Sapphire Ventures
Partnering with expansion-stage, enterprise software companies that we believe can become category leaders.
Sapphire Partners
Limited partner investing in exceptional early-stage venture fund managers.
Sapphire Sport
Partnering with early-stage companies at the nexus of technology and culture.
Menu close
Table of contents
A Smarter Way to Fight Cybercrime: Why We’re Proud to Lead JupiterOne’s Series B
May 4, 2021
Table of contents

Fighting against modern-day cyber attacks often feels like a lopsided battle where the perpetrators have the upper-hand due to the sheer proliferation of ways that data, resources and assets can be breached. What’s worse is that this fight occurs in the dark, where businesses have a hard time knowing what they even need to protect. 

Enter JupiterOne, a startup that aims to shed light on the situation by answering one key question: What do you own, and where are you most at risk from attack? JupiterOne is a cyber asset management company that helps enterprises not only gain visibility into their assets, but also understand the relationships between them. 

Founder and CEO Erkang Zheng and the JupiterOne team are solving this massive problem, and it’s our belief the company will be a genuine game-changer for businesses of all sizes. That’s why Sapphire Ventures couldn’t be more thrilled to back JupiterOne and lead the company’s Series B.

A paradigm shift in cybersecurity 

Traditional asset management tools take a straightforward approach to the problem by focusing on tracking specific, easily definable assets or endpoints in isolation. In comparison, JupiterOne believes securing any enterprise starts by understanding its entire environment. With JupiterOne, there is no limit to the definition of “asset.” Anything, from the infrastructure, to the data, deployed software, IoT devices or even user relationships should all be tracked. And the arduous undertaking of cataloguing and creating a complete inventory is only half the battle.

Without understanding how assets interact, teams don’t see the full security environment, only working with fragmented information that leaves vulnerable blindspots. The second, core piece of JupiterOne’s value proposition is its contextual knowledge base, built on a proprietary graph that specifies relationship mapping between assets. If there’s a breach or vulnerable asset, JupiterOne can trace the extent of any vulnerability to find other affected resources. JupiterOne’s pioneering cyber asset security and governance management ability enables organizations to finally understand exactly where they’re most at risk and how to best counter these threats. This creates an environment where it’s much easier to spot security issues and maintain compliance while swiftly preventing the impact of security lapses and data breaches.

How does JupiterOne do it? They provide a centralized, asset discovery and management engine, which aggregates governance, risk management, compliance, network, endpoint and infrastructure data across an organization’s entire operating environment. These insights are uniquely aligned to security policies, procedures and compliance frameworks to generate a graphical representation of the overall security posture. Resource mapping then automatically detects security gaps for remediation, produces evidence for audits and creates rules for continuous enterprise monitoring to discover relationships and context. This eliminates any guesswork for security operations teams, vulnerability managers and threat hunters.

A novel approach to a huge security problem

JupiterOne is one of the first to solve the almost impossible challenge of tracking an enterprise’s known and unknown assets, and deployments across software, hardware and cloud environments. For any individual organization to maintain asset integrations and consistently update a similar database would be a monumental undertaking, not to mention needing to build out a usable, intuitive graphical interface. JupiterOne has all of this easily at the ready. The company ensures that already overstretched CISOs, security operations and compliance officers don’t have to worry about these complex ongoing manual activities.

By creating a single source of truth of all disparate sources within the enterprise to achieve continuous compliance and optimal protection, JupiterOne maintains its customers’ security hygiene. This is a mission statement that is applicable across industries and speaks to CISOs in all verticals. Ultimately, it’s creating a powerful movement that’s about providing better protection across the whole threat spectrum from mission-critical environments in hospitals that save lives to simply reducing annoying spam emails.

With asset management predicted to become an $8.5 billion market by 2024, we see huge opportunities for JupiterOne.  And with the company’s long-term product vision being the key differentiator, this funding round will help the company maintain a competitive edge against those playing catch up.

A highly experienced security team at the core

Even the best ideas need a team that can execute the big vision. JupiterOne’s founder and CEO, Erkang Zheng is a highly accomplished operator with 16 years of experience in the security space at renowned companies like Fidelity, IBM, Cisco and several others. Erkang is someone who simply attracts brilliant people. 

The arrival of Uber’s CISO, Latha Maripuri to the company’s board of directors, and Sounil Yu, YL Ventures’ former CISO-in-Residence bolster JupiterOne’s already accomplished roster. Maripuri and Yu follow an impressive slew of industry leaders that recently joined JupiterOne’s board of investors including Frederic Kerrest, Executive Vice Chairman, Chief Operating Officer and co-founder of Okta, Sri Viswanath, CTO of Atlassian, Kevin Mandia, CEO of FireEye, and Jason Chan, Vice President of Information Security at Netflix. Adding further prestige to JupiterOne’s investment proposition are its customers, including leading cloud-native organizations such as Databricks, HashiCorp, Addepar, Auth0 and OhMD.

The way we see it, this is just the beginning of our partnership with JupiterOne. We’re looking forward to doing what we can to help the business scale its capabilities across a broader range of industry use cases. For starters, we see opportunities for JupiterOne in cyber governance and compliance management within highly regulated industries and for Legal and IT management teams too. This is an incredible time for Erkang and the JupiterOne team, and we’re thrilled to be on this journey together to make security a basic right for everyone.


Legal disclaimer

Disclaimer: Nothing presented within this article is intended to constitute investment advice, and under no circumstances should any information provided herein be used or considered as an offer to sell or a solicitation of an offer to buy an interest in any investment fund managed by Sapphire Ventures (“Sapphire”). Information provided reflects Sapphires’ views as of a time, whereby such views are subject to change at any point and Sapphire shall not be obligated to provide notice of any change. Companies mentioned in this article are a representative sample of portfolio companies in which Sapphire has invested in which the author believes such companies fit the objective criteria stated in commentary, which do not reflect all investments made by Sapphire. A complete alphabetical list of Sapphire’s investments made by its direct growth and sports investing strategies is available here. No assumptions should be made that investments listed above were or will be profitable. Due to various risks and uncertainties, actual events, results or the actual experience may differ materially from those reflected or contemplated in these statements. Nothing contained in this article may be relied upon as a guarantee or assurance as to the future success of any particular company. Past performance is not indicative of future results.