Why are cybersecurity asset management startups so hot right now?

In the world of cybersecurity, you can’t secure something if you don’t know it’s there.

Enter cybersecurity asset management, an admittedly unsexy fragment of the booming industry that investors have shown an ever-increasing appetite for over the past 18 months.

The cybersecurity industry experienced what is being hailed by some as a “golden year” — funding for cyber startups climbed by 138% to $29.5 billion in 2021 and M&A activity skyrocketed by more than 294% to $77.5 billion. And those focused on securing an organization’s internet-facing assets have received more attention than most.

Over the past 12 months alone, Sternum, a Tel Aviv-based startup that provides real-time asset management for internet-connected devices, raised $27 million; Censys, a search engine for networked devices, secured $35 million; JupiterOne, a platform that helps companies see all of their digital and cloud assets, raised $19 million; and Axonius, which lets organizations manage and track computing-based assets, bagged $100 million.

Big-name tech giants clearly see the value in this often-overlooked area of the industry, too. Microsoft spent $500 million in July to acquire RiskIQ, a company that provides visibility into what assets, devices and services can be accessed outside of a company’s firewall, describing the takeover as a “powerful” addition to its portfolio.

Assets, assets everywhere

While asset management was once the concern of in-house IT teams managing on-premise hardware, it has evolved to warrant the purview of the chief information security officer and is the backbone of any effective cybersecurity strategy.

Asset management is a foundational challenge for security leaders, and the transformation we’ve seen with modern digital infrastructure has created a renewed impetus to fix it. Shawn Cherian

That’s because, in order to effectively address security issues, enterprises need a comprehensive and reliable inventory of their internet-facing assets. Once comprised of PCs and servers, the pandemic-induced digital shift means that organizations have increasingly diverse assets and more platforms in place than ever before — from operational technology systems and Internet of Things (IoT) devices to company-owned and cloud-based services.

The proliferation of new asset types, along with the widespread shift to remote work, has resulted in assets becoming more highly distributed, making them even more difficult to manage and inventory.

“Asset inventory has historically been a challenge when workforces were physically sitting in company offices and on company networks,” Paul Baird, chief technical security officer at security and compliance giant Qualys, told TechCrunch. “With the pandemic solidifying a new normal of either fully remote or hybrid working approaches, the complexities surrounding asset inventory have only increased in difficulty.”

JupiterOne raises $19M Series A to automate cyber asset management

Asset management might not be the most exciting talking topic, but it’s often an overlooked area of cyber-defenses. By knowing exactly what assets your company has makes it easier to know where the security weak spots are.

That’s the problem JupiterOne is trying to fix.

“We built JupiterOne because we saw a gap in how organizations manage the security and compliance of their cyber assets day to day,” said Erkang Zheng, the company’s founder and chief executive.

The Morrisville, N.C.-based startup, which spun out from healthcare cloud firm LifeOmic in 2018, helps companies see all of their digital and cloud assets by integrating with dozens of services and tools, including Amazon Web Services, Cloudflare, and GitLab, and centralizing the results into a single monitoring tool.

JupiterOne says it makes it easier for companies to spot security issues and maintain compliance, with an aim of helping companies prevent security lapses and data breaches by catching issues early on.

The company already has Reddit, Databricks and Auth0 as customers, and just secured $19 million in its Series A, led by Bain Capital Ventures and with participation from Rain Capital and its parent company LifeOmic.

As part of the deal, Bain partner Enrique Salem will join JupiterOne’s board. “We see a large multibillion dollar market opportunity for this technology across mid-market and enterprise customers,” he said. Asset management is slated to be a $8.5 billion market by 2024.

Zheng told TechCrunch the company plans to use the funds to accelerate its engineering efforts and its go-to-market strategy, with new product features to come.