JupiterOne is a cybersecurity company focused on helping organizations understand and secure their cyber asset universe. Its cloud-native platform collects and normalizes data from cloud, on-premises, SaaS, identity, code, endpoint, and security tools, then maps the relationships between those assets to create a unified system of record for attack surface analysis, exposure management, and continuous monitoring.
Built around a graph-based data model, JupiterOne is designed to give security teams context rather than isolated alerts. The platform supports natural-language and J1QL querying, dashboards, alerting, reporting, and workflow automation so teams can investigate risk, validate controls, prioritize remediation, and improve visibility across hybrid and multi-cloud environments.
Offerings, Capabilities, and Integrations
JupiterOne’s core capabilities center on asset discovery, normalization, relationship mapping, and contextual analysis. It enables teams to maintain a current inventory of cyber assets, understand how those assets connect, identify security gaps, assess blast radius, and act on prioritized risks through dashboards, alerts, and automated workflows. The same underlying data model supports exposure management, cloud security, incident investigation, vulnerability operations, identity review, and continuous control validation.
The platform is integration-led and API-driven, with more than 250 integrations across cloud infrastructure, identity providers, code repositories, vulnerability scanners, endpoint tools, ticketing systems, collaboration tools, HR systems, and other parts of the technology stack. JupiterOne connects with major platforms such as AWS, Microsoft Azure, Google Cloud, Okta, GitHub, Jira, Qualys, Splunk, Slack, and many others to unify operational and security context in one environment.
Products and Services
- JupiterOne Platform: Flagship cyber asset security platform that collects and normalizes asset data, maps relationships, supports natural-language and J1QL queries, and delivers dashboards, alerts, and workflow automation for security and compliance teams.
- Cyber Asset Attack Surface Management: CAASM offering for discovering, connecting, and analyzing cyber assets across cloud, on-premises, and hybrid environments to reduce blind spots and uncover risky relationships.
- Continuous Controls Monitoring: Graph-powered control validation capability that encodes security controls as executable queries, continuously tests them in production environments, and automates evidence collection for audits and ongoing assurance.
- Continuous Threat Exposure Management: Exposure management offering that helps teams identify exploitable vulnerabilities, assess business impact, visualize attack paths, and prioritize remediation based on exploitability and asset criticality.
- Cloud Security Posture Management: Multi-cloud posture management capability that provides visibility across AWS, Google Cloud, and Microsoft Azure, with relationship mapping and query-driven analysis of cloud risks.
- Incident Response: Incident response capability that centralizes asset context, shows blast radius, highlights affected relationships, and helps teams prioritize and remediate incidents faster.
- Vulnerability Management: Centralized vulnerability management offering that correlates findings from scanners and other tools with asset context to support prioritization, monitoring, and remediation.
- Identity and Access Management: Identity-focused capability that centralizes user identities and permissions, supports access reviews, highlights over-permissioned accounts, and helps monitor identity risk across critical assets.
Target Customers
JupiterOne targets organizations with large, fast-changing cyber asset estates, especially cloud-native and hybrid enterprises that need a unified view of infrastructure, identities, applications, code, and security controls. The platform is built for teams that struggle with fragmented data across multiple security and IT tools and need a more connected operating picture of risk.
Primary users include security operations, cloud security, vulnerability management, identity and access management, compliance, GRC, and DevSecOps teams. Customer references and case studies indicate strong relevance in software and SaaS, financial services and fintech, healthcare, and other technology-driven organizations with complex environments, continuous audit requirements, and a need to prioritize remediation based on business context.
Cloud Integrations and Marketplace
- AWS Marketplace: JupiterOne Cybersecurity Data Insights Platform is listed in AWS Marketplace as a SaaS offering sold by JupiterOne and deployed on AWS.
- AWS: JupiterOne integrates with AWS to discover and analyze cloud resources, map relationships, and support multi-cloud asset visibility and attack surface analysis.
- Google Cloud: JupiterOne supports Google Cloud as a cloud service provider integration for multi-cloud asset visibility, relationship mapping, and query-driven cloud risk analysis.
- Microsoft Azure: JupiterOne supports Microsoft Azure as a cloud service provider integration for multi-cloud asset visibility, relationship mapping, and contextual cloud security analysis.
Key People
- Paul Forte: Chief Executive Officer
- Erkang Zheng: Chief Innovation Officer & Chairman of the Board
- Kevin Tonkin: Chief Product Officer
- Ben Mayo: VP, Finance
- Kat Walenty: VP of People & Operations
- Brian Skrocki: VP, Technical Field Operations
- Chad Richts: Director, Product Strategy
- James Mountifield: Director, Product Management
- Kristal York: Director, Engineering Operations
- Ben Johnson: Senior Manager, Engineering
Key Facts
- Headquarters: Durham, North Carolina, United States
- Employees: 51-200 employees
- Annual Revenue: $19M-$50M
- Parent Company: None
- Subsidiaries: None
- Publicly Listed: No (privately held)
Analyst Recognitions
- Gartner: Sample Vendor in Gartner Hype Cycle for Security Operations, 2025 for Cyber Asset Attack Surface Management (CAASM). Sample Vendor in Gartner Hype Cycle for Cyber-Risk Management, 2025 for Continuous Controls Monitoring.
