AWS Security Solutions for Amazon Web Services
Comprehensive, continuous end-to-end AWS security and configuration support
Threat Detection, Compliance, and Automated AWS Security Monitoring
AWS users understand the shared responsibility concept of cloud security, but also recognize that effective security demands more than just operating off of signatures and custom rules. Every activity within a cloud environment increases the potential for threats, and AWS users must have a solution that not only identifies changes but understands the security context of them.
To address the agile nature of the cloud, Lacework provides comprehensive, continuous end-to-end AWS security and configuration support for workloads and accounts running in AWS and multi-cloud environments. As more organizations move their critical workloads to the cloud, there is an increasing need for a single, unified security solution like Lacework that can identify, analyze, and report on misconfigurations, vulnerabilities, and behavioral anomalies in user and account behavior.
Actionable Auditing of AWS Security Configurations for S3 Buckets
- Find potentially exposed S3 buckets configured for external access
- Identify buckets out of compliance with the CIS Benchmark for AWS, including:
- Use of encryption at rest and in transit
- Only users with multi-factor authentication can delete S3 buckets
- Versioning to protect against deletion or overwrite
- Get specific recommendations on how to fix violations
Audit Your AWS Configuration
- Find Identity and Access Management (IAM) vulnerabilities, including the use of “root” account, password requirements, and use of multi-factor authentication
- Check for logging best practices, ensure AWS CloudTrail is enabled across regions, and log files validated and encrypted
- Monitor critical account activity such as unauthorized API calls and use of the management console and the “root” account
- Confirm secure network configurations, including limiting access to vulnerable ports, enforcing “least access” privileges and checking for the use of flow logging
- Assess your S3 settings for S3 buckets at risk
Ongoing AWS Security Monitoring of User Activity
- Activity on AWS resources, such as new activity in a region, activation of new AWS services, or changes to access control lists
- Changes to users, roles, or access policies
- Access or customer master key tampering
- Reduce alert fatigue with customizable alerts and reports that eliminate repetitive or irrelevant results
The Power of the Polygraph
Lacework’s foundation is Polygraph, a deep temporal baseline built from collecting high fidelity machine/process/users interactions over a period of time. The polygraph is used to detect anomalies, generate appropriate alerts, and provide a tool for users to investigate and triage issues.
Fundamentally, our Polygraph technology dynamically develops a behavioral and communication model of your services and infrastructure. The model understands natural hierarchies (processes, containers, pods, machines, etc.) and aggregates them to develop behavioral models. A behavioral model is, in some sense, the essence of how a customer’s infrastructure operates. With this model, Polygraph monitors your infrastructure for activities that fall outside the model. In addition, the polygraph continually updates its models as your data center behavior changes.
Integrated and Comprehensive
- Pinpoint exactly how a file changed: content, metadata, and whether the file was modified or simply appended
- Extended information on executables, such as files created without a package installation, command lines used at launch, currently running processes (with users and network activity), and suspect versions
- Expanded file intelligence with integrated threat feeds from ReversingLabs’ library of 5 billion files
- One-click investigation of events and activities related to FIM signals
- Cloud-wide capabilities for search, file type summaries, and detection of new files
Cloud-Scale & Speed
- Automated configuration, file discovery, and operations
- Scalable architecture with no added complexity or performance penalties
- Included with all Lacework AWS Cloud Security agents
Meet AWS Compliance Mandates
- Protect log and AWS configuration files against tampering
- Daily re-check of all monitored files in AWS Accounts
- Pre-defined directory maps monitor critical files and directories
- Easily configurable; users can add directories to the watch list
- “My argument with InfoSec is always the same. If I take Lacework out, what’s the alternative? There isn’t one.”
Matthew Zeier | Wavefront
- “Lacework Polygraph, within minutes of the attack occurring, was able to detect something that the other ones were not. It outperformed everything we’ve been doing.”
Mario Duarte | Snowflake Computing
- “I’m extremely happy with Lacework. I sleep better at night knowing we have full visibility into our cloud operations. It was the one tool that checked all my security boxes.”
Devin Ertel | Guidebook
- “Lacework offers us speed and offers us the ability to focus on what we do in terms of building a great product that’s secure. I would definitely recommend it to other IT professionals or product companies that are building a cloud-based application.”
Ian O’Brien | Arista Networks
FAQs About Lacework's AWS Cloud Security Solutions
Lacework is a multi-cloud security SaaS platform that provides automated, end-to-end visibility and threat detection for AWS. Our approach simplifies configuration and speeds deployment with faster time to value.
Yes, Lacework’s cloud security platform performs a series of checks against every AWS security group looking for misconfigurations.
Lacework checks configurations for several different variants of permissions that can risk data exposed, and alerts you if and when we detect any open S3 buckets in AWS.
Yes, Lacework supports AWS CloudTrail ingestion. Lacework uses these logs to understand and detect anomalous user behavior in your AWS cloud infrastructure.