Blog

Container Orchestration Demands a Security Focus

Containers and containerized applications running on cloud resources are delivering new levels of speed and efficiency to modern development teams. Containers are optimized for agile deployment, and can be run in on-premises and virtualized infrastructures. They require less coordination and oversight than large, monolithic applications, and are simply more flexible.  Automated, continuous integration and delivery […]

Read More…

The Lacework Guide to AWS re:Inforce in Boston

Yeah, down by the river, Down by the banks of the river Charles, That’s where you’ll find me, Along with lovers, muggers, and thieves, Well I love that dirty water, Oh, Boston, you’re my home… – The Standells, “Dirty Water” Boston’s got it all – it was a hotspot for those fomenting a new nation […]

Read More…

Container Orchestration Demands the Right Security Approach

Advances in container orchestration, service meshing, and microservices have improved the lives of developers who are increasingly evaluated on their ability to deliver rapidly and continuously. With the support of containers, applications are more portable and can be deployed and scaled more quickly and reliably than in traditional deployment models. Automated continuous integration and delivery […]

Read More…

Cloud Controls to Major Tom: A Quick Guide to Configuration as a Security Measure

Regardless of the type of cloud service offering you choose, IaaS, PaaS, or SaaS, there remain universal security risks that you must always manage, including risks of over privileged access, a broad surface area, vulnerable code, or the improper use and storage of secrets. For each of these risks there will be controls that you […]

Read More…

Without Security Visibility and Analysis, BlueKeep Keeps on Keeping On

BlueKeep, a severe security vulnerability (CVE-2019-0708) that affects the Remote Desktop Protocol (RDP) service in Windows XP, Windows Vista, and other older Windows OS versions, is spreading rapidly, due in part to its ability to be remotely exploitable. While this has the structure of a classic attack, it’s also unique because its wicked efficiency essentially […]

Read More…

Host Intrusion Detection for Compliance in AWS and Multicloud Environments

To be compliant, an organization must ensure continuous awareness of every action that might affect configurations. These are not a one-size-fits-all type of occurrence, either; they happen at the application, ID, workload, and host layers of the cloud. This is where organizational and user data is being transacted, and because of the AWS Shared Responsibility […]

Read More…

Misconfigured Servers Leave 2.3 Billion Private Files Exposed

OVERVIEW A report filed over the weekend detailed research that discovered more than 2 billion files exposed online from a variety of sources, including cloud servers, network-based storage, and company-owned date repositories. The discovery includes a massive trove of credit card information, medical records, private photographs, and details of intellectual property patents. While not all […]

Read More…

Automation Enables Security for DevOps and Run-Time

DevOps teams are driven by a constant need to develop, integrate, push, and innovate. IT consumerization is now essential for organizations who want to respond quickly to market demands, and it’s increasingly a critical element of competitive differentiation and market viability. It’s because of this that DevOps teams are adopting modern aspects of development, including […]

Read More…

The Benefits of a Host-Based IDS for Cloud Environments

There are significant benefits to using a Host-Based Intrusion Detection System (HIDS) to monitor system activities in cloud environments. Traditionally, most organizations struggled to choose between deploying a Host Based Intrusion Detection System (HIDS) and a Network Based Intrusion Detection System (NIDS). Each of these intrusion detection systems provided strengths and weaknesses. However, today’s cloud-based […]

Read More…

If You Can See It, You Can Secure It: Anomaly Detection in the Cloud

No matter what you sell to customers, you are in the data business. Data is used to help your people make better decisions, deliver better products and services, and maintain competitive advantages. The trove of data you’re sitting on includes all kinds of private information, including payment card details, employee records, health data, and various […]

Read More…

Effective Compliance Requires a Security-First Approach

In the cloud, compliance and security are highly reliant upon one another, and they share a common goal: responsibility for keeping an organization’s data, users, resources, and intellectual property safe and usable. While some organizations see these two as separate activities, smart enterprises recognize how effective compliance and security are tightly connected. The key, however, […]

Read More…

Visibility is Critical for Workload Threat Defense

The dynamic nature of public cloud and hybrid environments expose applications to new forms of threats and cyber-attacks. Unfortunately, legacy security solutions are unequipped to handle these new threat vectors. Often, threats evade detection for extended periods of time. Longer threat detection cycles not only raises the organization’s risk profile, but it also impacts the bottom-line. […]

Read More…

Why Container Security Isn’t Enough

How is it cloud container security is not ensuring data integrity or preventing data compromise?  What is Container Security? Container security has familiar controls such as: Access to build/update container software, code, deployment. Operating system security including patches and operating systems. Container labels (see table below for container definitions) which ensure services and replication across […]

Read More…

Citrix’ Undetected Hackers Are Why You Need Anomaly Detection

It’s been reported that Citrix’ internal networks were attacked for six months before the breach was discovered. Citrix officials stated that the hackers “removed files from our systems, which may have included files containing information about our current and former employees and, in limited cases, information about beneficiaries and/or dependents.” Apparently, that information may have […]

Read More…

80 Million Personal Records Discovered on Open Microsoft Database

An open database with private information on 80 million American families was discovered on a Microsoft cloud server. It is not known what company owned the 24GB worth of data that was exposed, but researchers are tracking down that information. The magnitude of the breach is huge, representing more than half the total number of […]

Read More…

Rules and Best Practices Still Couldn’t Prevent the Docker Hub Breach

The recent Docker Hub breach hits home with anyone who develops and hosts code on Docker Hub, GitHub, or any other cloud-based repository. But while the magnitude of the damage was significant, it’s still remarkable that these kinds of breaches continue to happen. As of now, we know the Hub was not only exposed, but […]

Read More…

Do Data Leaks Have to Be So Common?

Just as you would protect your physical assets by locking the doors to your shop, the data that is stored and transacted in your cloud must also be secured like valuable assets. The problem, however, is that data changes, assets are spun up on the fly, and change is continuous. Data is used with such […]

Read More…

Be Quick But Don’t Hurry: Container Security in Cloud Environments

It’s hard to argue against the benefits of containers and containerized applications running on cloud resources. Containers enable agile deployment capabilities, so require less coordination and oversight than on-premises or virtualization infrastructure and, in many cases, offer more flexibility. Advances in container orchestration, service meshing, and microservices mean applications are more portable and can be […]

Read More…

Latest Hacks: Legal Docs Exposed Through Unprotected Elasticsearch Server

Evisort, a legal document and contracts management service, exposed highly sensitive data through an unprotected Elasticsearch server. This kind of thing is happening with greater frequency as environments become numerous and complex and are coupled with powerful, easy to use software. In our latest Hack Report, learn how to implement access controls, proper authentication, user, […]

Read More…

Latest Hacks: Microsoft’s Hotmail, MSN Compromised With User Credentials

Microsoft has admitted that email accounts for MSN.com and Hotmail, both services owned and managed by Microsoft, have had their accounts compromised sometime between January 1 and March 28, 2019. It appears that attackers were able to identify user’s email addresses, email folder names, email subject lines, and the email addresses of those with whom […]

Read More…

Why Process-to-Process Visibility Is So Important

One of the challenges in securing processes operating in cloud environments is the visibility limitations imposed either by the cloud service provider or the customer’s solution architecture. In the case of the cloud service provider, because the environment is shared by everyone who has access to that cloud service, including many thousands of their customers […]

Read More…

Stratics Networks Robocaller Database Exposed on AWS

If robocalls raise your blood pressure and cause you to scream things your mother would not be proud of, you may want to avoid breakable items because now there is even MORE of a reason to be angry. Toronto-based Stratics Networks invented “ringless voicemails” which are used by telemarketers to autodial massive lists of numbers […]

Read More…

The New School of Security: Using the Cloud to Secure the Cloud

Legacy security was built on the premise of a moat; keep people and data away from the infrastructure, and they can’t attack it. Firewalls, intrusion detection systems, or intrusion prevention systems –  these tools delivered “network-centric” solutions and aimed to keep access at a safe distance. Originally, firewalls performed the task of preventing unwanted, and […]

Read More…

Facebook Exposes User Data Through Unprotected AWS S3 Buckets

Two repositories of unprotected Facebook user data sitting in Amazon S3 buckets have been discovered. More than 540 million files with personal data were exposed, potentially leaking hundreds of millions of records about users, including their names, passwords, comments, interests, and likes. The data sets had been uploaded to Amazon’s cloud system by two different […]

Read More…

File integrity monitoring Lacework

File Integrity Monitoring: Using Lacework’s SaaS Solution for SaaS Environments

One of the critical distinctions about Lacework is in our approach. While all security vendors talk about things like security posture and identification of threats, we have actually constructed a methodology that is tactically applied to finding issues, alerting on them, and preventing issues. We also realize that the best way to deliver security is […]

Read More…

Cloud Security This Week – March 29, 2019

New From Lacework Security Relevance Can’t Be Bought Surprisingly, some security vendors see the confusion in the problem and apply confusion to the solution. Palo Alto Networks has taken the approach that variety and inconsistency make for a compelling security story.  Avoiding Limitations of Traditional Approaches to Security To get a better understanding of the […]

Read More…

Ways to get cloud security wrong blog

There Are a Lot of Ways to Get Cloud Security Wrong

In a previous blog on new approaches to security, we looked at how traditional data center defenses were designed to protect a defined perimeter by monitoring and controlling data that moves in and out of the network environment. Defending the perimeter requires a layered defense strategy that typically includes routers, firewalls, antivirus protection, and access/ID […]

Read More…

Cloud Security This Week – March 22, 2019

New from Lacework Integrating DevOps and Security While DevOps emphasizes speed, it has not always necessarily focused as much on security. Learn the three key practices that are critical to integrating the processes and mindsets of DevOps and SecOps. Triaging a CryptoSink Infection in 5 Minutes with Lacework When triaging an alert, a security analyst […]

Read More…

Integrating DevOps and Security

With the cloud, enterprises gain operational and management advantages of agility, scalability, and ease of use. The cloud also enables IT teams to apply continuous integration/continuous deployment (CI/CD) methods to deliver applications and functionality rapidly. To capitalize on the capabilities of the cloud, many organizations are turning to a development and delivery methodology known as […]

Read More…

The Cloud’s Unique Security Challenges

The Cloud’s Unique Security Challenges

One of the greatest cloud security challenges comes from the fact that the cloud delivers its infrastructure components, things like gateways, servers, storage, compute, and all the resources and assets that make up the cloud platform environment, as virtual services. There is no traditional network or infrastructure architecture in the cloud. Deploying workloads into the […]

Read More…

Cloud Security This Week – March 1, 2019

New from Lacework Lacework at RSA Lacework is going to rock RSA, and we want you to join us! Here’s a guide to all the Lacework parties, sessions, panels, and secrets to getting our sweet swag. Booth #4603 – we’ll be there with the volume cranked up to 11! Avoiding Container Vulnerabilities To get a […]

Read More…

For Those About To Rock RSA, Lacework Salutes You!

The city by the bay is the birthplace of the Grateful Dead, Journey, Sly & the Family Stone and a pantheon of great rockers. The Sex Pistols famously went out in a blaze of glory at the Mabuhay Gardens on Broadway, and Metallica still comes home regularly to rock the bay. The history of rock […]

Read More…

PCI Compliance in the Public Cloud

Compliance frameworks provide a structure for how enterprises organize and secure their content and resources. Because they are created and governed for the purposes of protection and interoperability, they provide necessary safeguards that help organizations structure their security posture. They can also be onerous and burdensome which can lead to security and compliance teams falling […]

Read More…

Cloud Security This Week – February 22, 2019

New from Lacework Lacework Extends Multicloud Support With Workload And Account Security For Google Cloud Platform Lacework has released a new version that provides support for Google Cloud Platform (GCP) and Google Kubernetes Engine (GKE). This latest version allows customers to apply threat detection and deep visibility into cloud events for workloads and accounts across multiple […]

Read More…

Lacework for GCP: Security for Orchestration, Multicloud, and Kubernetes

This week, Lacework announced support for Google Cloud Platform (GCP), which further establishes our commitment to customers running workloads in multicloud environments. It comes on the heels of our recent support for Azure, and before that, support for Kubernetes. The net of all of this is that as organizations increase the reach of their data, […]

Read More…

Cloud Security This Week – December 21, 2018

New from Lacework Kubernetes CVE-2018-1002105 Given the release of CVE-2018-1002105, visibility and threat detection for your Kubernetes cluster is paramount. Kubernetes clusters can become very complex very fast. It’s important to stay a step ahead and have the insights you need to protect your cluster. My Mom is Sick and Tired of Your Weak S3 […]

Read More…

Blog | My Mom is Sick and Tired of Your Weak S3 Bucket Policies

My Mom is Sick and Tired of Your Weak S3 Bucket Policies

Cloud security has headlined so many stories over the past year that the term “leaky S3 bucket” even rolls off the tongue of my mother with ease and accuracy. Indeed, S3 bucket issues have become almost shorthand for the vulnerabilities that IT infrastructures face in the cloud, but they highlight just one problem among an […]

Read More…

Cloud Security This Week – December 14, 2018

New from Lacework AWS Spot Instance and Cloud Security All cloud providers have some type of a compute product offering which lets the user bid for the resource they need to complete or for more tasks. Amazon web services has led the way, offering a low cost EC2 usage option called Spot Instance. The model […]

Read More…

Cloud Security This Week – November 30, 2018

  At the risk of sounding like an alarmist, the fact is that this week was an absolute doozy for security-watchers. Leading off with the massive breach of 500 million Starwood customer records, to evidence that NSA hacking tools are still being used for nefarious purposes, it makes one question if we’re getting any better […]

Read More…

A Cybersecurity Three Pointer: How Basketball Explains Risk in the Cloud

A Cybersecurity Three Pointer: How Basketball Explains Risk in the Cloud

Photo by Erica Nilsson on Unsplash Basketball season is in full swing which means we’re in for some long range Steph Curry three pointers, savage Giannis Antetokounmpo dunks, and an endless supply of Gregg Popovich memes. Teams have to be ready for anything in the course of the season, and those most able to be […]

Read More…

Why Organizations Are Still Learning From the Uber Breach

Why Organizations Are Still Learning From the Uber Breach

Photo by Dan Freeman on Unsplash This has been a rough month for Vasile Mereacre and Brandon Glover. These two gentlemen were arrested for their parts as the hackers who stole millions of users’ data from Uber in 2016, and were also indicted on federal hacking and extortion charges for stealing user data from 55,000 […]

Read More…

Cloud Security This Week – October 26, 2018

  New from Lacework Security Table Stakes: A Blueprint for Securing Your Cloud Environment It’s important for a security strategy to pay attention to the different pieces of the cloud stack and address their unique security needs with the following approach and actions.   Webinar Replay: Prevent Cryptocurrency Mining in Your AWS Account Learn why […]

Read More…

Security Table Stakes: A Blueprint for Securing Your Cloud Environment

Security Table Stakes: A Blueprint for Securing Your Cloud Environment

Photo by Chris Liverani on Unsplash Security teams who are responsible for their organization’s workloads running in the cloud must first understand the layers that make up the components of their cloud stack. While different in structure from on-premises stacks, a cloud environment is still dependent upon each layer performing its key functions. Those layers […]

Read More…

Cloud Security This Week – October 19, 2018

  New from Lacework Anatomy of a Redis Exploit Insight into a honeypot experiment conducted by Lacework where we created a Redis honeypot. In our monitoring, we detected a cryptocurrency mining botnet that compromised the server by exploiting a Lua vulnerability. We explain the experiment framework and what we discovered.   Lacework Meetup: Securing Containers […]

Read More…

Cloud Security This Week - October 12, 2018

Cloud Security This Week – October 12, 2018

  New from Lacework Network Security Vendors Are Trying to Buy Their Way Into Relevance Consolidation, investment, and acquisition in the security market is a great validation that demand for the cloud continues at a breakneck pace. But it’s not necessarily making customers safer.   Inside Lacework: Set Up Lacework with AWS We cover how […]

Read More…

The New Security Stack: While old school security vendors are trying to buy their way into relevance, it’s still not making organizations any safer

Photo by Jacek Dylag on Unsplash We’ve heard it a million times: those who don’t learn from history are doomed to repeat it. Some of us take heed, while most figure we can beat history on our own terms. What we can’t beat, however, is evolution. Evolution has brought us, both from a technology and […]

Read More…