Account Security Solutions for Cloud Containers & Multicloud Environments
Comprehensive cloud account security for AWS, Azure, and GCP accounts
Visibility and Detection of Misconfigurations and Account Vulnerabilities
Lacework provides comprehensive cloud account security for AWS, Azure, and GCP accounts that provides insights about configuration changes that could lead to threats. At the console level of a cloud environment, an organization can inadvertently apply misconfigurations that could leak data or open up an easy attack surface to a hacker. With continuous updates and broad administrative access happening within cloud environments, account changes are normal. Yet, with increased activity comes increased vulnerability.
Through API integration between accounts, Lacework looks at all of the security-relevant configurations and identifies where the organization is passing or failing certain account security best practices for these particular configurations. These checks are run continuously, and security teams receive automated alerts about any configuration changes that violate security compliance. Among the myriad of issues that Lacework is looking for, it is able to identify things such as:
- S3 buckets in AWS that are misconfigured and left publicly open.
- Security groups allowing unrestricted access to SSH.
- IAM users that don’t have MFA enabled.
- Security groups that are misconfigured.
- New regions are being spun up specifically for Bitcoin mining.
Data from the cloud accounts are ingested, and Lacework applies machine learning to logs to generate high fidelity alerts on any behaviors or events that could be an indicator of compromise at the account resource level. Lacework also proactively alerts on any account security misconfigurations at the time they occur.
Ongoing Monitoring of Activity
- Detection and alerting of activity on all cloud platform resources, such as new activity in a region, activation of new services, or changes to access control lists.
- Changes to cloud account users, roles, or access policies.
- Access or customer master key tampering.
- Reduce alert fatigue with customizable alerts and reports that eliminate repetitive or irrelevant results.
Identify Configuration Issues
- Find Identity and Access Management (IAM) vulnerabilities, including root account, password requirements, and usage of MFA.
- Check for logging best practices enable log files across regions, and enable that log files are validated and encrypted.
- Monitor critical account activity such as unauthorized API calls and use of the management console for unauthorized purposes.
- Confirm secure network configurations, including limiting access to vulnerable ports, enforcing “least access” privileges, and checking for the use of flow logging.
Track Configuration Continuously
- Daily re-audit to maintain compliance and protection.
- Monitor account activity for abnormal activity, even when that activity is technical authorized.
- Receive customizable alerts when items change from compliant to non-compliant.
What Our Customers Say
- “[We] got rid of a lot of tools and the need to log into multiple interfaces…forget that mess!!! Hundreds of false positives before are now down to one and two things we need to pay attention to because of Lacework. Tracking down alerts was taking 50 percent of the Engineering / DevOps team’s time to triage and [make] changes. Now they get one to two per day, log on in the morning, check the few alerts and go about their day.”
- “A second set of eyes when it comes to security. With the growth of instances and containers, it is difficult to monitor and review every log or activity. By using Lacework, we’ve been able to use the Lacework AI to net down patterns, violations, and compliance activity all in a single dashboard saving time and resources. More importantly, historical charts and reports are extremely helpful for audits to demonstrate alerting, notification and review.”
- “Lacework Polygraph, within minutes of the attack occurring, was able to detect something that the other ones were not. It outperformed everything we’ve been doing.”
- “I’m extremely happy with Lacework. I sleep better at night knowing we have full visibility into our cloud operations. It was the one tool that checked all my security boxes.”
- “Lacework offers us speed and offers us the ability to focus on what we do in terms of building a great product that’s secure. I would definitely recommend it to other IT professionals or product companies that are building a cloud-based application.”
FAQs About Lacework's Account Security Solution
Lacework continually scans and analyzes API activity logs to create a baseline of normal activity in your cloud accounts and notifies you when potentially dangerous activity in a cloud account is detected.
Lacework has integrations into all 3 major cloud providers, AWS, GCP, and Azure. This allows for a single pane of glass that does not require configuring disparate tools across each cloud provider.
Lacework checks for common misconfigurations that can result in data leakage such as exposed S3 buckets. Additionally, Lacework looks at cloud account audit logs to identify any actions that may show risk.
Lacework uses cloud user audit logs to detect anomalous behavior in AWS. If a user creates new compute instances in a new region Lacework will detect this and alert you. This is a common action taken by attackers to hide compute that is being used for illicit cryptomining.
Lacework visualizes and baselines all user activity within AWS. Lacework looks for privileged usage and alerts on activity such as use of the root account within AWS. Additionally, by utilizing the baseline, Lacework can identify anomalies and privileged access to critical services such as IAM.
Account security solutions for cloud containers & multicloud
environments via a single unified console