Identify and Analyze Anomalies in Cloud and Container Environments
Public clouds enable enterprises to implement infrastructure-as-code and allows them to rapidly develop, test, and deploy services at scale. In this environment, network resources are in constant flux, providing ample opportunities for attackers. Unfortunately, legacy security solutions are ill-equipped to handle these and leave organizations vulnerable. IT security teams need solutions that leverage anomaly detection to safeguard cloud data.
Treat Security Like a Data Problem
Traditional security solutions rely on signatures, or rule-based approaches, where rules are readily understandable – but the drawbacks are that these rules are manually entered and do not catch new attack profiles. To reduce false-positive rates, the rules are often written for very well-defined threat scenarios, limiting their effectiveness in production environments.
Lacework takes a completely different approach to anomaly detection. We collect high fidelity process, network, file, and user data to form a base model of normal infrastructure behavior. We then use sophisticated analytics and machine learning techniques to detect anomalies that may indicate threats. Our anomaly detection system is as adaptive as your environment is dynamic. In addition, because these baselines are generated automatically, we fine-tuned our solution to reduce false positives.
Use Lacework’s Polygraph to Bolster Security
Polygraph, our security foundation, and deep temporal baseline, is built from collecting machine, process, and user interactions. It detects anomalies, generates appropriate alerts, and provides a tool for users to investigate and triage issues.
This Polygraph technology dynamically develops a behavioral model of your services and infrastructure. Our model understands natural hierarchies including processes, containers, pods, and machines. It then develops behavioral models that Polygraph monitors in search of activities that fall outside the model’s parameters. In addition, the Polygraph continually updates its models in order to:
- Pinpoint exactly how a file changes.
- Investigate anomalous events and activities related to FIM signals.
- Provide cloud-wide capabilities for search, file type summaries, and detection of new files.