Swift insights, smarter decisions with Lacework Context Panels

What do you call a convicted SMS message? Con-text

Mary SinghMay 6, 20244 min read

When your team gets a security alert, the last thing you need is to waste time searching for key details. With new Context Panels from Lacework, you’ll get immediate, relevant context directly on the alert details page in a faster and more consolidated view. Now, there’s no need to navigate through several different pages to get the data you need to understand the severity of an alert. Context Panels simplify the alert investigation process and embed a concise, informative widget within the alert interface. This allows for a more efficient review of alerts, ensuring that security teams can quickly grasp the essential details in a single, easily-readable location that doesn’t require multiple clicks.

Faster, easier alert investigations

First, let’s look at how someone may react to an incident.

During a complex security investigation, a security analyst encounters multiple alerts that involve suspicious IPs and unusual account activities across different servers. One of the first things they need to do is validate the threat, which requires a look into all the hosts, domains, and IPs that communicated with this machine. They also need to check downstream communication (especially if the threat is confirmed). 

Advanced Context Panels allow the analyst to easily see all those entity details without breaking context. This single view includes detailed account information, host exposure levels, and environment context (production, development, testing) with real-time data on malicious IPs, including relevant threat intelligence scores and geographical origins. This enables the analyst to quickly identify the IP as having a high threat score due to its previous involvement in phishing attacks. 

The analyst is able to sift through the multitude of entities, distinguishing between relevant and irrelevant content based on detailed, contextual insights faster than ever before — all within the alert. 

The Machine Context Panel presents the risk summary, including which environment this machine exists in, if it’s vulnerable via an attack path, and if any critical risks are present. Once the analyst has the necessary information, they simply close the modal dialog and continue their investigation seamlessly. Thanks to Context Panels, they’re be able to do this with a single click and scroll, as shown below:

Context Panels enhance the investigation process in two ways:

The tool ensures that every piece of information is directly accessible, facilitating a rapid and accurate assessment of potential impacts and risks. This streamlines the decision-making process and lowers the mean-time-to-triage (MTTT), which includes threat evaluation and incident response within your security environment, during an investigation. 

The Machine Context Panel allows for immediate access to a host's account details, internet exposure, and resource group (production, development, testing) through a single pane on the current screen, enabling quick assessment of the impact and risk associated with an alert.

Similarly, the External Network Address Context Panel simplifies threat identification by displaying clear indicators of malicious IPs, including their threat intelligence scores and geographic data. This integration facilitates a much faster evaluation of network-related alerts, helping your team swiftly limit and mitigate potential risks and threats to your organization.

Developed with your input

Context Panel development is guided by feedback from security teams and designed to streamline the severity assessment of alerts, all while providing immediate context to better understand the behavior and risk associated with the involved entities. It’s now easier than ever for your teams to focus on the most critical aspects of an alert by surfacing only the most relevant information.

Explore the benefits of the Context Panel and see how it can transform your approach to cloud security investigations. Sign up for your 14-day free trial here.


Suggested for you