About Us Leadership Investors Careers Events
Contact
US Data Center Frankfurt Data Center
English
Français
Deutsch
  • Platform
  • Platform
  • Solutions
  • Solutions
  • Customers
  • Customers
  • Partners
  • Partners
  • Resources
  • Resources
Watch Demo
About Us Leadership Investors Careers Events
Contact
US Data Center Frankfurt Data Center
English
Français
Deutsch
Platform
Capabilities
Environments
Technology
Back
Polygraph® Data Platform
Data-driven protection from code to cloud, all in one place
CNAPP Cloud-Native Application Protection Platform Secure across the entire application lifecycle IaC Infrastructure as Code Security Fix misconfigurations at the earliest possible point K8s Kubernetes Security Find risks and threats in your K8s clusters Container Security Visibility into complex host and container activity
CSPM Cloud Security Posture Management Assess risks and optimize your cloud security posture CWPP Cloud Workload Protection Platform Monitor workloads continuously for threats Vulnerability Management Find and fix vulnerabilities in build time and runtime Cloud Compliance Streamline audits to meet industry standards
Back
Amazon Web Services (AWS) Simplify security for Amazon Web Services Google Cloud Automate security for Google Cloud
Microsoft Azure Continuously secure Microsoft Azure apps Multicloud Protection across multicloud and hybrid
Back
Data Ingestion See more with combined agentless and agent-based approach Integrations Supercharge productivity by integrating with your existing workflows
Polygraph®: Behavioral Analytics Engine Automatically find and know your normal with our patented machine-learning technology
Watch Demo
Solutions
Industry & Size
User Role
Back
Healthcare and HealthTech Protect healthcare data and demonstrate HIPAA compliance Gaming Secure player data while speeding game development
Financial Services and FinTech Prevent cybercrime with safe financial transactions Cloud Security for Startups Automate processes to accelerate small business growth
Back
Security Pinpoint cloud issues, with rich context to act fast
Developer Build faster with continuous security and deep visibility
Watch Demo
Customers

Our Customers

Lacework is trusted by the most innovative companies across the globe.

Explore Success Stories
Customer Success
  • Case Studies
  • Training:
    Lacework Academy
  • Product Documentation
Customer Support
  • Customer Center
  • Support
  • Login
  • Contact Us
Globe Tracker slashes alert noise by over 95% and uses automation to ship goods securely

Globe Tracker slashes alert noise by over 95% and uses automation to ship goods securely

Read the Case Study
Watch Demo
Partners

Lacework Partner Program

We are helping our partners build successful and profitable cloud security practices to help meet the adoption of cloud.

Learn More
Channel Partners
  • Lacework Partner Program
  • Find a Partner
  • Partner Portal - Login
Strategic Alliances
  • Lacework Alliances
Get insights into the current ransomware landscape and best practices to reduce your risk.

Get insights into the current ransomware landscape and best practices to reduce your risk.

Learn more
Watch Demo
Resources

Resources

Learn about Lacework’s modern approach to cloud security with Blogs, Case Studies, Videos, eBooks, Webinars, and White Papers.

Explore Resources Library
Resources & Insights
  • Blog
  • Case Studies
  • Industry Reports
  • Infographics
  • Solution Briefs
  • Videos
  • eBooks
  • White Papers
  • Webinars
Training & Documentation
  • Lacework Academy
  • Documentation
Walking the Line: GitOps and Shift Left Security

Walking the Line: GitOps and Shift Left Security

Read Full Study
Watch Demo
Blog
  • Cloud Security
  • Cloud Security
  • DevSecOps
  • DevSecOps
  • Lacer Life
  • Lacer Life
  • Product Updates
  • Product Updates
  • Research
  • Research
Request Free Trial
Blog

Heightened cyber threats have everyone on edge, what do you need to know?

Mark Nunnikhoven - Distinguished Cloud Strategist
4 min read Cloud Security
Learn more about how Lacework secures from code to cloud

Learn more about how Lacework secures from code to cloud

Access guided tours & demos

Heightened cyber threats have everyone on edge, what do you need to know?The Lapsus$ cybercriminal collective recently entered the hacking scene, and they have come out the gates on a mission. Taking a rather unorthodox approach in their public persona, they’ve claimed a number of notable hacks in the past couple of months. This week, they claim to have breached identity platform provider Okta and Microsoft.

It’s the issue with Okta that has the security community abuzz. And why wouldn’t it? Okta is an extremely popular service helping companies simplify their access to other services. It’s a key part of many companies’ security strategies, and is trusted with a lot of sensitive access for a wide range of companies, and for good reason. Services like this greatly simplify identity and authentication challenges.

Any significant breach at a service like Okta would have a very large blast radius. Given the potential, staying on top of this is a critical issue for the security of your organization.

Getting to the bottom of an incident takes time. During the early stages, speculation can run rampant…especially on social media. While speculation can be a useful tool, your security practice needs to work from data and confirmed facts, not guesses.

We now know the attack against Okta’s service was much more limited than Lapsus$ implied to the public. As this story moves on to examine how Okta responded to the confirmed compromise initially, it’s important companies use this moment to stop, evaluate security posture, and implement best practices to harden defenses against an increasing threat landscape.

Incident response is a dynamic process during which new information often comes to light. Okta has updated their original statement and released a detailed blog post of the incident. The new post provides some clarification and explanation of how Okta operates. In addition, it states that some customer data may have been “viewed or acted upon.” Those customers are receiving detailed, individual reports from Okta now.

 

Larger Context

Security isn’t a binary state. You aren’t “secure” or “insecure.” Consideration needs to be paid to the larger context. Visibility into your internal systems is critical but so is an understanding of the status of your service providers and the larger world around the organization.

This issue comes to light at a time of heightened awareness around cybersecurity, due in large part to recent world events. The threat landscape has changed significantly over the past few months, so much so the White House recently called for organizations to act immediately to strengthen their cybersecurity postures.

This call to action is one of many initiatives in the US to shine a light on current cybersecurity challenges. The administration and the SEC are also working on stricter data breach reporting requirements. Taken together, it’s clear cybersecurity is an important aspect of any business.

What Should You Be Doing?

How can you take steps to protect your organization today? As a security strategy, you should focus on visibility, insights, and action across your business.

That three step process will help keep your security efforts in line with other business initiatives. Cybersecurity is critical but it’s only one aspect of running a business.

Alongside the call for heightened awareness of cybersecurity issues, the White House offered a number of steps that you can take today to address these challenges. Some of these are tried and true advice about the basics. Keep your systems updated, have a strong backup strategy, use modern security tools which continuously monitor environments, enable multi-factor authentication, and more.

One of the steps stood out in particular: “Run exercises and drill your emergency plans so that you are prepared to respond quickly to minimize the impact of any attack.”

Organizations often struggle to respond to cybersecurity incidents because they are making up the workflow as they go. That’s a sure fire recipe for disaster. Walking through your incident response process helps familiarize your organization with it. It can also highlight any potential gaps or areas where you’re lacking visibility.

These exercises don’t have to be full run throughs, however. Tabletop exercises can be just as effective and they are much easier to set up on a regular basis. Regardless of the format of these exercises, the goal is to make sure everyone is on the same page before you’re in crisis mode responding to a cybersecurity incident.

Direct Action

In the light of the current situation with Okta and the White Houses general warning, here are the steps you want to be taking right now within your security practice:

  1. Gain greater visibility. Increase the sensitivity of the alerts you are actively monitoring. What might’ve been safe to ignore previously probably merits your attention in the current climate.
  2. Maximize the effectiveness of your security team. They have the subject matter experience that can provide the insights other teams need to bake security into their everyday activities.
  3. Take action when warranted. If your monitoring and observability activities highlight something that’s suspicious, have a bias towards action. In a different threat environment, you might investigate further before taking any action. That risk calculus has changed for most organizations now. Take reasonable actions to mitigate possible threats and then investigate further.

The Future

Cybercrime and cybersecurity incidents aren’t going anywhere. Organizations need to take steps to protect themselves. The second half of the White House’s statement acknowledges that and addresses the longer term.

The path forward means adding security earlier in our technology lifecycle. Commonly coined as “shift left” this effort is really about expanding security thinking throughout the development process of technology.

The memo sums it up as, “bake it in, don’t bolt it on.”

Tactics like dependence awareness (a/k/a software bill of materials), vulnerability management, and providing builders the right insights at the right time will help improve security over the long term.

Cybersecurity is a continuous practice. It requires visibility into your environment so that your teams can draw specific insights that help drive action that makes sense for your organization.

There will be more breaches. There will be bigger breaches. So, make sure your teams are focusing on the basics and making steady improvements to your organization’s security posture.

For more information: CISA, the Cybersecurity & Infrastructure Security Agency has a number of freely available packages to help you run tabletop exercises. They are a fantastic resource to help get you started.

Suggested for you

July 14, 2022

Increasing multicloud visibility and enabling innovation, from gaming to healthtech

See Details
Visibility: A Technical Chauffeur of Data, Part III
Blog January 23, 2018

Visibility: A Technical Chauffeur of Data, Part III

Read Blog
Your etcd is Showing: Thousands of Clusters Open to the Internet
Blog January 24, 2019

Your etcd is Showing: Thousands of Clusters Open to the Internet

Read Blog

Explore

  • Platform
  • Solutions
  • Polygraph
  • Threat Detection
  • Vulnerability Management
  • Container Security
  • Multicloud
  • Cloud Security Posture and Compliance
  • Pricing

Company

  • About Us
  • Investors
  • Awards
  • Events
  • Press Releases
  • Media Library
  • Lacework Labs
  • Legal
  • Security & Privacy
  • Trust

Learn

  • Blog
  • Resources
  • Lacework Academy
  • Documentation

Support

  • Support
  • Status
  • Login

Contact Us

To request a demo or chat with the sales team:

Contact Us

© 2023, Lacework,  All Rights Reserved.

  • Privacy Policy
  • Terms of Use