Case Study:  Auth0 Reduces Third-Party & Cloud Asset Risk with JupiterOne

by

Auth0 helps enterprise companies solve the most complex, large-scale identity use cases with its extensible and developer-friendly solution. To get to that level of scale and safeguard billions of login transactions each month, they have grown their cloud and cyber assets significantly to meet customer needs.

Auth0 Security Engineering Team Story

The Auth0 product team built an in-house solution on AWS Neptune to understand their growing number of cyber assets. They needed a solution that could help them understand the relationships between those assets and possible vulnerabilities. This was an extremely challenging and time-intensive project. Ultimately, the Auth0 team decided to look for an alternative solution to help manage their growing cloud asset complexity. Their choice of platforms was JupiterOne

George Vauter, Staff Security Engineer at Auth0 shared, “From a cloud security perspective, JupiterOne is the primary platform we use to anchor our asset management program now. JupiterOne brings all of our cloud assets, their configurations, and vulnerabilities into one platform. The team can prioritize issues and understand the impact quickly across all of our assets.”

Auth0 Security Challenges

Auth0's security engineering team focused on three priorities.

1) Visibility and response
  Siloed vulnerability management tools hampered visibility and response

2) Vulnerability inheritance
   Limited understanding of the impact of vulnerability inheritance

3) Third-party risks and permissions
  Unknown third-party risks and permissions to their AWS environment

Auth0 results with JupiterOne

Complete understanding and ability to prioritize issues across their assets.

With the consolidated view of their disparate security and IT tools, they were able to load context from their vulnerability assessment tools (AWS, Rapid7, GuardDuty, Bugcrowd, and more) into JupiterOne’s Graph View, a graph-based visualization tool showing connections and context between all cyber assets. The security team was able to see issues sooner and take actions in a more pragmatic approach.

Reduced third-party asset exposure across their entire cloud environment.

Vauter shared that, “All our third-party entities and potential risks were discovered by JupiterOne.” The Auth0 team created J1QL queries to analyze all AWS IAM roles used by third parties. They were able to answer questions such as, "Do we unknowingly grant outside entities (e.g., third-party consultants, partners, etc.) access to our AWS environment? Who are the third parties that have access to our environment?"

Conclusion

Building in-house solutions to manage the complexity of modern cybersecurity issues is difficult. Keeping up with technology expansion and tracking vulnerabilities within those systems takes a full time staff of knowledge experts and engineers. After trying to “roll their own” solution, Auth0 chose the JupiterOne platform because of the ability it provides to automate the finding, tracking, monitoring, and prioritization of issues across all their cyber assets.

Read the full case study to learn how Auth0 gained complete understanding of their third-party risks, while achieving end-to-end cloud security monitoring.
We would like to help you do the same.

Jennie Duong
Jennie Duong

Director of Product Marketing at JupiterOne. Eternal cynic and privacy advocate. Prior to JupiterOne, Jennie spent the past three years living, traveling, and working abroad across 25+ countries. She consulted and advised for several B2B cybersecurity and cloud startups.

Keep Reading

Proactive IAM Security: Transforming Identity Security with Actionable Insights | Okta Integration with JupiterOne
December 19, 2024
Blog
Unlocking Proactive Security: How Okta and JupiterOne Elevate IAM Insights

Unlock proactive IAM security with Okta and JupiterOne, gaining real-time insights, enforcing least privilege, and reducing risks in dynamic cloud environments.

Transitioning from Vulnerability Management to Exposure Management | JupiterOne
December 13, 2024
Blog
Transitioning from Vulnerability Management to Exposure Management with JupiterOne

Explore Gartner's latest report on Exposure Management and learn how your organization can prioritize vulnerabilities and minimize exposures.

The Ultimate CAASM Guide for 2025 | JupiterOne
November 20, 2024
Blog
The Ultimate CAASM Guide for 2025

Discover how Cyber Asset Attack Surface Management (CAASM) is providing enhanced visibility of internal and external assets in 2025.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.