cloud),” Huger wrote in a blog post. “While Secure Cloud Insights connects the dots, Secure Cloud Analytics baselines behavior by analyzing traffic flowing between those dots. Integrated together, they can surface relationship-based and anomaly-based threat vectors.”

The product also complements Cisco’s recent security acquisitions including container and serverless security startup Portshift and Kenna Security, which provides risk-based vulnerability management, Huger said. “Also a better understanding of blast radius,” after an attack, he added.

“We use the data from JupiterOne to expand the capabilities of products that we already have in the portfolio that are plugged into SecureX, which Kenna, our risk-based vulnerability management system is, as are our secure endpoint product and our firewalls,” Huger said. “Ultimately, they should all be able to take advantage of the data that’s available from JupiterOne with Secure Cloud Insights.”