See All Activity In AWS. In Context. At Scale.

No human can possibly observe and make sense of all the activity for every automated AWS Service configuration change across all regions, accounts, and users. Make the machines work 24x7.

Lacework Automated Cloud Security

AWS CloudTrail Volume: AWS services x regions x accounts x users, oh, my.

There is a lot going on in your cloud. Now that you’ve gotten to the scale where you can’t see all the activity across all the people working in multiple AWS accounts in regions with any AWS service in your head 24×7, it’s time to take a different approach to knowing what’s happening. Lacework Polygraph uses CloudTrail data to monitor AWS account activity and establish a baseline of normal behavior in each of your AWS accounts. 

Quickly identify, analyze, and report misconfigurations, vulnerabilities, and behavioral anomalies in user and account behavior, with Lacework. Protect assets from the initial configuration to everyday operations by:

  • Spot early indicators of compromise that often remain hidden in your log files.
  • Validate security controls to prevent data from being inadvertently exposed to unauthorized users. 
  • Continuously protect every layer of your cloud deployment including accounts, workloads, and platforms.
  • Receive notification of changes that might trigger a security weakness.

Streamline investigations of security incidents

Incident investigation is another compelling Lacework for CloudTrail use case. Evaluating security breaches can be a tedious process: without the right tools, investigators are often left to deal with incomplete and confusing logs from disparate systems. Even with CloudTrail, correlating AWS account events with logs from production workloads (i.e. the containers, applications, and servers running your production solution) is not an easy task.

In addition, To address the agile nature of the cloud, Lacework provides comprehensive, continuous end-to-end AWS security and configuration support for workloads and accounts running in AWS and multi-cloud environments. As more organizations move their critical workloads to the cloud, there is an increasing need for a single, unified security solution like Lacework that can identify, analyze, and report on misconfigurations, vulnerabilities, and behavioral anomalies in user and account behavior.

Conduct Top Line Investigations in 3 Minutes or Less

Navigate relationships across AWS services, regions, accounts, and users. Get the answers and context you need without a PhD in AWS. We give you the visibility and context you need to resolve intrusion events before they turn into damaging breaches. Delivered as a service, Lacework can be deployed at scale in minutes.

Read more

Scale AWS Without Scaling Your SIEM Bill

Eliminate CloudTrail monitoring blind-spots with less noise and lower costs than sending cloud activity logs directly to a SIEM. Lacework adds value to CloudTrail’s log files by organizing and aggregating CloudTrail data into useful maps and dashboards that illustrate relationships, causes and effects, and interactions between AWS entities. Lacework then detects any anomalous or new behavior to surface potential security incidents, facilitate investigations, and improve overall operations. Lacework for AWS CloudTrail is a zero-touch solution that requires minimal maintenance.

Read more

It’s 2AM. What are your IAM Roles Up To?

If your cloud activity logs were working as hard as you do, you’d be asleep. Surface anomalous activity, IAM violations and early attack indicators without manual rules or tuning. To provide comprehensive security for active threats and vulnerabilities caused by misconfigurations and other infrastructure changes, Lacework uses runtime defense to identify, analyze, and alert on anomalous behavior for applications, virtual resources, hosts, and all user activity.

Read more


With Lacework for CloudTrail, organizations can:

Facilitate breach detection at the earliest possible points

Lacework for CloudTrail excels at detecting attacks during reconnaissance even if that attack is a zero-day. By correlating and evaluating information across different AWS services, Lacework can highlight especially suspicious events, such as a new user attempting to create a new key in AWS KMS, a user trying to change access control policies on an S3 bucket or the creation of a new EC2 instance in a new region. Each of these behaviors is an early red flag for potential cybercrime activity.

See indicators of attacks or signs of trouble earlier:

  • Deleting EC2 instances or keys to deny or degrade service
  • Changing S3 bucket permission to expose or steal sensitive data
  • Starting unauthorized EC2 or S3 instances for bitcoin mining or file sharing
  • Restoring AWS snapshots to steal data that was thought to be unavailable
  • Adding new privileged users with wide administrator privileges in the AWS account


Meet AWS Compliance mandates

Lacework provides comprehensive, continuous end-to-end security, compliance, and configuration support for workloads and accounts running in AWS and in multi cloud environments.

  • Protect log and AWS configuration files against tampering
  • Daily re-check of all monitored files in AWS Accounts
  • Monitor critical account activity including unauthorized API calls
  • Pre-defined directory maps monitor critical files and directorie
  • Assess your S3 settings for S3 buckets at risk

Read more


Get Actionable Auditing of AWS Security Configurations for S3 Buckets

  • Find potentially exposed S3 buckets configured for external access
  • Identify buckets out of compliance with the CIS Benchmark for AWS, including:
  • Use of encryption at rest and in transit
  • Only users with multi-factor authentication can delete S3 buckets
  • Versioning to protect against deletion or overwrite
  • Get specific recommendations on how to fix violations

Read more

Complete AWS Security and Configuration Support

Secure your AWS Cloud like never before — threat detection, compliance and automated security monitoring. All available on AWS Marketplace.

What Our Customers Say


FAQs About Lacework's AWS Cloud Security Solutions

Yes, Lacework supports AWS CloudTrail ingestion. Lacework uses these logs to understand and detect anomalous user behavior in your AWS cloud infrastructure.

Supported Platforms

Account security solutions for cloud containers & multicloud
environments via a single unified console

Share this with your network
Twitter Twitter Twitter Share