JupiterOne launches Continuous Controls Monitoring to test security controls against live asset data

JupiterOne Inc. has introduced Continuous Controls Monitoring (CCM), a new solution aimed at validating security and compliance controls in dynamic environments. Unlike traditional tools that rely on screenshots or point-in-time reviews, CCM evaluates controls against live asset data, detecting drift as it occurs and generating real-time audit evidence. The product maps controls across frameworks such as System and Organization Controls 2 (SOC 2), ISO 27001, NIST Cybersecurity Framework, FedRAMP, and HIPAA, leveraging JupiterOne’s graph-based data model and over 200 integrations to assess relationships between assets, identities, and cloud resources. CCM goes beyond isolated API checks, exposing underlying queries and test logic to build auditor trust. Its AI layer enables users to ask compliance questions in natural language, retrieving answers on control status, evidence, and framework alignment. Kevin Tonkin, JupiterOne’s Chief Product Officer, emphasized the gap between policy existence and operational effectiveness, stating that security teams need tools to prove controls function in environments that change hourly. The launch aligns with industry trends favoring real-time assurance over periodic attestations, positioning JupiterOne as a provider of security-focused governance, risk, and compliance (GRC) solutions. The company will showcase CCM at Infosecurity Europe in London from June 2 to 4, following recent product expansions like AI Attack Surface Management and Unified Vulnerability Management. JupiterOne has secured $119 million across four funding rounds, with investors including Bain Capital Ventures, Cisco Investments, and Splunk Ventures. The company’s growth reflects its focus on addressing evolving security challenges, particularly in cloud and hybrid environments where traditional compliance tools fall short.