Auth0 improves SecOps capability with JupiterOne

Auth0’s Modern Solution for Large-Scale Identity Security

The Auth0 Identity Platform, a product unit within Okta, helps enterprise companies solve the most complex and large-scale identity use cases with its extensible and developer-friendly solution.

No matter what kind of business you are in, authentication is critical to keeping customers and users, both internal and external, secure. Auth0 balances the need for simple authentication and login processes against security and privacy. Auth0 has created a product that provides security that everyone can use. More than 14,000 organizations trust Okta and Auth0 to help protect the identities of their workforces and customers.

Challenge: Understanding Vulnerabilities Across Cloud Assets

One of Auth0’s core values is to embrace data-driven insights to improve its product and business. Prior to onboarding JupiterOne, the Auth0 product team built an in-house solution on AWS Neptune to understand the relationships between assets and vulnerabilities. This was an extremely challenging and time-intensive project for the group.

George Vauter, Lead Cloud Security Engineer, is responsible for cloud security and asset management. George and the Auth0 Security Engineering team found JupiterOne and were able to load context from their vulnerability assessment tools (AWS, Rapid7, GuardDuty, Bugcrowd, and more) into JupiterOne’s Graph View, a graph-based visualization tool showing connections and context between all cyber assets. JupiterOne enabled the team to better understand their global cloud ecosystem and vulnerability footprint. JupiterOne was also able to give access to asset relationships in a way that provided enriched data on the impact a vulnerability could have. JupiterOne’s simple query capabilities and graph database modeling helped the Auth0 team improve their security operations with the ability to prioritize potential vulnerabilities across their disparate systems and tools.

George shared, “From a cloud security perspective, JupiterOne is the primary platform that we use to anchor our asset management program now. We really like the graph and query approach because it augments our vulnerability scans to aggregate and de-duplicate findings against cloud assets. JupiterOne brings all of our cloud assets, their configurations, and vulnerabilities into one platform and the team can prioritize issues and understand the impact quickly across all of our assets.”

Visibility into Cloud-Native Asset Permissions and Third-Party Risks

In addition to augmenting its asset management program, the Auth0 Security team used JupiterOne to improve their Security Operations and resiliency within their AWS environment.

With the sheer amount of cyber assets within any organization, it’s a known problem that teams can unknowingly grant outside entities (e.g., third parties, partners, etc.) unwanted access to their cloud environments. According to George, “we wanted a solution that could really help understand our third-party asset exposure across our entire cloud environment.”

The team needed a solution that could help them answer questions such as did they unknowingly grant outside entities (e.g., third-party consultants, partners, etc.) access to our AWS environment? And who are the third parties that have access to their environment?

George and his team used JupiterOne to answer these questions and others like it. The Auth0 team created queries to analyze all AWS IAM roles used by third parties. They immediately obtained insight into the permissions that were granted and ensured that only the least possible permissions were available to those third parties. As a result, the team gained visibility that they could not previously achieve. With JupiterOne, Auth0 can now see and understand the third-party AWS accounts across their systems.

George added that, “All our third-party entities and potential risks were discovered by JupiterOne. Seeing the relationships across our cloud assets, permissions, and third-party entities within the Graph View was a powerful aspect of the JupiterOne platform.”

Expanding Security Across All Cyber Assets & Other Groups

“The nice thing about JupiterOne is that we can just quickly turn on any integration. That was an easy win for us because JupiterOne is the first platform to consolidate all of our disparate tooling into one place. This gave us better visibility and true understanding of our team’s security hygiene across all of our cyber assets.“ George commented.

Today, the main users at Auth0 are the security and compliance teams in charge of cloud security, asset inventory, and vulnerability management. The teams have integrated many security and cloud tools into JupiterOne to effectively monitor and secure all of their cyber assets.

Auth0 is an engineering-first and data-driven organization and teams like the Security Engineering team are happy to offer additional data and insights to support various company initiatives. George also shared that, “With JupiterOne, we’re able to help our Cloud Cost team internally manage our AWS costs. Although our Cloud Cost team uses in-house cost and cloud monitoring tools, sometimes they’ll come to us with questions. If they ever have questions about our AWS infrastructure, we can write a quick query in JupiterOne and share that data with them immediately.”