Blog

Avoid Gaps in Native Cloud Security Tools With a Comprehensive Security Approach, Part 2

Avoid Gaps in Native Cloud Security Tools With a Comprehensive Security Approach, Part 2

In the first installment of this two-part series, we looked at why organizations must understand the specific cloud features and services are available from their cloud service providers (CSP). Additionally, we went into detail about the importance of appropriately configuring them to ensure their own cloud-environment remains appropriately secure. Many of the services offered by […]

Read More…

Cryptomining Malware Using NSA Hacking Code is Spreading Rapidly

Cryptomining Malware Using NSA Hacking Code is Spreading Rapidly

The combination of an anonymous currency and leaked government security exploits have led to a rising new threat for system administrators. While cybercriminals have long featured an assortment of ideologically driven activists or rising stars hoping to make a name for themselves with their peers, the vast majority of them are motivated by money. In […]

Read More…

Lacework Resolves the Container Security Gap

Lacework Resolves the Container Security Gap

Lacework was among the first cloud security vendors to highlight the need for rigorous container security. Lacework’s security solutions are designed for containerized environments with ephemeral entities. Lacework’s native container support is designed to reduce the attack surfaces.  By automatically discovering every container across a user’s environment, Lacework establishes a baseline of known good behavior, […]

Read More…

Developing a Security-First Model for Cloud Compliance

Developing a Security-First Model for Cloud Compliance

Compliance looks for proof that organizations do what they say they do. Security requirements come in many forms beginning with your organization’s own information security policy. Your security policy should align with your organization’s business objectives and reflect your specific infrastructure and services. Compliance with internal security policy can be assessed through internal security reviews […]

Read More…

The Rise of DevOps and the Fall of Organizational Walls

The Rise of DevOps and the Fall of Organizational Walls

Historically, IT organizations liked building walls. Infrastructure had access to hardware, system admins had access to operating systems and deployments, and developers wrote code. If you needed insight from a system, you found who owned it and asked for logs. Teams would get in war rooms when an issue occurred, and everyone would pull their […]

Read More…

Enforce Security Through Policy-as-Code

Enforce Security Through Policy-as-Code

Automation is key for so many reasons; it can help to speed up the security workflow, from alerting, to ticketing, to task assignment and remediation, it can help to combat threats in real-time and even enable you to impose policy as code. Companies that embrace the DevOps movement invest a lot in automation, and for […]

Read More…

Cloud Anomaly Detection and Vulnerability Assessment Needs to Yield Actionable Alerts

Cloud Anomaly Detection and Vulnerability Assessment Needs to Yield Actionable Alerts

Continuous real-time anomaly detection and behavioral analysis must be capable of monitoring all event activity in your cloud environment, correlate activity among containers, applications, and users, and log that activity for analysis after containers and other ephemeral workloads have been recycled. This monitoring and analysis must be able to trigger automatic alerts. Behavioral analytics make […]

Read More…

Developing a Cloud & Container Incident Response Plan

Developing a Cloud & Container Incident Response Plan

Critical to eliminating or reducing the impact of security incidents is to have an incident response plan. Without a well-planned incident response plan, it is nearly impossible to manage complex incidents affecting multiple services and teams in a high-stress situation. If you already have an incident response plan in place and automated configuration compliance, they […]

Read More…

A Quick Guide to Container Orchestration Vulnerabilities

A Quick Guide to Container Orchestration Vulnerabilities

Containers and containerized applications running on cloud resources are delivering new levels of speed and efficiency to modern development teams. Containers are optimized for agile deployment, so they require less coordination and oversight than on-premises or virtualized infrastructures and, in many cases, are simply more flexible. Automated, continuous integration and delivery pipelines help ensure code […]

Read More…

Enhancing Native Kubernetes Security

Enhancing Native Kubernetes Security

By 2022, 75% of enterprises (a sharp rise from 30% in 2019) are expected to run containerized applications globally. The visible benefits of automating container orchestration with Kubernetes is a key force behind this rapid adoption. Unfortunately, this also increases risks as a compromise in Kubernetes can potentially impair the entire containerized environment.  The hyper-dynamic […]

Read More…

Lacework Threat Detection in Cloud Environments: A Quick Guide

Lacework Threat Detection in Cloud Environments: A Quick Guide

There’s an enormous amount of event activity in the cloud. A busy cloud environment can generate eight to ten billion events per month, which makes threat detection a challenge. Moreover, in the cloud where ephemeral servers and containers come and go on-demand, malicious activity can escape detection unless the visibility into events and behaviors is […]

Read More…

How Capital One Illustrates the Need for Cloud Configuration Visibility

How Capital One Illustrates the Need for Cloud Configuration Visibility

By now, we all know the story – the personal data of 106 million Capital One card customers and applicants was accessed by a hacker, making it one of the largest data breaches of a financial institution. We’re already seeing a cottage industry being built around “what’s in your wallet” memes, and just when the […]

Read More…

Cloud Security Incident Response: Continuous vs. Emergency Approaches

Cloud Security Incident Response: Continuous vs. Emergency Approaches

Continuous monitoring and behavior analysis is essential to identifying vulnerabilities that exist within an organization’s environment. The monitoring solution should be able to identify anomalies for every activity happening within a cloud environment by baselining, and then analyzing, the actions of applications, networks, users, and all the different types of resources being used. By doing […]

Read More…

How to Improve Breach Detection in the Cloud

How to Improve Breach Detection in the Cloud

Security and proper incident response are business-critical concerns which cannot be treated as afterthoughts. In fact, as technology supports almost all business-critical decisions and activities, security and compliance must be prioritized and embedded into an organization’s business practices. In complex, cloud environments, the threat of breaches and other security issues still loom large, but with […]

Read More…

Cloud Compliance Security, Part 2: The Importance of Security Controls

Cloud Compliance Security, Part 2: The Importance of Security Controls

In our previous blog on compliance security, we looked at the importance of an organizations’ security approach and how to effectively build requirements that meet cloud compliance security demands. Among the many ways to carry this out, adhering to the right security controls is an effective way to ensure compliance needs are met. Security teams […]

Read More…

Cloud Compliance Security, Part 1: Understanding Expectations & Building Requirements

Cloud Compliance Security, Part 1: Understanding Expectations & Building Requirements

Most organizations associate their cloud compliance programs together with governance and risk. Governance, risk and compliance (GRC) programs represent a collection of controls designed to ensure that your organization manages their information security risks appropriately and that your security controls operate effectively. GRC programs work to identify gaps in your cloud security controls and also provide […]

Read More…

Why Linux Servers Need Extra Security

Why Linux Servers Need Extra Security

These days, in both on-premise datacenters and cloud environments, Linux servers are at the core of enterprise computing. And most enterprises abide by commonly accepted guidelines for securing virtualized Linux servers with least-privilege access control, file encryption, segmentation, process isolation, and other best practices. But in highly scaled and dynamic cloud environments, where the containers […]

Read More…

Container Orchestration Demands a Security Focus

Container Orchestration Demands a Security Focus

Containers and containerized applications running on cloud resources are delivering new levels of speed and efficiency to modern development teams. Containers are optimized for agile deployment and can be run in on-premises and virtualized infrastructures. They require less coordination and oversight than large, monolithic applications, and are simply more flexible. Automated, continuous integration and delivery […]

Read More…

Lacework at AWS re:Invent

The Lacework Guide to AWS re:Inforce in Boston

Yeah, down by the river, Down by the banks of the river Charles, That’s where you’ll find me, Along with lovers, muggers, and thieves, Well I love that dirty water, Oh, Boston, you’re my home… – The Standells, “Dirty Water” Boston’s got it all – it was a hotspot for those fomenting a new nation […]

Read More…

Container Orchestration Demands the Right Security Approach

Advances in container orchestration, service meshing, and microservices have improved the lives of developers who are increasingly evaluated on their ability to deliver rapidly and continuously. With the support of containers, applications are more portable and can be deployed and scaled more quickly and reliably than in traditional deployment models. Automated continuous integration and delivery […]

Read More…

Cloud Controls to Major Tom: A Quick Guide to Configuration as a Security Measure

Cloud Controls to Major Tom: A Quick Guide to Configuration as a Security Measure

Regardless of the type of cloud service offering you choose, IaaS, PaaS, or SaaS, there remain universal security risks that you must always manage, including risks of over-privileged access, a broad surface area, vulnerable code, or the improper use and storage of secrets. For each of these risks, there will be controls that you must […]

Read More…

Without Security Visibility and Analysis, BlueKeep Keeps on Keeping On

Without Security Visibility and Analysis, BlueKeep Keeps on Keeping On

BlueKeep, a severe security vulnerability (CVE-2019-0708) that affects the Remote Desktop Protocol (RDP) service in Windows XP, Windows Vista, and other older Windows OS versions, is spreading rapidly, due in part to its ability to be remotely exploitable. While this has the structure of a classic attack, it’s also unique because its wicked efficiency essentially […]

Read More…

Host Intrusion Detection for Compliance in AWS and Multicloud Environments

Host Intrusion Detection for Compliance in AWS and Multicloud Environments

To be compliant, an organization must ensure continuous awareness of every action that might affect configurations. These are not a one-size-fits-all type of occurrence, either; they happen at the application, ID, workload, and host layers of the cloud. This is where organizational and user data is being transacted, and because of the AWS Shared Responsibility […]

Read More…

Misconfigured Servers Leave 2.3 Billion Private Files Exposed

Misconfigured Servers Leave 2.3 Billion Private Files Exposed

OVERVIEW A report filed over the weekend detailed research that discovered more than 2 billion files exposed online from a variety of sources, including cloud servers, network-based storage, and company-owned data repositories. The discovery includes a massive trove of credit card information, medical records, private photographs, and details of intellectual property patents. While not all […]

Read More…

Automation Enables Security for DevOps and Run-Time

Automation Enables Security for DevOps and Run-Time

DevOps teams are driven by a constant need to develop, integrate, push, and innovate. IT consumerization is now essential for organizations who want to respond quickly to market demands, and it’s increasingly a critical element of competitive differentiation and market viability. It’s because of this that DevOps teams are adopting modern aspects of development, including […]

Read More…

The Benefits of a Host-Based IDS for Cloud Environments

The Benefits of a Host-Based IDS for Cloud Environments

There are significant benefits to using a Host-Based Intrusion Detection System (HIDS) to monitor system activities in cloud environments. Traditionally, most organizations struggled to choose between deploying a Host Based Intrusion Detection System (HIDS) and a Network Based Intrusion Detection System (NIDS). Each of these intrusion detection systems provided strengths and weaknesses. However, today’s cloud-based […]

Read More…

If You Can See It, You Can Secure It: Anomaly Detection in the Cloud

If You Can See It, You Can Secure It: Anomaly Detection in the Cloud

No matter what you sell to customers, you are in the data business. Data is used to help your people make better decisions, deliver better products and services, and maintain competitive advantages. The trove of data you’re sitting on includes all kinds of private information, including payment card details, employee records, health data, and various […]

Read More…

Effective Compliance Requires a Security-First Approach

Effective Compliance Requires a Security-First Approach

In the cloud, compliance and security are highly reliant upon one another, and they share a common goal: responsibility for keeping an organization’s data, users, resources, and intellectual property safe and usable. While some organizations see these two as separate activities, smart enterprises recognize how effective compliance and security are tightly connected. The key, however, […]

Read More…

Visibility is Critical for Workload Threat Defense

Visibility is Critical for Workload Threat Defense

The dynamic nature of public cloud and hybrid environments expose applications to new forms of threats and cyber-attacks. Unfortunately, legacy security solutions are unequipped to handle these new threat vectors. Often, threats evade detection for extended periods of time. Longer threat detection cycles not only raises the organization’s risk profile, but it also impacts the bottom-line. […]

Read More…

Why Container Security Isn’t Enough

Why Container Security Isn’t Enough

How is it cloud container security is not ensuring data integrity or preventing data compromise?  What is Container Security? Container security has familiar controls such as: Access to build/update container software, code, deployment. Operating system security including patches and operating systems. Container labels (see table below for container definitions) which ensure services and replication across […]

Read More…

Citrix’ Undetected Hackers Are Why You Need Anomaly Detection

Citrix’ Undetected Hackers Are Why You Need Anomaly Detection

It’s been reported that Citrix’ internal networks were attacked for six months before the breach was discovered. Citrix officials stated that the hackers “removed files from our systems, which may have included files containing information about our current and former employees and, in limited cases, information about beneficiaries and/or dependents.” Apparently, that information may have […]

Read More…

80 Million Private Records Exposed on Microsoft Cloud Server

80 Million Personal Records Discovered on Open Microsoft Database

An open database with private information on 80 million American families was discovered on a Microsoft cloud server. It is not known what company owned the 24GB worth of data that was exposed, but researchers are tracking down that information. The magnitude of the breach is huge, representing more than half the total number of […]

Read More…

Rules and Best Practices Still Couldn’t Prevent the Docker Hub Breach

Rules and Best Practices Still Couldn’t Prevent the Docker Hub Breach

The recent Docker Hub breach hits home with anyone who develops and hosts code on Docker Hub, GitHub, or any other cloud-based repository. But while the magnitude of the damage was significant, it’s still remarkable that these kinds of breaches continue to happen. As of now, we know the Hub was not only exposed, but […]

Read More…

Do Data Leaks Have to Be So Common?

Do Data Leaks Have to Be So Common?

Just as you would protect your physical assets by locking the doors to your shop, the data that is stored and transacted in your cloud must also be secured like valuable assets. The problem, however, is that data changes, assets are spun up on the fly, and change is continuous. Data is used with such […]

Read More…

Be Quick But Don’t Hurry: Container Security in Cloud Environments

Be Quick But Don’t Hurry: Container Security in Cloud Environments

It’s hard to argue against the benefits of containers and containerized applications running on cloud resources. Containers enable agile deployment capabilities, so require less coordination and oversight than on-premises or virtualization infrastructure and, in many cases, offer more flexibility. Advances in container orchestration, service meshing, and microservices mean applications are more portable and can be […]

Read More…

Evisort Elasticsearch server exposed confidential data

Latest Hacks: Legal Docs Exposed Through Unprotected Elasticsearch Server

Evisort, a legal document and contracts management service, exposed highly sensitive data through an unprotected Elasticsearch server. This kind of thing is happening with greater frequency as environments become numerous and complex and are coupled with powerful, easy to use software. In our latest Hack Report, learn how to implement access controls, proper authentication, user, […]

Read More…

Microsoft's Hotmail and MSN Accounts Compromised Through User Credentials

Latest Hacks: Microsoft’s Hotmail, MSN Compromised With User Credentials

Microsoft has admitted that email accounts for MSN.com and Hotmail, both services owned and managed by Microsoft, have had their accounts compromised sometime between January 1 and March 28, 2019. It appears that attackers were able to identify user’s email addresses, email folder names, email subject lines, and the email addresses of those with whom […]

Read More…

Why Process-to-Process Visibility Is So Important

Why Process-to-Process Visibility Is So Important

One of the challenges in securing processes operating in cloud environments is the visibility limitations imposed either by the cloud service provider or the customer’s solution architecture. In the case of the cloud service provider, because the environment is shared by everyone who has access to that cloud service, including many thousands of their customers […]

Read More…

Stratics Networks Robocaller Database Exposed on AWS

Stratics Networks Robocaller Database Exposed on AWS

If robocalls raise your blood pressure and cause you to scream things your mother would not be proud of, you may want to avoid breakable items because now there is even MORE of a reason to be angry. Toronto-based Stratics Networks invented “ringless voicemails” which are used by telemarketers to autodial massive lists of numbers […]

Read More…

The New School of Security: Using the Cloud to Secure the Cloud

The New School of Security: Using the Cloud to Secure the Cloud

Legacy security was built on the premise of a moat; keep people and data away from the infrastructure, and they can’t attack it. Firewalls, intrusion detection systems, or intrusion prevention systems –  these tools delivered “network-centric” solutions and aimed to keep access at a safe distance. Originally, firewalls performed the task of preventing unwanted, and […]

Read More…

Millions of Facebook User records on Unprotected AWS S3 Buckets

Facebook Exposes User Data Through Unprotected AWS S3 Buckets

Two repositories of unprotected Facebook user data sitting in Amazon S3 buckets have been discovered. More than 540 million files with personal data were exposed, potentially leaking hundreds of millions of records about users, including their names, passwords, comments, interests, and likes. The data sets had been uploaded to Amazon’s cloud system by two different […]

Read More…

File Integrity Monitoring: Using Lacework’s SaaS Solution for SaaS Environments

File Integrity Monitoring: Using Lacework’s SaaS Solution for SaaS Environments

One of the critical distinctions about Lacework is in our approach. While all cloud security vendors talk about things like security posture and identification of threats, we have actually constructed a methodology that is tactically applied to finding issues, alerting on them, and preventing issues. We also realize that the best way to deliver security […]

Read More…

cloudsecuritythisweek

Cloud Security This Week – March 29, 2019

New From Lacework Security Relevance Can’t Be Bought Surprisingly, some security vendors see the confusion in the problem and apply confusion to the solution. Palo Alto Networks has taken the approach that variety and inconsistency make for a compelling security story.  Avoiding Limitations of Traditional Approaches to Security To get a better understanding of the […]

Read More…

There Are a Lot of Ways to Get Cloud Security Wrong

There Are a Lot of Ways to Get Cloud Security Wrong

In a previous blog on new approaches to security, we looked at how traditional data center defenses were designed to protect a defined perimeter by monitoring and controlling data that moves in and out of the network environment. Defending the perimeter requires a layered defense strategy that typically includes routers, firewalls, antivirus protection, and access/ID […]

Read More…

Cloud Security This Week – March 22, 2019

New from Lacework Integrating DevOps and Security While DevOps emphasizes speed, it has not always necessarily focused as much on security. Learn the three key practices that are critical to integrating the processes and mindsets of DevOps and SecOps. Triaging a CryptoSink Infection in 5 Minutes with Lacework When triaging an alert, a security analyst […]

Read More…

Integrating DevOps and Security

Integrating DevOps and Security

With the cloud, enterprises gain operational and management advantages of agility, scalability, and ease of use. The cloud also enables IT teams to apply continuous integration/continuous deployment (CI/CD) methods to deliver applications and functionality rapidly. To capitalize on the capabilities of the cloud, many organizations are turning to a development and delivery methodology known as […]

Read More…