Cloud Security Is a Data Problem
July 21, 2021
Unprecedented data growth is forcing enterprises around the world to reconsider their data storage infrastructure, forgoing legacy architecture and shuffling to cloud platforms. But while we’re focused on migrating our data from one place to another, we tend to overlook the most important aspect of data management: security. At Lacework, we’ve always believed that security is a data problem, which is why we built our rules-free PolygraphTM technology.
Polygraph is our name for the unsupervised machine learning foundation that allows Lacework’s cloud security platform to address the inherent ephemerality and intricacy of cloud software. By forming a coherent, stable viewpoint of customers’ cloud activities, Polygraph can establish a baseline of what constitutes normal activities in each customer’s environment. From this baseline, Lacework can clearly identify all errant and anomalous activities and—when such anomalies occur—raise highly effective and precise alerts to our customers, whether or not they are the result of a misconfiguration, a well-known attack, or a zero-day intrusion. With detection based on Polygraph, customers only receive alerts when necessary—and they are not bombarded with false alarms.
To use Gartner’s cloud security terminology, Polygraph enables Lacework to provide a full Cloud Workload Protection Platform (CWPP) without any manual determination of what users and services are doing, while also avoiding the need for costly and awkward SIEM integration. And for the Cloud Security Posture Management (CSPM) features of the Lacework platform, Polygraph delivers the contextual insights necessary for the efficient handling of compliance, vulnerability, and audit tasks, saving time and improving our customers’ agility. Our unique approach has given us a leg up on the competition from day one. By taking an automated, data-first approach rather than a manual rules-based one, for the last few years our customers have been able to benefit from this converged approach to security. Seeing Gartner acknowledge this shift with the emergent Cloud Native Application Protection Platform (CNAPP) category is both exciting and gratifying for us.
Our platform has been built on data-driven techniques like Polygraph to provide end-to-end, converged security benefits across all of our customers’ cloud operations from the very beginning. This is why we’re honored and proud to be recognized in Gartner’s Cloud Security Cool Vendors for the second time.
Since our founding in 2015, Lacework has been laying the foundation for automatically ingesting, storing, and analyzing all relevant data about the cloud software, configurations, and operations of our customers. As a consequence, Lacework is unique in the cloud security market in its ability to offer comprehensive protection without large investments in security operations and the manual crafting of rules. What sets Lacework apart is our patented Polygraph technology for detecting anomalies in our customers’ cloud activities.
Polygraph is based on the collection and ingestion of complete real-time activity data in an efficient and scalable way, and a historical data store of up to 6 months of detailed, correlated data across your network, applications, users, and services.
- Polygraph contextualizes and organizes both current and historical data into the activities and behaviors that are unique to each customer’s environment.
- Polygraph automatically builds a model of each customer’s cloud activities and their interconnections, using machine learning to capture expected behaviors and workloads.
- Polygraph leverages its deep understanding of customers to perform anomaly detection that captures and surfaces any unexpected changes that might be security issues—the needles in the haystack—along with their full context in the workload.
- Polygraph’s anomaly detection is highly effective, with an industry-leading signal-to-noise ratio, raising on average fewer than 2 critical/high alerts per day!
What’s more—Polygraph drives more than a highly efficacious alert experience, it drives meaningful business value including reduced total cost of ownership, improved productivity, increased revenue generation, and importantly—reduced organizational risk against a catastrophic cybersecurity event. Here’s just a sampling of the kind of transformational business value Lacework drives for customers:
- Reduce security spend:
- For one leader in digital trust and safety, Lacework reduced their security spend by 50% and accelerated their security roadmap by 6 months.
- Lacework also cut LendingTree’s security bill in half; furthermore, our ability to effectively identify unknown threats reduced their annual risk by an estimated $1.2M.
- Consolidate tools:
- For a cloud software company, Lacework supplanted and consolidated 2 previous tools and reduced their critical alerts from 150 per day to 1.
- Develop software faster and more securely:
- One healthtech company described Lacework as having 20 more DevSecOps engineers that enabled them to focus on what is really important to their business, such as developing software faster.
- One biotech company wasn’t able to release their first revenue generating cloud application because they didn’t have security tooling to secure their environment; after installing Lacework, they hit their delivery date.
- Meet compliance and unlock new business opportunities:
- A software company in Atlanta leveraged Lacework to achieve SOC2 compliance and unlocked $2M in ARR.
We LOVE enabling customers and are so grateful for the opportunity to serve them each and every day. At Lacework, we fundamentally believe our data-science-meets-cloud security approach will not only continue to empower our customers to move quickly and yet be protected as new cloud technologies and use cases come along. We also believe that a data-centric point of view will separate the leaders from the followers in the emerging CNAPP market.
As data expands and the cloud inevitably grows, the attack surface becomes seemingly infinite. Rules-based approaches will fail at scale as the world increasingly embraces the cloud, whose scale, agility, and apparent simplicity belies the complexity that comes along with securing it. In the cloud, the expiration date on rules-based approaches is quickly approaching.