Blog

Latest Hacks: Microsoft’s Hotmail, MSN Compromised With User Credentials

Microsoft has admitted that email accounts for MSN.com and Hotmail, both services owned and managed by Microsoft, have had their accounts compromised sometime between January 1 and March 28, 2019. It appears that attackers were able to identify user’s email addresses, email folder names, email subject lines, and the email addresses of those with whom […]

Read More…

Why Process-to-Process Visibility Is So Important

One of the challenges in securing processes operating in cloud environments is the visibility limitations imposed either by the cloud service provider or the customer’s solution architecture. In the case of the cloud service provider, because the environment is shared by everyone who has access to that cloud service, including many thousands of their customers […]

Read More…

Stratics Networks Robocaller Database Exposed on AWS

If robocalls raise your blood pressure and cause you to scream things your mother would not be proud of, you may want to avoid breakable items because now there is even MORE of a reason to be angry. Toronto-based Stratics Networks invented “ringless voicemails” which are used by telemarketers to autodial massive lists of numbers […]

Read More…

The New School of Security: Using the Cloud to Secure the Cloud

Legacy security was built on the premise of a moat; keep people and data away from the infrastructure, and they can’t attack it. Firewalls, intrusion detection systems, or intrusion prevention systems –  these tools delivered “network-centric” solutions and aimed to keep access at a safe distance. Originally, firewalls performed the task of preventing unwanted, and […]

Read More…

Facebook Exposes User Data Through Unprotected AWS S3 Buckets

Two repositories of unprotected Facebook user data sitting in Amazon S3 buckets have been discovered. More than 540 million files with personal data were exposed, potentially leaking hundreds of millions of records about users, including their names, passwords, comments, interests, and likes. The data sets had been uploaded to Amazon’s cloud system by two different […]

Read More…

File integrity monitoring Lacework

File Integrity Monitoring: Using Lacework’s SaaS Solution for SaaS Environments

One of the critical distinctions about Lacework is in our approach. While all security vendors talk about things like security posture and identification of threats, we have actually constructed a methodology that is tactically applied to finding issues, alerting on them, and preventing issues. We also realize that the best way to deliver security is […]

Read More…

Cloud Security This Week – March 29, 2019

New From Lacework Security Relevance Can’t Be Bought Surprisingly, some security vendors see the confusion in the problem and apply confusion to the solution. Palo Alto Networks has taken the approach that variety and inconsistency make for a compelling security story.  Avoiding Limitations of Traditional Approaches to Security To get a better understanding of the […]

Read More…

Ways to get cloud security wrong blog

There Are a Lot of Ways to Get Cloud Security Wrong

In a previous blog on new approaches to security, we looked at how traditional data center defenses were designed to protect a defined perimeter by monitoring and controlling data that moves in and out of the network environment. Defending the perimeter requires a layered defense strategy that typically includes routers, firewalls, antivirus protection, and access/ID […]

Read More…

Cloud Security This Week – March 22, 2019

New from Lacework Integrating DevOps and Security While DevOps emphasizes speed, it has not always necessarily focused as much on security. Learn the three key practices that are critical to integrating the processes and mindsets of DevOps and SecOps. Triaging a CryptoSink Infection in 5 Minutes with Lacework When triaging an alert, a security analyst […]

Read More…

Integrating DevOps and Security

With the cloud, enterprises gain operational and management advantages of agility, scalability, and ease of use. The cloud also enables IT teams to apply continuous integration/continuous deployment (CI/CD) methods to deliver applications and functionality rapidly. To capitalize on the capabilities of the cloud, many organizations are turning to a development and delivery methodology known as […]

Read More…

The Cloud’s Unique Security Challenges

The Cloud’s Unique Security Challenges

One of the greatest cloud security challenges comes from the fact that the cloud delivers its infrastructure components, things like gateways, servers, storage, compute, and all the resources and assets that make up the cloud platform environment, as virtual services. There is no traditional network or infrastructure architecture in the cloud. Deploying workloads into the […]

Read More…

Cloud Security This Week – March 1, 2019

New from Lacework Lacework at RSA Lacework is going to rock RSA, and we want you to join us! Here’s a guide to all the Lacework parties, sessions, panels, and secrets to getting our sweet swag. Booth #4603 – we’ll be there with the volume cranked up to 11! Avoiding Container Vulnerabilities To get a […]

Read More…

For Those About To Rock RSA, Lacework Salutes You!

The city by the bay is the birthplace of the Grateful Dead, Journey, Sly & the Family Stone and a pantheon of great rockers. The Sex Pistols famously went out in a blaze of glory at the Mabuhay Gardens on Broadway, and Metallica still comes home regularly to rock the bay. The history of rock […]

Read More…

PCI Compliance in the Public Cloud

Compliance frameworks provide a structure for how enterprises organize and secure their content and resources. Because they are created and governed for the purposes of protection and interoperability, they provide necessary safeguards that help organizations structure their security posture. They can also be onerous and burdensome which can lead to security and compliance teams falling […]

Read More…

Cloud Security This Week – February 22, 2019

New from Lacework Lacework Extends Multicloud Support With Workload And Account Security For Google Cloud Platform Lacework has released a new version that provides support for Google Cloud Platform (GCP) and Google Kubernetes Engine (GKE). This latest version allows customers to apply threat detection and deep visibility into cloud events for workloads and accounts across multiple […]

Read More…

Lacework for GCP: Security for Orchestration, Multicloud, and Kubernetes

This week, Lacework announced support for Google Cloud Platform (GCP), which further establishes our commitment to customers running workloads in multicloud environments. It comes on the heels of our recent support for Azure, and before that, support for Kubernetes. The net of all of this is that as organizations increase the reach of their data, […]

Read More…

Cloud Security This Week – December 21, 2018

New from Lacework Kubernetes CVE-2018-1002105 Given the release of CVE-2018-1002105, visibility and threat detection for your Kubernetes cluster is paramount. Kubernetes clusters can become very complex very fast. It’s important to stay a step ahead and have the insights you need to protect your cluster. My Mom is Sick and Tired of Your Weak S3 […]

Read More…

Blog | My Mom is Sick and Tired of Your Weak S3 Bucket Policies

My Mom is Sick and Tired of Your Weak S3 Bucket Policies

Cloud security has headlined so many stories over the past year that the term “leaky S3 bucket” even rolls off the tongue of my mother with ease and accuracy. Indeed, S3 bucket issues have become almost shorthand for the vulnerabilities that IT infrastructures face in the cloud, but they highlight just one problem among an […]

Read More…

Cloud Security This Week – December 14, 2018

New from Lacework AWS Spot Instance and Cloud Security All cloud providers have some type of a compute product offering which lets the user bid for the resource they need to complete or for more tasks. Amazon web services has led the way, offering a low cost EC2 usage option called Spot Instance. The model […]

Read More…

Cloud Security This Week – November 30, 2018

  At the risk of sounding like an alarmist, the fact is that this week was an absolute doozy for security-watchers. Leading off with the massive breach of 500 million Starwood customer records, to evidence that NSA hacking tools are still being used for nefarious purposes, it makes one question if we’re getting any better […]

Read More…

A Cybersecurity Three Pointer: How Basketball Explains Risk in the Cloud

A Cybersecurity Three Pointer: How Basketball Explains Risk in the Cloud

Photo by Erica Nilsson on Unsplash Basketball season is in full swing which means we’re in for some long range Steph Curry three pointers, savage Giannis Antetokounmpo dunks, and an endless supply of Gregg Popovich memes. Teams have to be ready for anything in the course of the season, and those most able to be […]

Read More…

Why Organizations Are Still Learning From the Uber Breach

Why Organizations Are Still Learning From the Uber Breach

Photo by Dan Freeman on Unsplash This has been a rough month for Vasile Mereacre and Brandon Glover. These two gentlemen were arrested for their parts as the hackers who stole millions of users’ data from Uber in 2016, and were also indicted on federal hacking and extortion charges for stealing user data from 55,000 […]

Read More…

Cloud Security This Week – October 26, 2018

  New from Lacework Security Table Stakes: A Blueprint for Securing Your Cloud Environment It’s important for a security strategy to pay attention to the different pieces of the cloud stack and address their unique security needs with the following approach and actions.   Webinar Replay: Prevent Cryptocurrency Mining in Your AWS Account Learn why […]

Read More…

Security Table Stakes: A Blueprint for Securing Your Cloud Environment

Security Table Stakes: A Blueprint for Securing Your Cloud Environment

Photo by Chris Liverani on Unsplash Security teams who are responsible for their organization’s workloads running in the cloud must first understand the layers that make up the components of their cloud stack. While different in structure from on-premises stacks, a cloud environment is still dependent upon each layer performing its key functions. Those layers […]

Read More…

Cloud Security This Week – October 19, 2018

  New from Lacework Anatomy of a Redis Exploit Insight into a honeypot experiment conducted by Lacework where we created a Redis honeypot. In our monitoring, we detected a cryptocurrency mining botnet that compromised the server by exploiting a Lua vulnerability. We explain the experiment framework and what we discovered.   Lacework Meetup: Securing Containers […]

Read More…

Cloud Security This Week - October 12, 2018

Cloud Security This Week – October 12, 2018

  New from Lacework Network Security Vendors Are Trying to Buy Their Way Into Relevance Consolidation, investment, and acquisition in the security market is a great validation that demand for the cloud continues at a breakneck pace. But it’s not necessarily making customers safer.   Inside Lacework: Set Up Lacework with AWS We cover how […]

Read More…

History is repeating itself with cybersecurity acquisitions. It’s NOT making organizations safer.

The New Security Stack: While old school security vendors are trying to buy their way into relevance, it’s still not making organizations any safer

Photo by Jacek Dylag on Unsplash We’ve heard it a million times: those who don’t learn from history are doomed to repeat it. Some of us take heed, while most figure we can beat history on our own terms. What we can’t beat, however is evolution. Evolution has brought us, both from a technology and […]

Read More…

Cybersecurity is Everyone’s Business, All the Time

Cybersecurity is Everyone’s Business, All the Time

Photo by Dianor S on Unsplash This week begins the Department of Homeland Security’s National Cyber Security Awareness Month which promotes awareness and best practices for how citizens should think about security and how it relates to their data, their organizations, and ultimately, our nation. Just as Smokey the Bear was created in the 1940’s […]

Read More…

Cloud Security This Week

Cloud Security This Week – September 28, 2018

  New from Lacework Cybersecurity in the News…Again…And Again A roundup of three major cybersecurity breaches. This is becoming common, and not just for people who live the world of cybersecurity. It’s a harbinger of our connected world, and one that keeps delivering headlines.   Secure Your AWS Cloud with Lacework Webcast replay that explains […]

Read More…

In the news - cyberattacks or the discovery of a breach of sensitive data.

I Read the News Today, Oh Boy

Photo by Flemming Fuchs on Unsplash Every morning, I begin my day with the same routine I’ve had for many years. You and I aren’t that close yet, so I won’t go into the specifics of my dawn activities, but I can safely divulge that it involves fleece, coffee, and a quick scan of the […]

Read More…

Privilege Escalation and a Proposal for Acceptable Exclusion

Privilege Escalation and a Proposal for Acceptable Exclusion

Photo by Annie Sowards on Unsplash “I’d never join a club that would allow a person like me to become a member.” — Woody Allen Social concepts about exclusivity and inclusion have changed over the last 50 years. It used to be common for social and professional clubs to aggressively seek homogeneity among their membership and exclude […]

Read More…

Lacework Supports PCI Compliance with FIM Solution

Lacework Supports PCI Compliance with FIM Solution

Photo by Samuel Zeller on Unsplash If you wanted to name a technology product category so it got beat up in the schoolyard, you might call it File Integrity Monitoring. Like a lot of products in the security space, File Integrity Monitoring (FIM) as a moniker accurately explains what the solution provides, but it’s about […]

Read More…

Lacework Kubernetes Meetup

Kubernetes, Pizza, and Learning From Our Community

  Yesterday was a big day for Lacework. We announced a $24 million series B round of funding which will help us continue our momentum in building the market’s most comprehensive cloud security solution. Even in today’s funding environment, that’s a significant amount, and we already have plans to invest heavily (and wisely) in product development, […]

Read More…

PCI Compliance for cloud environments: Tackle FIM and other requirements with a host-based approach

PCI Compliance for Cloud Environments: Tackle FIM and Other Requirements With a Host-Based Approach

Photo by Hannes Egler on Unsplash Compliance frameworks and security standards are necessary, but they can be a burden on IT and security teams. They provide structure, process, and management guidelines that enable businesses to serve customers and interoperate with other organizations, all according to accepted guidelines that facilitate a better experience for end users. […]

Read More…

We just looked at 2 billion #cloud events

I Just Looked at 2 Billion Cloud Events. Here’s What I Found.

Photo by Jase Ess on Unsplash Our relationship with Lacework customers usually starts with a 30-day trial of our solution. Going in to it, they typically acknowledge lack of necessary visibility into their cloud environment. They also, however, tend to massively discount the reality of threats and risks to which they’re exposing their users and data. It’s not […]

Read More…

How Ronaldo’s Hair Explains Cybersecurity

Security tools abound that promise to protect you from the looming threat of hackers everywhere. Many of them look great, but their value is dubious. They might perform some specific task like packet inspection at the perimeter or bot detection, but aren’t actually doing the complex work required to inspect the millions (and in some […]

Read More…