Case Study: Reddit achieves continuous cloud security and vulnerability management with JupiterOne

How Reddit uses a Graph-Based CMDB for Vulnerability Management

Reddit, a large social media platform, needed to improve its vulnerability management program. The company required a complete and accurate asset inventory to identify security gaps, track vulnerable packages across its infrastructure, and effectively assign remediation tasks to the correct service owners. To address this, Reddit implemented JupiterOne’s graph-based cloud configuration management database (CMDB) to gain a unified view of its complex environment.

JupiterOne’s solution aggregated data from all of Reddit's sources, including AWS, GitHub, and Puppet, into a graph database that maps the relationships between entities. This allowed Reddit to ask complex questions about its security posture, such as identifying internet-facing servers with specific vulnerabilities. The implementation streamlined their entire vulnerability management process, enabling them to prove daily scan coverage of their production servers, immediately identify unscanned assets, and enforce tagging for better asset categorization. JupiterOne provided the foundational data and relationship mapping that made Reddit's security and governance processes continuous and effective.

Reddit

Sean Catlett

CISO