Embed build-time to run-time security in your Bitbucket delivery pipeline
Bringing together the power of Lacework and New Relic
A data-driven approach to observability and cloud security.
Organizations recognize the need to integrate security into their software development process. However, microservice architectures, multi-cloud infrastructure, containers, and Kubernetes all introduce new vectors for vulnerabilities.
Atlassian Bitbucket Cloud is a Git-based code hosting and collaboration tool built for teams. Its various integrations bring the entire software team together and provide a single place to collaborate on code (from concept to Cloud), build quality code through automated testing, and confidently deploy the code when finished.
Security with Lacework
Lacework delivers end-to-end visibility into everything that’s going in a customer’s cloud. Our technology analyzes data from applications, services, users, and networks to detect threats, vulnerabilities, misconfigurations, and sketchy activity.
Lacework’s machine learning discerns what’s normal in the cloud environment and alerts to anomalous behavior, giving the full context to make investigations quick and easy. Best of all, with our behavioral analytics, there is no need to write or maintain the rules used by legacy security tools.
Lacework + Atlassian Bitbucket Cloud
The Lacework Scan pipe allows Bitbucket Cloud customers to integrate Lacework security capabilities deeply into the CI/CD process by allowing you to scan and assess Docker container images and software packages for vulnerabilities.
Lacework’s unique container and Kubernetes workload protection features allow your organization to embed security in your company’s software delivery pipeline from code build to deployment as well as embed security at multiple stages of your software supply chain while providing multiple redundant and overlapping layers of security.
By integrating Lacework into your Bitbucket Cloud, you’ll be able to:
- Detect vulnerabilities in container images and software packages.
- Discover software vulnerabilities during the build process and prevent software from being deployed.
- Enable an additional layer of protection from Lacework’s comprehensive suite of build to runtime software security features.
- Quickly integrate the Lacework Inline Scanner into your Bitbucket Pipelines CI/CD – add the Lacework Scan Pipe in just a few seconds.
- Send your alerts to Jira for triage and resolution
FAQs About Lacework's Account Security Solution
Lacework continually scans and analyzes API activity logs to create a baseline of normal activity in your cloud accounts and notifies you when potentially dangerous activity in a cloud account is detected.
Lacework has integrations into all 3 major cloud providers, AWS, GCP, and Azure. This allows for a single pane of glass that does not require configuring disparate tools across each cloud provider.
Lacework checks for common misconfigurations that can result in data leakage such as exposed S3 buckets. Additionally, Lacework looks at cloud account audit logs to identify any actions that may show risk.
Lacework uses cloud user audit logs to detect anomalous behavior in AWS. If a user creates new compute instances in a new region Lacework will detect this and alert you. This is a common action taken by attackers to hide compute that is being used for illicit cryptomining.
Lacework visualizes and baselines all user activity within AWS. Lacework looks for privileged usage and alerts on activity such as use of the root account within AWS. Additionally, by utilizing the baseline, Lacework can identify anomalies and privileged access to critical services such as IAM.