Anomaly Detection for Cloud Container Environments
Detect anomalies which are indicators of threats that deviate from your base model of normal infrastructure behavior established through machine learning
Identify and analyze anomalies in cloud and container environments
Public clouds enable enterprises to implement infrastructure-as-code and allows them to rapidly develop, test, and deploy services at scale. In this environment, network, storage and compute resources are in constant flux to adapt to business needs. While this agility and flexibility provide many business and technological benefits, the cloud is also more susceptible to new forms of threats and cyber attacks. Unfortunately, legacy security solutions are unequipped to handle these and leave organizations vulnerable.
Big Data and Anomaly Detection to Secure The Cloud
Traditional security solutions rely on signatures or rule-based approaches. The advantage of these solutions is that the rules are readily understandable. However, the drawbacks are that these rules are manually entered and catch known attack profiles. These rules do not catch new attack profiles and require constant manual maintenance. In addition, to reduce false positive rates, the rules are typically written for very well defined threat scenarios, limiting their effectiveness in actual production environments.
Lacework takes a completely different approach to anomaly detection. Our approach is to collect high fidelity process, network, file, and user data to form a base model of normal infrastructure behavior. We then use sophisticated analytics and machine learning techniques to detect anomalies which are indicators of threats.
The Lacework anomaly detection system is adaptive as your environment changes. In addition, because these baselines are generated automatically (not manually created), our system can be fine tuned to reduce false positives at the same time.
Lacework's Cloud Workload and Container Security Solutions
Are Trusted by These Amazing Companies
- “As a Lacework customer we are excited to see their continued innovation in the area of multi-cloud support and, in particular, deep integration with Kubernetes and GKE.”
Will Gregorian | Iterable
- “Lacework Polygraph, within minutes of the attack occurring, was able to detect something that the other ones were not. It outperformed everything we’ve been doing.”
Mario Duarte | Snowflake Computing
- “I’m extremely happy with Lacework. I sleep better at night knowing we have full visibility into our cloud operations. It was the one tool that checked all my security boxes.”
Devin Ertel | Guidebook
- “Lacework offers us speed and offers us the ability to focus on what we do in terms of building a great product that’s secure. I would definitely recommend it to other IT professionals or product companies that are building a cloud-based application.”
Ian O’Brien | Arista Networks
FAQs About Lacework's Anomaly Detection Solution
Lacework’s approach uses automation and unsupervised machine learning. The Lacework anomaly detection system is adaptive as your environment changes. In addition, because these baselines are generated automatically, and our system continually tunes, Lacework is able to deliver high fidelity alerts.
The Lacework Security Platform eliminates false positives and significantly reduces the number of alerts generated and the amount of time needed to investigate all alert events without sacrificing fidelity. We do this by maintaining a rich contextual understanding of each client environment, along with detecting and scoring meaningful changes to nominal behavior.
The Lacework Policy Editor can be used to build customized workload policies which trigger alerts on matching criteria.
Once deployed, the Lacework Cloud Security Platform immediately starts building a contextual understanding of each customer environment. For most environments, Lacework will create a complete contextual map and baseline understanding of each monitored environment within 24-48 hours, depending on the level of activity.