Sold by: JupiterOne
Deployed on AWS
Vendor Insights
JupiterOne provides cloud native cyber asset collection, monitoring, security and governance. Automate the continuous collection of cyber asset infrastructure and security configuration data to provide an always up to date, easy to query, system of record for your cyber asset universe.
4.6
Overview
JupiterOne is a cyber asset analysis platform every modern security team needs to collect and transform asset data into actionable insights to secure their attack surface. JupiterOne makes security as simple as asking a question and getting the right answer back, to make context driven decisions. With JupiterOne, organizations are able to see all asset data in a single place, improve confidence in choosing their priorities, and optimize their infrastructure and policies.
The main use-cases that the JupiterOne platform provides are: Asset Management and analysis through relationship mapping Vulnerability Prioritization by introducing business context Attack surface and security posture management Automated evidence collection and continuous monitoring across industry benchmarks such as PCI-DSS, SOC2, FedRamp, ISO 27001, CIS and more Visualize blast radius of a compromised user endpoint or workload speeding up remediation of incidents
To read more please go to: https://www.jupiterone.com/
JupiterOne provides custom pricing for customers via Private Offer. Please contact aws-jupiterone-marketplace@jupiterone.com for a better understanding of our pricing model and platform.
Highlights
- Complete asset visibility with agentless discovery - pull in all assets (both IP based and software defined) via read-only APIs for more than 80+ AWS native services and 200+ 3rd party applications
- Visualize relationships between assets and reduce your attack surface by discovering complex attack paths across clouds and platforms
- Interrogate your assets through natural language queries to answer questions that take hours in seconds and set up automated alerts
Details
Sold by
Delivery method
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Skip the manual risk assessment. Get verified and regularly updated security info on this product with Vendor Insights.
Security credentials achieved
(1)
SOC2
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/12 months |
|---|---|---|
AWS Marketplace Private Offer | Contact JupiterOne Sales Team for a custom quote | $0.00 |
Small-Market | Up to 200,000 data points | $25,000.00 |
Mid-Market | Up to 400,000 data points | $50,000.00 |
Enterprise | Up to 1,000,000 data points | $100,000.00 |
Vendor refund policy
JupiterOne does not offer refund. All purchases are final.
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Support
Vendor support
JupiterOne offers email, slack, and ticket submission based support. All support options are included with your purchase. We encourage all customers to join our community slack channel and submit questions and support requests through that system or via email. support@jupiterone.com
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By JupiterOne
By Netskope
By Rapid7
Top
25
In Infrastructure as Code, Network Infrastructure
Top
100
In Security
Top
10
In Vulnerability and Patch Management, Data Governance
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Agentless Asset Discovery
Pull in all assets via read-only APIs for more than 80 AWS native services and 200+ third-party applications without requiring agent deployment
Asset Relationship Mapping
Visualize relationships between assets and discover complex attack paths across clouds and platforms to reduce attack surface
Natural Language Query Interface
Interrogate assets through natural language queries to retrieve information and set up automated alerts
Continuous Compliance Monitoring
Automated evidence collection and continuous monitoring across industry benchmarks including PCI-DSS, SOC2, FedRamp, ISO 27001, and CIS
Incident Blast Radius Analysis
Visualize blast radius of compromised user endpoints or workloads to accelerate incident remediation
Cloud Access Security Broker
Unified cloud access security broker (CASB) functionality providing visibility and control over access to managed and unmanaged cloud services with conditional, granular policy enforcement.
Secure Web Gateway
Next generation secure web gateway (SWG) capabilities delivering comprehensive threat protection for cloud and web services with context-aware access control.
Data Loss Prevention
Data-at-rest and data-in-motion inspection with DLP violation detection, malware scanning in cloud storage, and data exfiltration prevention to unmanaged cloud infrastructure.
Cloud Infrastructure Monitoring
Continuous security assessment monitoring of cloud infrastructure for risky misconfigurations including data exposure across AWS and other cloud providers with inventory and configuration visibility.
Compliance and Remediation Automation
Pre-defined compliance profiles aligned with CIS, PCI, and NIST standards, advanced RBAC, scheduled reporting, alert notifications, exception handling, and automated remediation capabilities accessible via REST APIs.
Attack Surface Management
Aggregates comprehensive attack surface visibility across hybrid environments with external attack surface scans to provide 360-degree view of entire attack surface
Vulnerability Management
Delivers complete visibility across on-premise and remote endpoints to identify, communicate, and remediate vulnerabilities, misconfigurations, and risks
Cloud Security
Provides code-to-cloud protection for cloud-native applications with seamless CI/CD pipeline integration and agentless risk assessment based on reachability, exploitability, and potential impact
Next-Generation SIEM and XDR
Delivers accelerated detection and response with SaaS deployment, intuitive interface, out-of-the-box detections informed by MDR SOC, and built-in automation capabilities
Threat Intelligence
Delivers high-fidelity actionable threat intelligence infused with proprietary threat and vulnerability research from Rapid7 Labs and community-driven tools
Validated by AWS Marketplace
FedRAMP
GDPR
HIPAA
ISO/IEC 27001
PCI DSS
SOC 2 Type 2
-
-
-
-
-
No security profile
No security profile
Standard contract
No
No
Customer reviews
B Goswami
Unified cloud visibility has simplified compliance reporting and improved incident response
Reviewed on Jun 11, 2026
Review from a verified AWS customer
What is our primary use case?
I have been using JupiterOne for four to five months. I explored JupiterOne during my cybersecurity studies, and it serves as a cloud asset management and security solution for my company.
I use JupiterOne to address issues that my company faces with rating limits to deliver strong values, visibility, and compliance for all of my clients' terms.
The main use cases with JupiterOne involve personalized voice scripts for company assets, including tracking compliance and checks and cloud monitoring.
The best use case for JupiterOne is primarily its privacy capabilities, such as how it operates in private zones.
When S3 buckets are publicly exposed by mistake, JupiterOne flags it immediately through its graph relationship without manual checking of each asset. The compilation reporting is handled automatically instead of manually collecting evidence for SOC 2 or ISO audits. JupiterOne continuously maps infrastructures against compliance frameworks, which helps my company significantly.
Regarding automation with JupiterOne, I added some automations that directly contact clients or utilize the graph of the clients. They can see the live graphs of whatever is behind that situation, and it automatically finds the catalogs of every digital asset like cloud instances, user apps, and devices without manual inputs. The graph-based visualizations handle compliance mapping and policy management effectively.
What is most valuable?
JupiterOne affects my organization from many perspectives, particularly from a security viewpoint. Organizations gain a complete picture of their entire digital infrastructure with no blind spots, every asset, and every connection in one place. This reduces manual work and enables faster incident response, making compliance easier for standards like ISO and HIPAA. Evidence is automatically collected, which is the main cause of cost savings.
Fewer security breaches result from less manual effort, leading to better risk management. That is why my company uses JupiterOne extensively.
Time saved and money saved are both significant benefits that I have experienced.
What needs improvement?
Regarding performance and speed scenarios for JupiterOne, queries sometimes take too long, especially when dealing with large datasets or complex graph relationships that can slow down significantly. There is also a steep learning curve, as J1QL, their query language, is powerful but requires time to learn. New users struggle initially, and better onboarding tutorials are needed.
Rate limiting issues can be frustrating, as API rate limits sometimes cause problems.
Price transparency for JupiterOne is an area for improvement. The price is not publicly listed, so you have to contact sales for smaller teams or startups, which becomes a barrier. Another issue is alert noise, as sometimes too many alerts are generated. Better filtering and prioritization are needed so that critical issues do not get lost.
JupiterOne is very good when compared to other cloud asset platforms overall.
For how long have I used the solution?
I have been working with this solution for seventeen months.
What do I think about the stability of the solution?
JupiterOne is stable.
What do I think about the scalability of the solution?
The scalability of JupiterOne is quite good. It is built to handle enterprise-scale infrastructures with thousands of assets across multiple cloud environments. As our AWS infrastructure grew with more EC2 instances, more IAM roles, and more S3 buckets, JupiterOne automatically discovered and added them to the graph without any manual interventions. Horizontal scaling was seamless.
The graph database architecture is a smart choice for scalability. As we had more assets and relationships, the graph expanded naturally without restructuring. It is suitable for most mid-sized to large organizations. Only at very large enterprise scale do we feel those performance pressures.
How are customer service and support?
Our experience with JupiterOne's customer support was generally positive. During onboarding, support was strong. When we initially set up the platform, their team provided dedicated assistance for connecting integrations like AWS and GitHub , which made the first two to three weeks much smoother than expected.
JupiterOne has a documentation portal that is quite comprehensive. Most common questions and integration guides are well covered there, and our team relied on it heavily during initial configurations.
For ticket-based support, response time was reasonable for standard issues, usually within twenty-four to forty-eight hours. For critical issues, we sometimes received faster responses.
I would rate the customer service nine out of ten.
Which solution did I use previously and why did I switch?
Before JupiterOne, we were using a combination of tools including primarily AWS Security Hub for cloud security monitoring, spreadsheets for access tracking and compliance evidence collection, and a separate tool for vulnerability scanning. The problem was that those tools did not communicate with each other, resulting in three separate dashboards, no unified view, and a lot of manual work stretching data together for reporting.
This consolidation issue was the main reason we switched to JupiterOne. We wanted one single platform that could replace all three and give us a connected graph view instead of isolated data silos. That is why we chose JupiterOne, and it was the best decision ever.
I did not evaluate other options and directly switched to JupiterOne.
How was the initial setup?
My overall experience is good. JupiterOne follows a subscription-based pricing model that is not publicly listed, so you have to go through their sales team for actual numbers. In our case, the pricing was based on the number of assets monitored, with more assets resulting in higher costs. For a mid-sized organization like mine, it was a premium price but justified given the value.
The initial configurations took some effort, connecting all integrations like AWS and GitHub . It took about two to three weeks to fully set up and fine-tune. The licensing was a straightforward annual enterprise license.
Overall, it is not cheap, but for what it does, it is a good value.
What was our ROI?
I have definitely seen a positive return on investment from JupiterOne in a few concrete ways. The first is time savings. Before JupiterOne, our security team spent roughly fifteen to twenty hours per week manually tracking assets and preparing compliance reports. After implementation, that dropped to about three to four hours, saving nearly eighty percent of manual effort in that area.
The second area is audit preparation for SOC 2. Previously, it took four to six weeks of intensive work, but with JupiterOne continuously collecting evidence, that came down to roughly one week. This alone saved significant consultant and employee hours.
The third area is incident response.
What's my experience with pricing, setup cost, and licensing?
JupiterOne follows a subscription-based pricing model that is not publicly listed, so you have to go through their sales team for actual numbers. In our case, the pricing was based on the number of assets monitored, with more assets resulting in higher costs. For a mid-sized organization like mine, it was a premium price but justified given the value.
The initial configurations took some effort, connecting all integrations like AWS and GitHub. It took about two to three weeks to fully set up and fine-tune. The licensing was a straightforward annual enterprise license.
Overall, it is not cheap, but for what it does, it is a good value.
Which other solutions did I evaluate?
I did not evaluate other options and directly switched to JupiterOne.
What other advice do I have?
I have several practical pieces of advice for anyone looking into JupiterOne. The first is to start with clear asset inventory goals. Before you even set up the tools, know what you want to track, such as cloud assets or user applications. Going in without clarity makes the setup overwhelming.
The second is to invest time in learning J1QL early, as it is the key to unlocking JupiterOne's full power. The third is to connect your most critical integrations first, such as AWS and GitHub, and get those running before expanding to others. Do not try to connect everything at once as it becomes messy.
The fourth is to involve your compliance team from day one. JupiterOne's biggest ROI is in audit preparation, but only if compliance requirements are mapped correctly from the start. Finally, use the trial period seriously. Do not just click around; actually run real queries against your infrastructure and see if the insights match your expectations before committing to enterprise pricing.
My overall advice is that if you are a mid-sized or large organization dealing with multi-cloud complexity, JupiterOne is absolutely worth evaluating seriously. I gave this review an overall rating of eight out of ten.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Chijioke Okoye
Unified asset visibility has improved investigations and now simplifies tracking security assets
Reviewed on Feb 16, 2026
Review from a verified AWS customer
What is our primary use case?
Our main use case for JupiterOne is as an asset catalog tool where we document all our assets that are integrated from different platforms such as Device42 , Qualys, Microsoft M365, and Defender. We are aggregating all our assets from different tools into JupiterOne .
A specific example of how we use JupiterOne day-to-day is being able to draw a network flow of how network traffic travels through the network, starting from the edge devices to the internal devices. We are also using JupiterOne to track assets that are being brought in and assets that are leaving the environment. Additionally, we are using JupiterOne as the source of truth for many other things that we are doing. Some of my other teammates in areas such as data are tapping into it for asset categorization.
How has it helped my organization?
JupiterOne has had a significant impact on our organization. Previously, when looking at security alerts, we would need to examine different tools separately. Now, we often take the IP address or the FQDN and input it into JupiterOne, which usually tells us what that asset is. We are ingesting data from places such as AWS , Azure , Device42 , Qualys, Defender, and Trend Micro. These are different tools that, on a good day without JupiterOne, we would have to look at separately to determine where a particular asset is. JupiterOne helps us aggregate all those things on one single platform, allowing us to quickly identify what environment that asset lives in and what type of asset it is.
One feature we also value is the ability to enter custom tags so we can create asset types or asset locations and detail who owns the asset. These features have positively impacted us at Landmark Information Group.
What is most valuable?
I think one of the best features JupiterOne offers is blast radius, being able to see assets that could be directly or indirectly affected by any cyber incident or to see how some assets communicate with other assets and some do not communicate with other assets. I also think it is easy to query assets and find assets using queries and build out graphs that often make it easy for us to drill down on certain types of assets or categories of assets.
The blast radius feature has helped our team because, in security operations, one of the first places we look when investigating an alert is JupiterOne. We might enter the IP address or the FQDN of the server to find out where it is, who owns it, and what it does. At that point in time, we identify other assets that might be in the same environment or the same place where that asset lives, which helps us when we are doing security operations and investigating alerts.
What needs improvement?
There are some features that I have shared with our customer service manager. One of them that is relevant to us at this time is the need for better determination of unified devices. Currently, JupiterOne uses hostname weights, MAC addresses, or IP addresses to tie devices together, but we have actually requested a way for us to make those determinations ourselves. For example, when externally scanning a device using Qualys, internally it gives an IP address or FQDN, while externally it might be different. We want to be able to decide ourselves that these two devices are the same device even when they have different names and IP addresses for external and internal use. The unified devices feature is valuable and did not used to exist, and it has been fantastic. However, I believe more can be done regarding unified devices, and giving users the privilege to tie them together would be a good addition to the platform.
One of the other things that interest us in JupiterOne and why we really wanted to use the tool is the compliance feature. We wanted to use it to track our compliance since we are ISO 27001 certified. However, the compliance module has not worked well, and we have had to continue tracking our compliance manually with the tools we use. Although there are some works in progress to improve the compliance part of the tool, I think if they can get it up to speed, that would be a really good improvement.
For how long have I used the solution?
I have been using JupiterOne for three years. I was initially recruited with Landmark Group to be a subject matter expert for JupiterOne.
What other advice do I have?
JupiterOne has many features. Although none comes to mind almost immediately, I know it often depends on how we are able to write or craft the queries. JupiterOne has been very instrumental to me in my work. Being the subject matter expert for JupiterOne at Landmark, I think it has been very beneficial for me.
JupiterOne has been quite helpful to us, especially in information security. One of the things it helps us with is housekeeping, allowing us to see where there are duplicates and address those.
I would rate JupiterOne an eight. JupiterOne is a strong tool, and there are some issues that need to be addressed, but overall, I think it is a good tool. The reason I am giving it an eight is that there are features that are not its strengths, which is understandable, but it performs very well in the aggregation of assets from different platforms.
I would definitely recommend JupiterOne because some of the features I have mentioned here are part of what makes it strong. The aggregation of tools from different platforms into one single repository allows you to easily query assets by typing their IP address, hostname, or FQDN. I believe that is JupiterOne's greatest strength. Additionally, you can create dashboards or widgets for a high-level overview, and JupiterOne can track trends over time, telling you if something is increasing, decreasing, or remaining stable. Those are part of the great features that JupiterOne has, and I would recommend it to anyone needing a single cyber asset tool.
Verified User in Financial Services
Good application
Reviewed on Apr 08, 2025
Review provided by G2
What do you like best about the product?
Cloud native cyber asset, security configuration
What do you dislike about the product?
Nothing to dis like about this. Good application
What problems is the product solving and how is that benefiting you?
problems related to cybersecurity asset visibility and management, providing a platform to aggregate and analyze data from various sources to gain a comprehensive view of an organization's digital assets and attack surface
Prakhar Pandey
An user friendly solution for writing queries with intuitive flow
Reviewed on Sep 13, 2023
Review provided by PeerSpot
What is our primary use case?
We use the solution for writing all the queries. There is a lot of variation for machine learning projects like data processing, data analysis, and pipeline creation. It has the flexibility to work on different kinds of things like ML projects and clustering algorithms like regression analysis.
What is most valuable?
The product’s UI is pretty decent and fast. You can increase GPUs and other features like importing files and everything, which is tricky in Google Collab but better in Jupiter .
What needs improvement?
There should be more integration or an update to the visualization part of the charts or other graphs we plot. Currently, it integrates from your local directive with your local PC. If it is integrated into other platforms, that would be great. You can only write Python queries in Jupiter , not other languages, like, SQL or PySpark. Databricks is a software that provides writing queries in different languages. Jupiter should allow us to write in different languages.
For how long have I used the solution?
I have been using JupiterOne for more than three years. We are using the latest version of the solution.
What do I think about the stability of the solution?
The product is stable. I rate the solution’s stability an eight out of ten.
What do I think about the scalability of the solution?
We have 50+ users using this solution. I rate the solution’s scalability a seven out of ten.
How are customer service and support?
There is not much support needed for the software.
Which solution did I use previously and why did I switch?
I’ve used PyCharm before, but I switched to Jupiter because of its interface, query writing, and sequence capabilities. I find it better to write short-form notebooks, as these are easier to see and understand. The flow is also more intuitive, and the output certificate is displayed on the same line.
How was the initial setup?
The initial setup is decent and takes a minute to deploy. It would have taken maybe 15 to 30 minutes for the first time, but it’s not a difficult job to do. One person is enough for setup and maintenance. I rate the initial setup an eight, where one is difficult, and ten is easy.
What other advice do I have?
Overall, I rate the solution an eight out of ten.
Syed K.
Fantastic automated solution for compliance, Cyber security posture, and more.
Reviewed on Feb 01, 2023
Review provided by G2
What do you like best about the product?
I love how easy it is to set up integrations across different applications. Every aspect of JupiterOne encourages smooth automation and visual presentation through its insights tab. As an auditor, I highly appreciate JupiterOne's ability to update and reuse evidence automatically across different security frameworks - cutting down the tedious work of evidence submission/review by around 80%.
What do you dislike about the product?
I wished there was more documentation on how to pull more information from the raw data. More short instructional videos on how to use J1QL. The inability to edit controls on the compliance page, and finally, dark mode 😄
What problems is the product solving and how is that benefiting you?
Cutting down costs and time involving compliance and security posture.