Blog

Why Linux Servers Need Extra Security

These days, in both on-premise datacenters and cloud environments, Linux servers are at the core of enterprise computing. And most enterprises abide by commonly accepted guidelines for securing virtualized Linux servers with least-privilege access control, file encryption, segmentation, process isolation, and other best practices. But in highly scaled and dynamic cloud environments, where the containers […]

Read More…

Container Orchestration Demands a Security Focus

Containers and containerized applications running on cloud resources are delivering new levels of speed and efficiency to modern development teams. Containers are optimized for agile deployment, and can be run in on-premises and virtualized infrastructures. They require less coordination and oversight than large, monolithic applications, and are simply more flexible.  Automated, continuous integration and delivery […]

Read More…

A Deep Dive Into Three Popular CVE-2019-3396 PoCs Used in Confluence Attacks

When a new CVE comes out there is a dilemma between releasing and not releasing proof of concepts (PoCs). This dilemma is exacerbated by the potential impact of the vulnerability. Nothing illustrates this more than the anticipation surrounding BlueKeep, a vulnerability if exploited with RCE that could have major impacts. To date, there have been […]

Read More…

The Lacework Guide to AWS re:Inforce in Boston

Yeah, down by the river, Down by the banks of the river Charles, That’s where you’ll find me, Along with lovers, muggers, and thieves, Well I love that dirty water, Oh, Boston, you’re my home… – The Standells, “Dirty Water” Boston’s got it all – it was a hotspot for those fomenting a new nation […]

Read More…

Lacework Announces Complete Security Platform

The Lacework Complete Security Platform shifts left to provide complete security and compliance visibility across the entirety of an enterprise’s infrastructure footprint – from development to runtime, and for cloud, container, bare metal, and hybrid environments. […]

Read More…

Lacework Shifts Left

The Shift is On: Why Lacework is Extending Security From Run Time to Build Time

Software Requirements: FAST. GOOD. CHEAP. Choose any two… When I started my career as an engineer, that was a joke we used to kick around. That was at a time when development projects ran into multiple quarters and often relied on layers of project managers to keep other projects managers honest, so those project managers […]

Read More…

Lacework Announces Complete Security Platform to Secure Development and Runtime Environments

Mountain View, Calif. – June 20, 2019 –  Lacework®, the industry’s first solution to deliver complete security at scale for cloud and container environments, today announced the addition of build-time security capabilities to complement existing run-time platform for cloud, container and hybrid environments. With this update, the Lacework Complete Security Platform will “shift left” to […]

Read More…

Container Orchestration Demands the Right Security Approach

Advances in container orchestration, service meshing, and microservices have improved the lives of developers who are increasingly evaluated on their ability to deliver rapidly and continuously. With the support of containers, applications are more portable and can be deployed and scaled more quickly and reliably than in traditional deployment models. Automated continuous integration and delivery […]

Read More…

Cloud Controls to Major Tom: A Quick Guide to Configuration as a Security Measure

Regardless of the type of cloud service offering you choose, IaaS, PaaS, or SaaS, there remain universal security risks that you must always manage, including risks of over privileged access, a broad surface area, vulnerable code, or the improper use and storage of secrets. For each of these risks there will be controls that you […]

Read More…

Lacework: Leading the Way From Product to Platforms

This has been a busy, and quite humbling week for me as I have accepted the position as CEO of Lacework. I already feel fortunate to work with this extraordinarily talented and energetic team, but now I’ll have the opportunity to help them execute a strategy to establish Lacework as the most innovative, customer-focused security […]

Read More…

Lacework

Security Industry Veteran Dan Hubbard Named CEO of Lacework

Mountain View, Calif. – June 6, 2019 –  Lacework®, the industry’s first solution to deliver continuous security at scale for cloud and container environments, today announced the appointment of Dan Hubbard as the company’s new chief executive officer (CEO). Well-known as a thought leader in existing and emerging security, Hubbard will be responsible for the […]

Read More…

Without Security Visibility and Analysis, BlueKeep Keeps on Keeping On

BlueKeep, a severe security vulnerability (CVE-2019-0708) that affects the Remote Desktop Protocol (RDP) service in Windows XP, Windows Vista, and other older Windows OS versions, is spreading rapidly, due in part to its ability to be remotely exploitable. While this has the structure of a classic attack, it’s also unique because its wicked efficiency essentially […]

Read More…

Host Intrusion Detection for Compliance in AWS and Multicloud Environments

To be compliant, an organization must ensure continuous awareness of every action that might affect configurations. These are not a one-size-fits-all type of occurrence, either; they happen at the application, ID, workload, and host layers of the cloud. This is where organizational and user data is being transacted, and because of the AWS Shared Responsibility […]

Read More…

Misconfigured Servers Leave 2.3 Billion Private Files Exposed

OVERVIEW A report filed over the weekend detailed research that discovered more than 2 billion files exposed online from a variety of sources, including cloud servers, network-based storage, and company-owned date repositories. The discovery includes a massive trove of credit card information, medical records, private photographs, and details of intellectual property patents. While not all […]

Read More…