Anomaly Detection and Behavioral Analytics for Cloud Container Environments

Detect, track and alert on anomalies and potential threats by focusing on user and application behavior and how it changes over time

WATCH DEMO

icon VIEW SOLUTION BRIEF

Identify and Analyze Anomalies in Cloud and Container Environments

Public clouds enable enterprises to implement infrastructure-as-code and allows them to rapidly develop, test, and deploy services at scale. In this environment, network resources are in constant flux, providing ample opportunities for attackers. Unfortunately, legacy security solutions are ill-equipped to handle these and leave organizations vulnerable. IT security teams need solutions that leverage anomaly detection to safeguard cloud data.

Employ Big Data to Do Security

Traditional security solutions rely on signatures, or rule-based approaches, where rules are readily understandable – but the drawbacks are that these rules are manually entered and do not catch new attack profiles. To reduce false-positive rates, the rules are often written for very well-defined threat scenarios, limiting their effectiveness in production environments.

Lacework takes a completely different approach to anomaly detection. We collect high fidelity process, network, file, and user data to form a base model of normal infrastructure behavior. We then use sophisticated analytics and machine learning techniques to detect anomalies that may indicate threats. Our anomaly detection system is as adaptive as your environment is dynamic. In addition, because these baselines are generated automatically, we fine-tuned our solution to reduce false positives.

Use Lacework’s Polygraph to Bolster Security

Polygraph, our security foundation, and deep temporal baseline, is built from collecting machine, process, and user interactions. It detects anomalies, generates appropriate alerts, and provides a tool for users to investigate and triage issues.

This Polygraph technology dynamically develops a behavioral model of your services and infrastructure. Our model understands natural hierarchies including processes, containers, pods, and machines. It then develops behavioral models that Polygraph monitors in search of activities that fall outside the model’s parameters. In addition, the Polygraph continually updates its models in order to:

  • Pinpoint exactly how a file changes. 
  • Investigate anomalous events and activities related to FIM signals.
  • Provide cloud-wide capabilities for search, file type summaries, and detection of new files.

Get Integrated & Comprehensive Anomaly Detection

  • Pinpoint exactly how a file changed: content, metadata, and whether the file was modified or simply appended
  • Extended information on executables, such as files created without a package installation, command lines used at launch, currently running processes (with users and network activity), and suspect versions
  • Expanded file intelligence with integrated threat feeds from ReversingLabs’ library of 5 billion files
  • One-click investigation of anomalous events and activities related to FIM signals
  • Cloud-wide capabilities for search, file type summaries, and detection of new files

Use Cloud-Scale & Speed to See More

  • Automated configuration, file discovery, and operations
  • Scalable architecture with no added complexity or performance penalties
  • Anomaly detection included with all Lacework Cloud Security agents

Meet Your Compliance Mandates

  • Protect log and configuration files against tampering
  • Daily re-check of all monitored files
  • Pre-defined directory maps monitor critical files and directories
  • Easily configurable; users can add directories to the watch list

Detect and resolve anomalous changes in behavior across your workloads, containers, and IaaS accounts that represent a security risk or an IOC with Lacework’s comprehensive anomaly detection system for enterprise DevOps teams.

What Our Customers Say

 
  • “[We] got rid of a lot of tools and the need to log into multiple interfaces…forget that mess!!! Hundreds of false positives before are now down to one and two things we need to pay attention to because of Lacework. Tracking down alerts was taking 50 percent of the Engineering / DevOps team’s time to triage and [make] changes. Now they get one to two per day, log on in the morning, check the few alerts and go about their day.”
    Lacework Customer
  • “A second set of eyes when it comes to security. With the growth of instances and containers, it is difficult to monitor and review every log or activity. By using Lacework, we’ve been able to use the Lacework AI to net down patterns, violations, and compliance activity all in a single dashboard saving time and resources. More importantly, historical charts and reports are extremely helpful for audits to demonstrate alerting, notification and review.”
    Lacework Customer
  • “Lacework Polygraph, within minutes of the attack occurring, was able to detect something that the other ones were not. It outperformed everything we’ve been doing.”
    Mario Duarte
    Snowflake Computing
  • “I’m extremely happy with Lacework. I sleep better at night knowing we have full visibility into our cloud operations. It was the one tool that checked all my security boxes.”
    Devin Ertel
    Guidebook
  • “Lacework offers us speed and offers us the ability to focus on what we do in terms of building a great product that’s secure. I would definitely recommend it to other IT professionals or product companies that are building a cloud-based application.”
    Ian O’Brien
    Arista Networks

FAQs About Lacework's Anomaly Detection Solution

Lacework’s approach uses automation and unsupervised machine learning. The Lacework anomaly detection system is adaptive as your environment changes. In addition, because these baselines are generated automatically, and our system continually tunes, Lacework is able to deliver high fidelity alerts.

The Lacework Security Platform eliminates false positives and significantly reduces the number of alerts generated and the amount of time needed to investigate all alert events without sacrificing fidelity. We do this by maintaining a rich contextual understanding of each client environment, along with detecting and scoring meaningful changes to nominal behavior.

The Lacework Policy Editor can be used to build customized workload policies which trigger alerts on matching criteria.

Once deployed, the Lacework Cloud Security Platform immediately starts building a contextual understanding of each customer environment. For most environments, Lacework will create a complete contextual map and baseline understanding of each monitored environment within 24-48 hours, depending on the level of activity.

Supported Platforms

Account security solutions for cloud containers & multicloud
environments via a single unified console

Share this with your network
Twitter Twitter Twitter Share