Account Security Solutions for Cloud Containers & Multicloud Environments
Comprehensive cloud account security for AWS, Azure, and GCP accounts
Visibility and Detection of Misconfigurations and Account Vulnerabilities
Lacework provides comprehensive cloud account security for AWS, Azure, and GCP accounts that provides insights about configuration changes that could lead to threats. At the console level of a cloud environment, an organization can inadvertently apply misconfigurations that could leak data or open up an easy attack surface to a hacker. With continuous updates and broad administrative access happening within cloud environments, account changes are normal. Yet, with increased activity comes increased vulnerability.
Through API integration between accounts, Lacework looks at all of the security-relevant configurations and identifies where the organization is passing or failing certain account security best practices for these particular configurations. These checks are run continuously, and security teams receive automated alerts about any configuration changes that violate security compliance. Among the myriad of issues that Lacework is looking for, it is able to identify things such as:
- S3 buckets in AWS that are misconfigured and left publicly open.
- Security groups allowing unrestricted access to SSH.
- IAM users that don’t have MFA enabled.
- Security groups that are misconfigured.
- New regions are being spun up specifically for Bitcoin mining.
Data from the cloud accounts are ingested, and Lacework applies machine learning to logs to generate high fidelity alerts on any behaviors or events that could be an indicator of compromise at the account resource level. Lacework also proactively alerts on any account security misconfigurations at the time they occur.
Identify Configuration Issues
- Find Identity and Access Management (IAM) vulnerabilities, including root account, password requirements, and usage of MFA.
- Check for logging best practices enable log files across regions, and enable that log files are validated and encrypted.
- Monitor critical account activity such as unauthorized API calls and use of the management console for unauthorized purposes.
- Confirm secure network configurations, including limiting access to vulnerable ports, enforcing “least access” privileges, and checking for the use of flow logging.
Track Configuration Changes Continuously
- Daily re-audit to maintain compliance and protection.
- Monitor account activity for abnormal activity, even when that activity is technical authorized.
- Receive customizable alerts when items change from compliant to non-compliant.
Ongoing Monitoring of Activity
- Detection and alerting of activity on all cloud platform resources, such as new activity in a region, activation of new services, or changes to access control lists.
- Changes to cloud account users, roles, or access policies.
- Access or customer master key tampering.
- Reduce alert fatigue with customizable alerts and reports that eliminate repetitive or irrelevant results.
- “As a Lacework customer we are excited to see their continued innovation in the area of multi-cloud support and, in particular, deep integration with Kubernetes and GKE.”
Will Gregorian | Iterable
- “Lacework Polygraph, within minutes of the attack occurring, was able to detect something that the other ones were not. It outperformed everything we’ve been doing.”
Mario Duarte | Snowflake Computing
- “I’m extremely happy with Lacework. I sleep better at night knowing we have full visibility into our cloud operations. It was the one tool that checked all my security boxes.”
Devin Ertel | Guidebook
- “Lacework offers us speed and offers us the ability to focus on what we do in terms of building a great product that’s secure. I would definitely recommend it to other IT professionals or product companies that are building a cloud-based application.”
Ian O’Brien | Arista Networks
FAQs About Lacework's Account Security Solution
Lacework continually scans and analyzes API activity logs to create a baseline of normal activity in your cloud accounts and notifies you when potentially dangerous activity in a cloud account is detected.
Lacework has integrations into all 3 major cloud providers, AWS, GCP, and Azure. This allows for a single pane of glass that does not require configuring disparate tools across each cloud provider.
Lacework checks for common misconfigurations that can result in data leakage such as exposed S3 buckets. Additionally, Lacework looks at cloud account audit logs to identify any actions that may show risk.
Lacework uses cloud user audit logs to detect anomalous behavior in AWS. If a user creates new compute instances in a new region Lacework will detect this and alert you. This is a common action taken by attackers to hide compute that is being used for illicit cryptomining.
Lacework visualizes and baselines all user activity within AWS. Lacework looks for privileged usage and alerts on activity such as use of the root account within AWS. Additionally, by utilizing the baseline, Lacework can identify anomalies and privileged access to critical services such as IAM.