Lacework AI Assist: Using generative AI technology to simplify cloud security

Technology is simultaneously simplifying and complicating our lives in ways we never could have imagined. With easy access to chat functionality like ChatGPT and natural language processing (NLP), people now have the power to generate anything from recipes and poems to research reports and code — all in a matter of seconds. 

As we embrace these new advanced generative tools, securing already complex multicloud environments becomes even more critical. Today, cybersecurity experts are highly sought after with employers finding it increasingly difficult to hire professionals with the necessary cybersecurity skills and experience. According to a recent ISACA report, 71% of surveyed organizations have unfilled cybersecurity positions, with unfilled higher-level positions outnumbering entry-level positions by twofold.

Machine learning (ML) and artificial intelligence (AI) have always been integral to Lacework, and we’re constantly looking for more ways to use these capabilities to provide better security outcomes for our customers. Now, it’s clear that cybersecurity leaders need help addressing the skills gap and better ways to simplify cloud security. 

Introducing Lacework AI Assist

We’re excited to introduce Lacework AI Assist, our assistive generative AI (genAI) technology developed internally, designed to help you better understand your cloud environments, improve and level up your team’s cybersecurity skills, and gain insights faster.

 

 

Lacework AI Assist helps you with various tasks; for example, it can: 

  • Explain why an alert matters
  • Provide a list of the risks the alert poses  
  • Suggest investigative steps to take to reduce this risk
  • Show you how to remediate the alert via CLI 

 

 

Picture a scenario where the Lacework platform provides one of your team members with a compliance alert, signaling a violation associated with the Azure Key Vault. But what if that team member isn’t familiar with the Azure cloud environment? Or what if they aren’t aware of the options available to address the alert? With Lacework AI Assist, they can ask questions, receive a clear and concise response, and better understand why the Lacework platform raised this alert in the first place. They can share that information with other individuals throughout the company, like a developer, compliance officer, or even the CTO. 

Consider another scenario: This time, you receive an alert about an Azure compliance policy violation, stating that you do not have role based access control (RBAC) enabled for your Azure Key Vault, a violation of Azure CIS 1.5.0. The Azure RBAC is an authorization system built on Azure Resource Manager that provides fine-grained access management of Azure resources, enabling users to manage key, secret, and certificate permissions across all key vaults, all in one place. But what if you aren’t sure exactly what this alert means and how it impacts your organization? With Lacework AI Assist, you have the opportunity to dig further into the violation, gain a better understanding of it, and learn how to remediate and address the violation.

Here’s what this conversation would look like with Lacework AI Assist: 

Why does this alert matter?” 

“This alert is important because it involves enabling Role Based Access Control (RBAC) for Azure Key Vault, which is a crucial aspect of managing access permissions to your key vaults and the secrets stored within them. RBAC allows you to delegate specific permissions to Azure Active Directory user accounts or system-managed identities. This way you can define what data and what actions are permissible by users, groups, or applications.

When RBAC is not enabled for your Azure Key Vaults, it may result in unauthorized access or manipulation of your secrets, keys, and certificates. This can pose serious threats to your Azure resources, including data breaches and unwanted changes. Therefore, ensuring RBAC is enabled for Azure Key Vault is essential to maintain strong access control security. This alert signifies that RBAC for the Azure Key vault is currently not enabled, which poses a security risk.”

We have been incredibly focused on optimizing this generative AI capability to give customers the outcomes that will provide the greatest impact for their organization. Many of our customers are already seeing the return. Patrick Linnane, Senior Director, Information Security Operations at Emburse, said, “I am excited to see the genAI capabilities that Lacework is bringing to the platform. This functionality will help my teams, both technical and non-technical, with evidence gathering. It will assist with questions that the teams may not have the time and resources to perform research on, as well as explaining impacts to our overall compliance. I foresee this product dramatically speeding up our ability to understand and close alerts.”

 

This functionality will help my teams, both technical and non-technical, with evidence gathering. It will assist with questions that the teams may not have the time and resources to perform research on, as well as explaining impacts to our overall compliance. I foresee this product dramatically speeding up our ability to understand and close alerts.

Patrick Linnane, Senior Director, Information Security Operations at Emburse

Taking generative AI to the next level

Lacework AI Assist doesn’t just provide alert insights; it helps customers understand how to address the issue and reduce the risk. 

Let’s return to our conversation with Lacework AI Assist to see how we can learn more about the alert. 

How can I remediate this using cloud security provider CLI?

“Since this alert involves enabling Role Based Access Control for Azure Key Vault, you will need to use Azure command-line interface (CLI) for remediation:

1. First, you need to login to your Azure account using the Azure CLI. Run the following command and follow the instruction:

az login

2. Once logged in, you can view all your subscriptions with:

az account list - output table

3. If you have multiple subscriptions, set the relevant subscription where your Key Vault resides

az account set - subscription ‘your-subscription-id’

Even if you’re not familiar with writing code, Lacework AI Assist provides you with copy-and-paste functionality to ease the process. It also provides guidance on how to remediate using the infrastructure as code (IaC) commands, providing you with syntax highlighting, the values you will need to provide in the code, and cautionary advice.

(By the way, if you were wondering what the three risks posed by the violation in our example are, they’re [1] unauthorized access, [2] compliance risks, and [3) increased attack surface. We’ll also provide you with the details to support them).

How Lacework AI Assist works

Lacework AI Assist takes advantage of the cloud service providers’ large language models (LLMs) and pulls them into our cloud infrastructure. When you ask Lacework AI Assist a question, it uses the LLM to query the Lacework platform and then uses this information to construct an answer. Your data never leaves the secure and private Lacework cloud infrastructure. All information and API calls are maintained with our cloud infrastructure.

Built with privacy and controls, by design

We believe that what happens in your cloud should stay in your cloud, and privacy should not be a tradeoff for good security. Lacework AI Assist has been designed with your privacy in mind, ensuring that your data is secure and is never logged or retained by a third party. The models are not trained by our customers’ usage of the assistive technology; instead, they’re trained on the fixed and static logic that goes into detection. They’re trained on Lacework product specifics, such as how vulnerability detection works or how compliance is evaluated. 

Lacework AI Assist does not take actions, so you don’t need to be concerned about handing over control of your cloud to a bot. Our goal is to give you guidance and recommendations based on best practices.

A foundation for more innovation

We built this service as a foundation for additional use cases, like code security, that we will continue to bring to our customers. Now is just the beginning. 

Learn more about Lacework AI Assist.