In today's complex cybersecurity landscape, the ability to visualize and manage relationships between assets is crucial for maintaining a secure environment. One of the capabilities of JupiterOne as an cyber asset attack surface management (CAASM) platform is the ability to correlate and display the connections between assets. In this blog, learn how Identity and Access Management (IAM) Security Engineers or Architects can leverage JupiterOne and IAM tools like Okta, Azure AD and Cisco Duo to enhance IAM and reduce security risks related to over privileged accounts, unmonitored or unlogged access, inefficient user deprovisioning and more.
Understanding the Power of Relationship-Based Queries
A key differentiator of JupiterOne is the ability to perform relationship-based queries, which are key in understanding the intricate connections between different asset types. For example, you might create a query to identify Okta or Azure Active Directory users who are assigned admin access. This might seem straightforward, but it requires integrating data from multiple sources to provide a comprehensive overview.
Asking the Question: Inactive Users with Active Accounts Elsewhere
One of the most used queries available in JupiterOne checks for users who have been deprovisioned or are inactive but still have access to other active user accounts. For example, you might have a contractor who was offboarded and deactivated in Okta. However, if their access wasn't disabled across all platforms, they might still have active Google Workspace user accounts. This query highlights the discrepancies, allowing security teams to clean up and ensure proper deprovisioning.
How it Works: Graph Database and Relationship Focus
JupiterOne's underlying graph database architecture is what enables these advanced queries.
What is a graph data model?
A graph database is a type of database that focuses on the connections between different pieces of data. Instead of storing data in tables like traditional databases, it uses a network of entities (data points) and relationships (connections between data points). This approach makes it easier to model and understand complex relationships, similar to how things are connected in the real world. Graph databases are often faster and more flexible than traditional databases for certain tasks because they are designed to handle interconnected data.
By focusing on relationships, you can seamlessly correlate data from various sources. When you run a query to find Okta users with a last login date over 90 days ago or a deprovisioned status, JupiterOne not only provides a detailed list view of the results but also a powerful graph view, revealing the detailed connections and insights that transform data into actionable intelligence.
In the graph view, you can visualize the connections between assets. For instance, an Okta user with a status of inactive might be linked to a Google user account that is still active. This graphical representation simplifies the process of identifying and resolving security gaps.
Questions in Action
Consider a scenario where you want to find Okta users who are deprovisioned but still have active accounts in other systems. The query starts by pulling user data from Okta, including details such as last login date and account status. JupiterOne then links this data to a “person entity”, consolidating multiple user accounts into a single profile. This method makes sure all related accounts are found and checked for security risks.
The Importance of Relationships Building in Security
The ability to trace relationships end-to-end is what makes JupiterOne's CAASM powerful. By building and visualizing these connections, security teams can ensure comprehensive asset management and reduce the risk of orphaned accounts or unauthorized access. The graphical visualization not only simplifies complex queries but also provides a clearer picture of the organization's security posture.
By leveraging CAASM, organizations can gain a clearer picture of their assets, maintain strong security posture, and effectively manage exposures. The ability to visualize and correlate data from a graph data model from multiple data sources is what differentiates JupiterOne, ensuring that no asset is overlooked and to maintain a strong security posture.
Start centralizing your inventory of user identities and permissions, and correlate this data across all your cyber assets with JupiterOne. Minimize security gaps by integrating IAM data from cloud assets, users, devices, code repositories, applications, and more.