Blog

Cloud Security This Week – November 30, 2018

  At the risk of sounding like an alarmist, the fact is that this week was an absolute doozy for security-watchers. Leading off with the massive breach of 500 million Starwood customer records, to evidence that NSA hacking tools are still being used for nefarious purposes, it makes one question if we’re getting any better […]

Read More…

ELF of the Month_ Linux DDoS Malware Sample

ELF of the Month: Linux DDoS Malware Sample

Each month we take a look at a malicious Executable and Linkable Format (ELF) file, the common executable file format for Unix and Unix-like Operating Systems, and share details about the sample. In this edition of ELF of the Month we take a look at a Linux DDoS sample recently uploaded to VirusTotal. This particular […]

Read More…

Next Generation Firewall is Your Grandfather’s Generation in the Cloud

I have been in security for a long time. Seeing the firewall replaced with the “Next Generation Firewall” signaled a big milestone as we went from a model that focused on IP addresses to one that targeted applications, users and content. It was a major shift that provided a lot more visibility and context on […]

Read More…

Securing Innovation in the Public Cloud

Securing Innovation in the Public Cloud

Photo by Clayton Holmes on Unsplash I recently attended the Colorado CSA Fall Summit and wanted to share some insights and themes from the conference. The CSA summit included presentations on all things cloud security. On the technical side there were talks on DevSecOps, cloud pen testing, AWS encryption, cryptocurrency, and container security. One of […]

Read More…

A Cybersecurity Three Pointer: How Basketball Explains Risk in the Cloud

A Cybersecurity Three Pointer: How Basketball Explains Risk in the Cloud

Photo by Erica Nilsson on Unsplash Basketball season is in full swing which means we’re in for some long range Steph Curry three pointers, savage Giannis Antetokounmpo dunks, and an endless supply of Gregg Popovich memes. Teams have to be ready for anything in the course of the season, and those most able to be […]

Read More…

Why Organizations Are Still Learning From the Uber Breach

Why Organizations Are Still Learning From the Uber Breach

Photo by Dan Freeman on Unsplash This has been a rough month for Vasile Mereacre and Brandon Glover. These two gentlemen were arrested for their parts as the hackers who stole millions of users’ data from Uber in 2016, and were also indicted on federal hacking and extortion charges for stealing user data from 55,000 […]

Read More…

Cloud Security This Week – October 26, 2018

  New from Lacework Security Table Stakes: A Blueprint for Securing Your Cloud Environment It’s important for a security strategy to pay attention to the different pieces of the cloud stack and address their unique security needs with the following approach and actions.   Webinar Replay: Prevent Cryptocurrency Mining in Your AWS Account Learn why […]

Read More…

Security Table Stakes: A Blueprint for Securing Your Cloud Environment

Security Table Stakes: A Blueprint for Securing Your Cloud Environment

Photo by Chris Liverani on Unsplash Security teams who are responsible for their organization’s workloads running in the cloud must first understand the layers that make up the components of their cloud stack. While different in structure from on-premises stacks, a cloud environment is still dependent upon each layer performing its key functions. Those layers […]

Read More…

Cloud Security This Week – October 19, 2018

  New from Lacework Anatomy of a Redis Exploit Insight into a honeypot experiment conducted by Lacework where we created a Redis honeypot. In our monitoring, we detected a cryptocurrency mining botnet that compromised the server by exploiting a Lua vulnerability. We explain the experiment framework and what we discovered.   Lacework Meetup: Securing Containers […]

Read More…

Redis Compromise: Lacework Detection

Recently we published a blog on the internals of a Redis compromise with an infection on one of our external-facing honeypots and this is a follow up which demonstrates how the Lacework service would help identify the attack at a variety of stages in the attacker life-cycle. As I outlined in a previous blog about the […]

Read More…

Anatomy of a Redis Exploit

Anatomy of a Redis Exploit

Photo by Sonja Langford on Unsplash At Lacework Labs we have been setting up honeypots as part of our ongoing research into securing public cloud infrastructure. Recently we noticed one of our Redis honeypots was compromised. We were running a stock version of Redis which allowed inbound connections. During our monitoring, a cryptocurrency mining botnet […]

Read More…

Cloud Security This Week - October 12, 2018

Cloud Security This Week – October 12, 2018

  New from Lacework Network Security Vendors Are Trying to Buy Their Way Into Relevance Consolidation, investment, and acquisition in the security market is a great validation that demand for the cloud continues at a breakneck pace. But it’s not necessarily making customers safer.   Inside Lacework: Set Up Lacework with AWS We cover how […]

Read More…

History is repeating itself with cybersecurity acquisitions. It’s NOT making organizations safer.

The New Security Stack: While old school security vendors are trying to buy their way into relevance, it’s still not making organizations any safer

Photo by Jacek Dylag on Unsplash We’ve heard it a million times: those who don’t learn from history are doomed to repeat it. Some of us take heed, while most figure we can beat history on our own terms. What we can’t beat, however is evolution. Evolution has brought us, both from a technology and […]

Read More…

Cybersecurity is Everyone’s Business, All the Time

Cybersecurity is Everyone’s Business, All the Time

Photo by Dianor S on Unsplash This week begins the Department of Homeland Security’s National Cyber Security Awareness Month which promotes awareness and best practices for how citizens should think about security and how it relates to their data, their organizations, and ultimately, our nation. Just as Smokey the Bear was created in the 1940’s […]

Read More…

Cloud Security This Week

Cloud Security This Week – September 28, 2018

  New from Lacework Cybersecurity in the News…Again…And Again A roundup of three major cybersecurity breaches. This is becoming common, and not just for people who live the world of cybersecurity. It’s a harbinger of our connected world, and one that keeps delivering headlines.   Secure Your AWS Cloud with Lacework Webcast replay that explains […]

Read More…

In the news - cyberattacks or the discovery of a breach of sensitive data.

I Read the News Today, Oh Boy

Photo by Flemming Fuchs on Unsplash Every morning, I begin my day with the same routine I’ve had for many years. You and I aren’t that close yet, so I won’t go into the specifics of my dawn activities, but I can safely divulge that it involves fleece, coffee, and a quick scan of the […]

Read More…

Privilege Escalation and a Proposal for Acceptable Exclusion

Privilege Escalation and a Proposal for Acceptable Exclusion

Photo by Annie Sowards on Unsplash “I’d never join a club that would allow a person like me to become a member.” — Woody Allen Social concepts about exclusivity and inclusion have changed over the last 50 years. It used to be common for social and professional clubs to aggressively seek homogeneity among their membership and exclude […]

Read More…

Lacework Supports PCI Compliance with FIM Solution

Lacework Supports PCI Compliance with FIM Solution

Photo by Samuel Zeller on Unsplash If you wanted to name a technology product category so it got beat up in the schoolyard, you might call it File Integrity Monitoring. Like a lot of products in the security space, File Integrity Monitoring (FIM) as a moniker accurately explains what the solution provides, but it’s about […]

Read More…

Lacework Kubernetes Meetup

Kubernetes, Pizza, and Learning From Our Community

  Yesterday was a big day for Lacework. We announced a $24 million series B round of funding which will help us continue our momentum in building the market’s most comprehensive cloud security solution. Even in today’s funding environment, that’s a significant amount, and we already have plans to invest heavily (and wisely) in product development, […]

Read More…

Using the Cloud to Secure the Cloud: Lacework and the New Era of Cloud Security

Using the Cloud to Secure the Cloud: Lacework and the New Era of Cloud Security

Today, we announced a great milestone for Lacework — the closing of a $24 million Series B round of funding from a stellar group of investors that includes Sutter Hill, Liberty Global Ventures, Spike Ventures and the Web Investment Network (WIN). This is a massive opportunity, and not just because we have capital to continue […]

Read More…

PCI Compliance for cloud environments: Tackle FIM and other requirements with a host-based approach

PCI Compliance for Cloud Environments: Tackle FIM and Other Requirements With a Host-Based Approach

Photo by Hannes Egler on Unsplash Compliance frameworks and security standards are necessary, but they can be a burden on IT and security teams. They provide structure, process, and management guidelines that enable businesses to serve customers and interoperate with other organizations, all according to accepted guidelines that facilitate a better experience for end users. […]

Read More…

We just looked at 2 billion #cloud events

I Just Looked at 2 Billion Cloud Events. Here’s What I Found.

Photo by Jase Ess on Unsplash Our relationship with Lacework customers usually starts with a 30-day trial of our solution. Going in to it, they typically acknowledge lack of necessary visibility into their cloud environment. They also, however, tend to massively discount the reality of threats and risks to which they’re exposing their users and data. It’s not […]

Read More…

Security Can’t Start Until Multi-Factor Authentication is Turned On

Passwords have long been a target for cybercriminals since they became necessary for switching between users on computers, validating a simple but important security layer. Passwords are typically weak enough to be susceptible to brute force attacks, or too complex to easily remember. Even password generators and password management tools like LastPass have not been […]

Read More…

How Ronaldo’s Hair Explains Cybersecurity

Security tools abound that promise to protect you from the looming threat of hackers everywhere. Many of them look great, but their value is dubious. They might perform some specific task like packet inspection at the perimeter or bot detection, but aren’t actually doing the complex work required to inspect the millions (and in some […]

Read More…

Containers At-Risk: A Review of 21,000 Cloud Environments

Securing your workloads in public clouds requires a different approach than that used for traditional data centers. The need to operate security at cloud speed, respond to continuous change, adapt at scale, and operate with a new operating model all require a dramatic shift in the type of container security solution required by today’s operation. […]

Read More…

Timing Security Market Transitions

Timing Security Market Transitions

On the heals of the ZScaler IPO, the Phantom Cyber, and Evident.IO acquisitions, and the DUO unicorn round, I thought I would share some of my personal thoughts around market transitions in security. And, in particular how it pertains to cloud. Note: This is not a piece about why security startups fail. And, although missing a […]

Read More…

Refocus on What Matters: Risks vs Threats

After visiting the RSA Conference (yes I walked the infamous show floor) I decided to zoom out on what I saw and think about where we are spending our time, resources, and investments as an industry. The one thing that came to me is that we certainly spend a lot of time talking about threats. […]

Read More…

Containers in the Cloud: From Top Hazards to First-Class Cloud Security Citizen

Originally published in TechSpective on April 24, 2018. Microservices have been touted as a revolutionary way of building applications in the cloud which in turn is fueling the demand for containers. This symbiotic relationship between application portability and containers for delivering a single function makes for an ideal platform. At scale, this distribution of discrete jobs, when […]

Read More…

Avoiding Holes in Your AWS Buckets

Originally published in InfoSec Island on April 12, 2018.  Enterprises are moving to the cloud at a breathtaking pace, and they’re taking valuable data with them. Hackers are right behind them, hot on the trail of as much data as they can steal. The cloud upends traditional notions of networks and hosts, and it topples […]

Read More…

GOING TO RSA? HERE’S YOUR PRE-SHOW CHECKLIST (FOR AWS SECURITY)!

First, develop a clear picture of what you have – and don’t have – for AWS security today. The NIST Cybersecurity Framework is a good way to think this through: Identify: Do you have a clear picture of what your organization has deployed on AWS? Do you know how many AWS Accounts are active at your […]

Read More…

Host-Based IDS

Why Use a Host-Based IDS in AWS  

Does this image look familiar to you?  You’ve probably seen the AWS Shared Security Responsibility model over and over in conferences, tech talks, white papers, and AWS Summits, making it clear that Amazon only protects the infrastructure layer. Your data running in the application layer is your responsibility to secure. This sounds easy to implement […]

Read More…

Driving Towards Least Privilege in AWS: A Baker’s Dozen 

I have learned a lot in the past few years about running and securing public cloud infrastructure and thought I would share some areas that I believe are important. This SlideShare presentation is meant to be a self-read narrative of 13 things to think about AWS security and the move towards least privileged systems. Enjoy, […]

Read More…

Survey Highlights Top Four Trends in Cloud Security Adoption

  Lacework worked with Hurwitz and Associates to survey the market and learn about the current state of cloud security, challenges and learnings from early adopters of the cloud. The results (and Hurwitz’s expert analysis) paint a picture of an industry that’s rapidly moving beyond its initial growing pains – even if there are still […]

Read More…

AWS Misconfiguration

5 Steps to Eliminate AWS Misconfigurations and Open S3 Buckets

I’m an ardent consumer of security news. Sure, it’s part of my job, but reading these stories can still be a real eye-opener. Take, for example, the on-going news about S3 bucket misconfigurations. Cyber criminals have taken notice that buckets configured to allow “All Authorized AWS Users” would, well, allow all authorized AWS users. Not […]

Read More…

Together We Create

Bridging the Gap Between Security and DevOps, Part I

As we head into the New Year I’d like to share some trends I am noticing in the market around securing public clouds and decided to start a four-part series around it. Here in the Bay Area, we have several bridges that connect us. From the more well-known Golden Gate and Bay bridges to the lesser […]

Read More…

The Breach: You Can’t Secure What You Can’t See

As I am sure you have read in the news, an AWS account was allegedly used as a means to access and exfiltrate data. Although I am not sure we will find out the real details, it looks like a relatively straightforward breach. On the surface it appears as though there was no malware installed, […]

Read More…

One employee gets the blame at Equifax. Fair?

In late August, Richard Smith, former CEO of Equifax, gave a speech that included this line: “There’s those companies that have been breached and know it, and there are those companies that have been breached and don’t know it.” (As Fortune notes, at the time of the speech Equifax was breached and they knew it). […]

Read More…

Build the Foundation for Faster cloud compliance with cloud Visibility

2017 has been a tough year for data breaches and privacy violations. Government regulations (HIPAA for healthcare, NERC-CIP for energy, EU GDPR, etc) and industry standards (PCI) have tried to reverse this alarming trend, with more restrictive mandates and financial penalties that can no longer be classified as “the cost of doing business”. […]

Read More…

Another Multi-Billion Dollar Cybersecurity Catastrophe at Equifax

Last week Equifax reported what is possibly the most significant cyber security breach in history – and they are now paying for it. According to MarketWatch, the company’s value plunged more than $3.5B in just 2 trading sessions. Equifax out of pocket costs may exceed $300M. Farhad Manjoo at The New York Times wrote a […]

Read More…

Cloud Workload Security Automate

Forrester’s Insights into Cloud Workload Security: Automate, Automate, Automate

Earlier this week, Forrester released its Vendor Landscape report for cloud workload security solutions (CWS), authored by Andras Cser, Vice President and principal analyst at Forrester. According to the report, 52% of North American infrastructure decision makers believe public cloud implementations are a critical business priority. There’s no question the future belongs to the cloud. […]

Read More…

Machine Learning Models

More Machine Learning Models != Better Results

Earlier this week, Techspective published “Three Critical Machine Learning Questions for Cybersecurity Pros.” That article highlights how ML is changing cybersecurity workflows and it’ll give you some things to consider as you evaluate alternatives. Have a look and let me know what you think! […]

Read More…