Partnering with Google Cloud to secure your multicloud

Erin K. BanksAugust 29, 20234 min read

Today, we celebrate all the phenomenal work that we at Lacework are achieving with Google Cloud. As a cloud native application protection platform (CNAPP), we understand how important it is for cloud security solutions to support multiple organizations, multiple teams, and multiple stages of your application lifecycle across multiple clouds. This includes providing you with the ability to utilize the varied options for compute and storage and keep your data in the cloud of your choosing. 

Lacework Service Layer launched on Google Cloud

Because of this, we are announcing the launch of the Lacework Service Layer hosted on Google Cloud. This means that when you purchase Lacework Polygraph® Data Platform through the Google Cloud Marketplace, we now have the ability to provide you with an instance of Lacework running in the Google Cloud environment. Today we are giving you more options and we could not be happier. We have also added Google Cloud capabilities like attack path analysis (APA), Google Cloud composite alert, and pub/sub audit log collection to help you prevent risk and react to threats while on your cloud security journey.

Attack path analysis now generally available for Google Cloud

We are happy to announce the General Availability of attack path analysis (APA) for Google Cloud. So what is APA and what does this mean for you? APA gives you incredible insight into directly exposed instances and data assets and enables you to continuously evaluate and prioritize risks from your multicloud attack surface. It helps organizations identify the riskiest assets contributing to your attack surface, enabling you to secure it efficiently. Here’s how our Google Cloud APA solution provides critical coverage:

1. Identifying vulnerable Google Cloud compute instances:

Lacework identifies critically vulnerable Google Cloud compute instances that are exposed to the internet. By spotting these vulnerabilities early on, organizations can address them before they become security breaches.

2. Securing containerized environments:

With the rise of containerization, it’s essential to safeguard container images and deployments. Lacework identifies critically vulnerable container images that are internet-exposed, providing a comprehensive view of your container environment deployment and security. This also helps ensure that security teams are reinforcing their golden images to become more efficient with their deployment.

3. Protecting CloudSQL databases:

We don’t stop at compute instances and containers. Lacework extends its protective shield to CloudSQL databases. It detects databases that are internet-exposed due to insecure configurations helping enterprises prevent any potential data exposure and breaches.

But don’t just take our word for it, here is a recent quote from a customer that saw immediate value from this capability:


It provides an invaluable means of identifying potential configuration problems before they escalate into more significant security breaches. My colleague already had the chance to identify configuration issues, it immediately flagged something we had to look at — giving us the opportunity to fix it.

Simen Kildahl Eriksen, Security Engineer, Cognite

New composite alert for Google Cloud

We are also introducing a brand new composite alert specifically for Google Cloud, “Potentially Compromised Google Cloud Identity.” A composite alert is a grouping of individual Lacework detections that we suspect describes an intrusion. When the platform raises a composite alert, it presents the entities and accounts that play a central role in the suspected compromise. This composite alert uses signals from Google Cloud Audit Logs and gives you intrusion detection capabilities based on anomalies and behavioral analysis. Let’s say for instance a Google Cloud user identity makes a new connection from several different countries. This observation may be combined with one or more confirmation signals such as usage of offensive tools, threat intelligence indicators, discovery, region enumeration, or anomalous method usage. Together, these weak signals provide enough detection confidence for Lacework to alert you and give you the insight necessary to address this event with better context. 

Enhanced audit log support 

We are also announcing support for Google Cloud Audit Log on a pub/sub architecture. This new method enables customers to ingest, process, and alert on Google Cloud Audit Logs with lower and predictable latency. Why does this matter to you? With better detection and use of data, Lacework can now rapidly identify threats based on Google Cloud events, which means that you can react to these threats faster than ever. Combining composite alerts with lower latency means higher quality detection, faster reaction, and less investigation time for your organization.

Learn more

If you would love to know more, check out our press release and our Google Cloud Solution Brief or visit us at Booth 236 at Google Cloud Next. If you can’t meet up with us there, we have tons of great information at

Suggested for you