Blog

The Basics of Configuration Compliance

The public cloud has enabled customers to move fast and adapt to changing needs by allowing them to quickly spin up infrastructure programmatically or with just a few clicks. This has allowed companies to grow quickly, and for technological advancements to be implemented rapidly. However, as simple as it is to stand up infrastructure it’s […]

Read More…

Latest Hacks: Microsoft’s Hotmail, MSN Compromised With User Credentials

Microsoft has admitted that email accounts for MSN.com and Hotmail, both services owned and managed by Microsoft, have had their accounts compromised sometime between January 1 and March 28, 2019. It appears that attackers were able to identify user’s email addresses, email folder names, email subject lines, and the email addresses of those with whom […]

Read More…

Cryptojacking Campaign Targets Exposed Kubernetes Clusters

Reports on in-the-wild attacks on Kubernetes clusters are somewhat sparse. This coupled with multiple attack vectors prompted us to deploy Kubernetes honeypots with very loose security controls to catch real-world attacks. Our hypothesis was that an attack would happen quickly through the insecure API and that the attacker would abuse the cluster to deploy coinminers. […]

Read More…

Why Process-to-Process Visibility Is So Important

One of the challenges in securing processes operating in cloud environments is the visibility limitations imposed either by the cloud service provider or the customer’s solution architecture. In the case of the cloud service provider, because the environment is shared by everyone who has access to that cloud service, including many thousands of their customers […]

Read More…

Stratics Networks Robocaller Database Exposed on AWS

If robocalls raise your blood pressure and cause you to scream things your mother would not be proud of, you may want to avoid breakable items because now there is even MORE of a reason to be angry. Toronto-based Stratics Networks invented “ringless voicemails” which are used by telemarketers to autodial massive lists of numbers […]

Read More…

The New School of Security: Using the Cloud to Secure the Cloud

Legacy security was built on the premise of a moat; keep people and data away from the infrastructure, and they can’t attack it. Firewalls, intrusion detection systems, or intrusion prevention systems –  these tools delivered “network-centric” solutions and aimed to keep access at a safe distance. Originally, firewalls performed the task of preventing unwanted, and […]

Read More…

Facebook Exposes User Data Through Unprotected AWS S3 Buckets

Two repositories of unprotected Facebook user data sitting in Amazon S3 buckets have been discovered. More than 540 million files with personal data were exposed, potentially leaking hundreds of millions of records about users, including their names, passwords, comments, interests, and likes. The data sets had been uploaded to Amazon’s cloud system by two different […]

Read More…

File integrity monitoring Lacework

File Integrity Monitoring: Using Lacework’s SaaS Solution for SaaS Environments

One of the critical distinctions about Lacework is in our approach. While all security vendors talk about things like security posture and identification of threats, we have actually constructed a methodology that is tactically applied to finding issues, alerting on them, and preventing issues. We also realize that the best way to deliver security is […]

Read More…

Cloud Security This Week – March 29, 2019

New From Lacework Security Relevance Can’t Be Bought Surprisingly, some security vendors see the confusion in the problem and apply confusion to the solution. Palo Alto Networks has taken the approach that variety and inconsistency make for a compelling security story.  Avoiding Limitations of Traditional Approaches to Security To get a better understanding of the […]

Read More…

Ways to get cloud security wrong blog

There Are a Lot of Ways to Get Cloud Security Wrong

In a previous blog on new approaches to security, we looked at how traditional data center defenses were designed to protect a defined perimeter by monitoring and controlling data that moves in and out of the network environment. Defending the perimeter requires a layered defense strategy that typically includes routers, firewalls, antivirus protection, and access/ID […]

Read More…

Lacework is purpose-built for cloud and container security; Palo Alto Networks is employing a duct tape strategy.

Security Relevance Can’t Be Bought

Lacework is purpose-built for cloud and container security; Palo Alto Networks is employing a duct tape strategy.   Those of us who sweat the details of things like configurations and file integrity monitoring know that complexity and imprecision are our constant enemies. Enterprise data lives and functions in a massively complex, continuously changing state that […]

Read More…

Cloud Security This Week – March 22, 2019

New from Lacework Integrating DevOps and Security While DevOps emphasizes speed, it has not always necessarily focused as much on security. Learn the three key practices that are critical to integrating the processes and mindsets of DevOps and SecOps. Triaging a CryptoSink Infection in 5 Minutes with Lacework When triaging an alert, a security analyst […]

Read More…

Integrating DevOps and Security

With the cloud, enterprises gain operational and management advantages of agility, scalability, and ease of use. The cloud also enables IT teams to apply continuous integration/continuous deployment (CI/CD) methods to deliver applications and functionality rapidly. To capitalize on the capabilities of the cloud, many organizations are turning to a development and delivery methodology known as […]

Read More…

Triaging a CryptoSink Infection in 5 Minutes with Lacework

Triaging a CryptoSink Infection in 5 Minutes with Lacework

In medical terms, triage is the assignment of degrees of urgency to wounds or illnesses to decide the order of treatment of a large number of patients or casualties. For security practitioners, triage is assigning priorities and order to security events. When triaging an alert, a security analyst needs to quickly and accurately determine if […]

Read More…

The Cloud’s Unique Security Challenges

The Cloud’s Unique Security Challenges

One of the greatest cloud security challenges comes from the fact that the cloud delivers its infrastructure components, things like gateways, servers, storage, compute, and all the resources and assets that make up the cloud platform environment, as virtual services. There is no traditional network or infrastructure architecture in the cloud. Deploying workloads into the […]

Read More…

Anomaly Detection vs. Rules: Better Security Insights, Designed for the Modern Enterprise

Traditionally with monitoring tools – whether security, application, or infrastructure – it’s necessary to invest considerable time configuring the product and writing rules that are specific to your environment. This is done so your team gets the right alerts on issues that run counter to your requirements and environmental set up. With innovations in machine […]

Read More…

Container Security: A Popular Topic at BSidesSF ‘19

Before the masses assembled for RSAC, BSidesSF 2019 took place at the Metreon AMC 16 in San Francisco, CA. As it turns out, a movie theater is an amazing venue for a conference like BSides. Talks were held in the City View movie theaters and even the IMAX theater, which happens to be the 3rd […]

Read More…

Cloud Security This Week – March 1, 2019

New from Lacework Lacework at RSA Lacework is going to rock RSA, and we want you to join us! Here’s a guide to all the Lacework parties, sessions, panels, and secrets to getting our sweet swag. Booth #4603 – we’ll be there with the volume cranked up to 11! Avoiding Container Vulnerabilities To get a […]

Read More…

Talking Kubernetes at Denver ISSA

Last month we had the pleasure of speaking about securing Kubernetes at ACoD 2019. This month I had the opportunity to speak on the same topic at the Denver Information Systems Security Association (ISSA) chapter meetings. Denver ISSA is a not-for-profit organization with a mission of “Developing and Connecting Denver’s Cybersecurity Leaders.” They hold chapter meetings […]

Read More…

For Those About To Rock RSA, Lacework Salutes You!

The city by the bay is the birthplace of the Grateful Dead, Journey, Sly & the Family Stone and a pantheon of great rockers. The Sex Pistols famously went out in a blaze of glory at the Mabuhay Gardens on Broadway, and Metallica still comes home regularly to rock the bay. The history of rock […]

Read More…

PCI Compliance in the Public Cloud

Compliance frameworks provide a structure for how enterprises organize and secure their content and resources. Because they are created and governed for the purposes of protection and interoperability, they provide necessary safeguards that help organizations structure their security posture. They can also be onerous and burdensome which can lead to security and compliance teams falling […]

Read More…

Cloud Security This Week – February 22, 2019

New from Lacework Lacework Extends Multicloud Support With Workload And Account Security For Google Cloud Platform Lacework has released a new version that provides support for Google Cloud Platform (GCP) and Google Kubernetes Engine (GKE). This latest version allows customers to apply threat detection and deep visibility into cloud events for workloads and accounts across multiple […]

Read More…

Lacework for GCP: Security for Orchestration, Multicloud, and Kubernetes

This week, Lacework announced support for Google Cloud Platform (GCP), which further establishes our commitment to customers running workloads in multicloud environments. It comes on the heels of our recent support for Azure, and before that, support for Kubernetes. The net of all of this is that as organizations increase the reach of their data, […]

Read More…

Lacework for Azure and Multicloud Environments: One Solution for the Problem of Cloud Security

Lacework for Azure and Multicloud Environments: One Solution for the Problem of Cloud Security

Lacework today announced support for Microsoft Azure, which means two things: Our customers get threat detection of behavioral anomalies for cloud and container environments as a single pane of glass over both AWS and Azure. With so many of our customers opting to distribute workloads into different environments, this now gives them security coverage over […]

Read More…

Art Into Science: Conference Overview & Securing K8s

Photo via Art into Science 2019 Last week we had the pleasure of attending and presenting at Art into Science: A Conference for Defense (ACoD) 2019. It was a blast listening to a variety of amazing talks, and speaking on Kubernetes security. In this post, we share background on the conference, discuss some of our […]

Read More…

Your etcd is Showing: Thousands of Clusters Open to the Internet

Photo by Matt Artz on Unsplash Usage of the distributed key-value store etcd is at an all time high. The fastest growing open source project Kubernetes uses etcd to store data critical to the operation of its clusters. Like many open source, easy to use data stores, the simplicity of setup is a double edged sword. […]

Read More…

Takeaways From my First Week at Lacework

After a whirlwind end to 2018 filled with traveling, transitioning from Cisco, followed by more traveling, I officially completed my first week as Director of Channel Sales at Lacework. From the second I walked in the door at our Mountain View headquarters, a few things became abundantly clear: 1.)  The office is a beehive of […]

Read More…

ELF of the Month_ Latest Lucky Ransomware Sample

ELF of the Month: New Lucky Ransomware Sample

Photo by Kiki Wang on Unsplash News broke in late November 2018 about a ransomware variant dubbed Lucky Ransomware that targets both Linux and Windows platforms. A recent sample of the ransomware module was uploaded to VirusTotal in mid-December 2018 with some different characteristics than previously reported samples. In this month’s edition of ELF of the […]

Read More…

5 Highlights From an Exceptional Year at Lacework

As the year comes to a close, it’s fitting to take time to reflect on the past twelve months and take stock of what we have accomplished at Lacework. It was undoubtedly an eventful year in the history of our company, which was validated by a major funding round, the doubling in size of our […]

Read More…

Cloud Security This Week – December 21, 2018

New from Lacework Kubernetes CVE-2018-1002105 Given the release of CVE-2018-1002105, visibility and threat detection for your Kubernetes cluster is paramount. Kubernetes clusters can become very complex very fast. It’s important to stay a step ahead and have the insights you need to protect your cluster. My Mom is Sick and Tired of Your Weak S3 […]

Read More…

Blog | My Mom is Sick and Tired of Your Weak S3 Bucket Policies

My Mom is Sick and Tired of Your Weak S3 Bucket Policies

Cloud security has headlined so many stories over the past year that the term “leaky S3 bucket” even rolls off the tongue of my mother with ease and accuracy. Indeed, S3 bucket issues have become almost shorthand for the vulnerabilities that IT infrastructures face in the cloud, but they highlight just one problem among an […]

Read More…

Kubernetes CVE-2018-1002105

On December 3rd a critical Kubernetes vulnerability was announced under CVE-2018-1002105. This vulnerability scored a 9.8 out 10 on the Common Vulnerability Scoring System (CVSS). The vulnerability stems from an issue with Kubernetes API Server (kube-apiserver) handling proxy requests when upgrading to WebSockets. The vulnerability ultimately can allow authenticated and unauthenticated users to make API […]

Read More…

Cloud Security This Week – December 14, 2018

New from Lacework AWS Spot Instance and Cloud Security All cloud providers have some type of a compute product offering which lets the user bid for the resource they need to complete or for more tasks. Amazon web services has led the way, offering a low cost EC2 usage option called Spot Instance. The model […]

Read More…

Cloud Security This Week – November 30, 2018

  At the risk of sounding like an alarmist, the fact is that this week was an absolute doozy for security-watchers. Leading off with the massive breach of 500 million Starwood customer records, to evidence that NSA hacking tools are still being used for nefarious purposes, it makes one question if we’re getting any better […]

Read More…

ELF of the Month_ Linux DDoS Malware Sample

ELF of the Month: Linux DDoS Malware Sample

Each month we take a look at a malicious Executable and Linkable Format (ELF) file, the common executable file format for Unix and Unix-like Operating Systems, and share details about the sample. In this edition of ELF of the Month we take a look at a Linux DDoS sample recently uploaded to VirusTotal. This particular […]

Read More…

Next Generation Firewall is Your Grandfather’s Generation in the Cloud

I have been in security for a long time. Seeing the firewall replaced with the “Next Generation Firewall” signaled a big milestone as we went from a model that focused on IP addresses to one that targeted applications, users and content. It was a major shift that provided a lot more visibility and context on […]

Read More…

Securing Innovation in the Public Cloud

Securing Innovation in the Public Cloud

Photo by Clayton Holmes on Unsplash I recently attended the Colorado CSA Fall Summit and wanted to share some insights and themes from the conference. The CSA summit included presentations on all things cloud security. On the technical side there were talks on DevSecOps, cloud pen testing, AWS encryption, cryptocurrency, and container security. One of […]

Read More…

A Cybersecurity Three Pointer: How Basketball Explains Risk in the Cloud

A Cybersecurity Three Pointer: How Basketball Explains Risk in the Cloud

Photo by Erica Nilsson on Unsplash Basketball season is in full swing which means we’re in for some long range Steph Curry three pointers, savage Giannis Antetokounmpo dunks, and an endless supply of Gregg Popovich memes. Teams have to be ready for anything in the course of the season, and those most able to be […]

Read More…

Why Organizations Are Still Learning From the Uber Breach

Why Organizations Are Still Learning From the Uber Breach

Photo by Dan Freeman on Unsplash This has been a rough month for Vasile Mereacre and Brandon Glover. These two gentlemen were arrested for their parts as the hackers who stole millions of users’ data from Uber in 2016, and were also indicted on federal hacking and extortion charges for stealing user data from 55,000 […]

Read More…

Cloud Security This Week – October 26, 2018

  New from Lacework Security Table Stakes: A Blueprint for Securing Your Cloud Environment It’s important for a security strategy to pay attention to the different pieces of the cloud stack and address their unique security needs with the following approach and actions.   Webinar Replay: Prevent Cryptocurrency Mining in Your AWS Account Learn why […]

Read More…

Security Table Stakes: A Blueprint for Securing Your Cloud Environment

Security Table Stakes: A Blueprint for Securing Your Cloud Environment

Photo by Chris Liverani on Unsplash Security teams who are responsible for their organization’s workloads running in the cloud must first understand the layers that make up the components of their cloud stack. While different in structure from on-premises stacks, a cloud environment is still dependent upon each layer performing its key functions. Those layers […]

Read More…

Cloud Security This Week – October 19, 2018

  New from Lacework Anatomy of a Redis Exploit Insight into a honeypot experiment conducted by Lacework where we created a Redis honeypot. In our monitoring, we detected a cryptocurrency mining botnet that compromised the server by exploiting a Lua vulnerability. We explain the experiment framework and what we discovered.   Lacework Meetup: Securing Containers […]

Read More…

Redis Compromise: Lacework Detection

Recently we published a blog on the internals of a Redis compromise with an infection on one of our external-facing honeypots and this is a follow up which demonstrates how the Lacework service would help identify the attack at a variety of stages in the attacker life-cycle. As I outlined in a previous blog about the […]

Read More…

Anatomy of a Redis Exploit

Anatomy of a Redis Exploit

Photo by Sonja Langford on Unsplash At Lacework Labs we have been setting up honeypots as part of our ongoing research into securing public cloud infrastructure. Recently we noticed one of our Redis honeypots was compromised. We were running a stock version of Redis which allowed inbound connections. During our monitoring, a cryptocurrency mining botnet […]

Read More…

Cloud Security This Week - October 12, 2018

Cloud Security This Week – October 12, 2018

  New from Lacework Network Security Vendors Are Trying to Buy Their Way Into Relevance Consolidation, investment, and acquisition in the security market is a great validation that demand for the cloud continues at a breakneck pace. But it’s not necessarily making customers safer.   Inside Lacework: Set Up Lacework with AWS We cover how […]

Read More…

History is repeating itself with cybersecurity acquisitions. It’s NOT making organizations safer.

The New Security Stack: While old school security vendors are trying to buy their way into relevance, it’s still not making organizations any safer

Photo by Jacek Dylag on Unsplash We’ve heard it a million times: those who don’t learn from history are doomed to repeat it. Some of us take heed, while most figure we can beat history on our own terms. What we can’t beat, however is evolution. Evolution has brought us, both from a technology and […]

Read More…

Cybersecurity is Everyone’s Business, All the Time

Cybersecurity is Everyone’s Business, All the Time

Photo by Dianor S on Unsplash This week begins the Department of Homeland Security’s National Cyber Security Awareness Month which promotes awareness and best practices for how citizens should think about security and how it relates to their data, their organizations, and ultimately, our nation. Just as Smokey the Bear was created in the 1940’s […]

Read More…

Cloud Security This Week

Cloud Security This Week – September 28, 2018

  New from Lacework Cybersecurity in the News…Again…And Again A roundup of three major cybersecurity breaches. This is becoming common, and not just for people who live the world of cybersecurity. It’s a harbinger of our connected world, and one that keeps delivering headlines.   Secure Your AWS Cloud with Lacework Webcast replay that explains […]

Read More…