Lacework AI Assist: Using generative AI technology to simplify cloud security

Technology is simultaneously simplifying and complicating our lives in ways we never could have imagined. With easy access to chat functionality like ChatGPT and natural language processing (NLP), people now have the power to generate anything from recipes and poems to research reports and code — all in a matter of seconds. 

As we embrace these new advanced generative tools, securing already complex multicloud environments becomes even more critical. Today, cybersecurity experts are highly sought after with employers finding it increasingly difficult to hire professionals with the necessary cybersecurity skills and experience. According to a recent ISACA report, 71% of surveyed organizations have unfilled cybersecurity positions, with unfilled higher-level positions outnumbering entry-level positions by twofold.

Machine learning (ML) and artificial intelligence (AI) have always been integral to Lacework, and we’re constantly looking for more ways to use these capabilities to provide better security outcomes for our customers. Now, it’s clear that cybersecurity leaders need help addressing the skills gap and better ways to simplify cloud security. 

Introducing Lacework AI Assist

We’re excited to introduce Lacework AI Assist, our assistive generative AI (genAI) technology developed internally, designed to help you better understand your cloud environments, improve and level up your team’s cybersecurity skills, and gain insights faster.

Lacework AI Assist helps you with various tasks; for example, it can: 

• Explain why an alert matters
• Provide a list of the risks the alert poses  
• Suggest investigative steps to take to reduce this risk
• Show you how to remediate the alert via CLI 

Picture a scenario where the Lacework platform provides one of your team members with a compliance alert, signaling a violation associated with the Azure Key Vault. But what if that team member isn’t familiar with the Azure cloud environment? Or what if they aren’t aware of the options available to address the alert? With Lacework AI Assist, they can ask questions, receive a clear and concise response, and better understand why the Lacework platform raised this alert in the first place. They can share that information with other individuals throughout the company, like a developer, compliance officer, or even the CTO. 

Consider another scenario: This time, you receive an alert about an Azure compliance policy violation, stating that you do not have role based access control (RBAC) enabled for your Azure Key Vault, a violation of Azure CIS 1.5.0. The Azure RBAC is an authorization system built on Azure Resource Manager that provides fine-grained access management of Azure resources, enabling users to manage key, secret, and certificate permissions across all key vaults, all in one place. But what if you aren’t sure exactly what this alert means and how it impacts your organization? With Lacework AI Assist, you have the opportunity to dig further into the violation, gain a better understanding of it, and learn how to remediate and address the violation.

Here’s what this conversation would look like with Lacework AI Assist: 

“Why does this alert matter?” 

“This alert is important because it involves enabling Role Based Access Control (RBAC) for Azure Key Vault, which is a crucial aspect of managing access permissions to your key vaults and the secrets stored within them. RBAC allows you to delegate specific permissions to Azure Active Directory user accounts or system-managed identities. This way you can define what data and what actions are permissible by users, groups, or applications.

When RBAC is not enabled for your Azure Key Vaults, it may result in unauthorized access or manipulation of your secrets, keys, and certificates. This can pose serious threats to your Azure resources, including data breaches and unwanted changes. Therefore, ensuring RBAC is enabled for Azure Key Vault is essential to maintain strong access control security. This alert signifies that RBAC for the Azure Key vault is currently not enabled, which poses a security risk.”

We have been incredibly focused on optimizing this generative AI capability to give customers the outcomes that will provide the greatest impact for their organization. Many of our customers are already seeing the return. Patrick Linnane, Senior Director, Information Security Operations at Emburse, said, “I am excited to see the genAI capabilities that Lacework is bringing to the platform. This functionality will help my teams, both technical and non-technical, with evidence gathering. It will assist with questions that the teams may not have the time and resources to perform research on, as well as explaining impacts to our overall compliance. I foresee this product dramatically speeding up our ability to understand and close alerts.”

Taking generative AI to the next level

Lacework AI Assist doesn’t just provide alert insights; it helps customers understand how to address the issue and reduce the risk. 

Let’s return to our conversation with Lacework AI Assist to see how we can learn more about the alert. 

“How can I remediate this using cloud security provider CLI?”

“Since this alert involves enabling Role Based Access Control for Azure Key Vault, you will need to use Azure command-line interface (CLI) for remediation:

1. First, you need to login to your Azure account using the Azure CLI. Run the following command and follow the instruction:

az login