Prevent multicloud risks with new Lacework enhancements

Erin K. Banks·October 24, 2023·5 min read

Today, Lacework is extending its mission to provide teams with unified visibility of assets, misconfigurations, vulnerabilities, secrets, threats, and anomalous activity for all their cloud deployments.

Lacework is committed to helping customers simplify their cloud security journey by arming security, operations, and development teams with the context required to quickly prioritize and protect what matters most to their businesses.

Simplify multicloud risk management with Lacework

Cloud environments — especially multicloud environments — are complex and compiled of many different tech stacks, each requiring different security mechanisms. Enterprises often boast large cloud footprints consisting of tens of thousands of cloud resources. Adding to that daunting challenge is the very real fact that cloud environments are highly dynamic and ephemeral, and enterprises rapidly spin up and tear down services to respond to changing demands.

Lacework now offers enhancements to minimize costs, reduce effort, and empower customers to identify, investigate, and remediate risks and threats across multiple cloud service providers (CSPs) faster.

Introduced two new ServiceNow container and infrastructure vulnerability response applications, allowing organizations to efficiently address your security needs quickly and effectively
Expanded multicloud support to include Oracle Cloud Infrastructure (OCI)
Visualize how an attacker could compromise your Azure deployments with attack path analysis
Operationalize your cloud security requirements by building and managing custom frameworks within the Lacework UI

With these capabilities, organizations can more efficiently address security needs, gain comprehensive visibility with context, prioritize findings, and operationalize security across complex multicloud environments with ease.

Gain confidence with greater visibility

Short-lived instances

With the speed at which cloud environments change and bad actors move, customers need to ensure they have visibility into “short-lived” cloud instances. This requires having an uninterrupted view of all instances and their associated risks. Lacework agentless workload scanning now checks workloads every five minutes to uncover any new instances, including short-lived instances, that can easily slip through the cracks. Now teams can be confident they know exactly what is running across their environment as well as the risk it presents to the business.

Vulnerability detection for Windows-based applications

Windows applications have always been popular, and keeping vulnerabilities low has always been critical. As organizations rapidly migrate applications to the cloud, it’s critical that they have full visibility of their risks, including vulnerabilities (CVEs) that could be exploited by bad actors. With the new Lacework Windows vulnerability management capabilities, customers can detect vulnerabilities in Windows operating systems, and gain much needed visibility for Windows applications they are “lifting and shifting” to the cloud, or for those applications that can only run on Windows.

Expanded support for Oracle Cloud Infrastructure (OCI)

Organizations are looking for choices in their multicloud journey and today we are announcing our support for OCI. Customers are looking to build net-new high-performance workloads and applications in their OCI stack as well as migrate their on-premises cloud workloads and applications to OCI. This offering provides a central management console for visibility and posture management across Amazon Web Services (AWS), Google Cloud, Azure, and OCI deployments. Lacework continuously ingests OCI cloud activity logs to build a complete Oracle Cloud asset inventory across projects and services. Lacework delivers automated, end-to-end security across clouds. For more information, visit our blog.

Custom frameworks

While industry compliance benchmarks and frameworks like CIS and SOC 2 provide a starting point for risk assessments, larger organizations with complex environments and more mature security programs have additional requirements that must be continuously met. Our new custom frameworks allow organizations to operationalize their cloud security requirements by building and managing custom risk assessments that contain a combination of custom authored Lacework Query Language (LQL) and out-of-the-box policies within the Lacework UI. This dramatically simplifies policy management and improves accuracy of security and compliance assessments.

Prioritize findings based on context

Attack path analysis for Azure

Security teams can’t seem to catch a break. Alerts fire away, and teams struggle to understand which alerts pose the greatest risk, and what to prioritize first. Putting risks into context is paramount to prioritizing action based on how an attacker could successfully exploit your environment. In a single view, Lacework correlates multiple attack vectors, including internet exposure, critical vulnerabilities, exposed secrets, misconfigurations, and associated IAM roles to help accelerate response times by pinpointing exactly which Azure assets are most vulnerable to attack.

Composite alerts for Google Cloud

We are happy to announce that our Lacework composite alert for Google Cloud is now generally available (GA). As you may recall, we announced this capability earlier this year. Our “Potentially Compromised Google Cloud Identity” composite alert detects early signs of an attack that otherwise may be missed or overlooked. By combining multiple alerts, noisy data points, and low-level signals into one highly actionable alert, customers are provided early notification of any suspected use of compromised credentials. This consolidated view makes it easy for teams to gain the relevant evidence necessary to further investigate, triage and mitigate an attack.

Operationalize security across complex environments with ease

AWS org level workload scanning and multi-account reporting

Enterprises need solutions that increase efficiency and streamline operations at scale. Lacework now offers AWS org level scanning along with new multi-account reporting capabilities that give customers a single view of their agentless workload scans to consolidate risks for their AWS accounts, creating a better user experience that not only saves time, but helps prevent you from inadvertently missing critical risks.

Resource Explorer

Teams struggle to gain visibility of their many and often changing cloud resources. And larger organizations with larger cloud deployments typically have to manage multiple cloud service providers. With our new Resource Explorer capabilities, teams can gain visibility of all AWS, Google Cloud, and Azure resources within a single view. They also gain a consolidated view of all risks for a particular asset, including runtime alerts, vulnerabilities, misconfigurations, and more. With this holistic perspective, organizations can take proactive steps to mitigate risks before they escalate into serious security incidents. They can also sort assets based on different risk facets, such as alerts, vulnerabilities, and compliance violations, and filter results based on business context to prioritize their security efforts efficiently and effectively.

ServiceNow Vulnerability Response

Lacework now supports two ServiceNow Vulnerability Response offerings for infrastructure and container applications. This integration, currently available in the ServiceNow marketplace, enables ServiceNow Vulnerability Response application to import and automatically group vulnerable items according to group rules, allowing customers to better track, prioritize, and remediate vulnerabilities. To find out more, view our ServiceNow launch blog.

To learn more or get your hands on any of these new features, access a trial here or join an upcoming product tour.