What are cyber assets?

A cyber asset includes anything at an organization, physical or software-defined components, that comprise part of the organization’s attack surface.
Cyber assets continue to grow as enterprises adopt cloud solutions more broadly. While this expansion is essential for doing business in an increasingly distributed business environment, cyber assets represent opportunities for malicious actors to compromise an enterprise.

Cyber assets can be classified in many ways. JupiterOne classifies cyber assets using the following categories:

- Devices
- Networks
- Data
- Users
- Findings
- Policy

Findings and policies are slightly different and can be considered as cyber asset attributes.

What does software-defined mean?

A software-defined component is anything in the organization that’s managed, controlled, or improved by software. In a software-defined environment, software carries out activities that in the past may have been performed by hardware. Another way to describe a software-defined environment is virtualization.

What is the difference between a cyber asset and a critical asset?

Critical assets are a subset of cyber assets, defined by the individual organization as essential to maintaining operations and fulfilling the organization’s mission. If the confidentiality, integrity, or availability of a critical asset is compromised, it will result in significant business consequences.

What are some examples of cyber assets?

Cyber assets have grown more diverse as technology has evolved. Using the categories mentioned above, here are some examples of cyber assets:

Devices
- Computers
- Mobile phones
- Printers
- IoT devices
- Virtual machines
- Cloud hosts

Networks
- Network interfaces
- IP addresses
- Firewalls
- Gateways
- Domains
- Certificates

Applications
- Functions
- Modules
- Pull requests
- Repositories

Data
- Images
- Disks
- Records
- Tasks
- Data stores

Users
- People
- Groups
- Access roles

Findings
- Alerts
- Results
- Incident data
- Threat intelligence
- Vulnerabilities

Policies
- IAM policies
- Controls
- Configurations
- Requirements
- Rulesets