Blog

Container Orchestration Demands the Right Security Approach

Advances in container orchestration, service meshing, and microservices have improved the lives of developers who are increasingly evaluated on their ability to deliver rapidly and continuously. With the support of containers, applications are more portable and can be deployed and scaled more quickly and reliably than in traditional deployment models. Automated continuous integration and delivery […]

Read More…

Cloud Controls to Major Tom: A Quick Guide to Configuration as a Security Measure

Regardless of the type of cloud service offering you choose, IaaS, PaaS, or SaaS, there remain universal security risks that you must always manage, including risks of over privileged access, a broad surface area, vulnerable code, or the improper use and storage of secrets. For each of these risks there will be controls that you […]

Read More…

Lacework: Leading the Way From Product to Platforms

This has been a busy, and quite humbling week for me as I have accepted the position as CEO of Lacework. I already feel fortunate to work with this extraordinarily talented and energetic team, but now I’ll have the opportunity to help them execute a strategy to establish Lacework as the most innovative, customer-focused security […]

Read More…

Without Security Visibility and Analysis, BlueKeep Keeps on Keeping On

BlueKeep, a severe security vulnerability (CVE-2019-0708) that affects the Remote Desktop Protocol (RDP) service in Windows XP, Windows Vista, and other older Windows OS versions, is spreading rapidly, due in part to its ability to be remotely exploitable. While this has the structure of a classic attack, it’s also unique because its wicked efficiency essentially […]

Read More…

Host Intrusion Detection for Compliance in AWS and Multicloud Environments

To be compliant, an organization must ensure continuous awareness of every action that might affect configurations. These are not a one-size-fits-all type of occurrence, either; they happen at the application, ID, workload, and host layers of the cloud. This is where organizational and user data is being transacted, and because of the AWS Shared Responsibility […]

Read More…

Misconfigured Servers Leave 2.3 Billion Private Files Exposed

OVERVIEW A report filed over the weekend detailed research that discovered more than 2 billion files exposed online from a variety of sources, including cloud servers, network-based storage, and company-owned date repositories. The discovery includes a massive trove of credit card information, medical records, private photographs, and details of intellectual property patents. While not all […]

Read More…

Automation Enables Security for DevOps and Run-Time

DevOps teams are driven by a constant need to develop, integrate, push, and innovate. IT consumerization is now essential for organizations who want to respond quickly to market demands, and it’s increasingly a critical element of competitive differentiation and market viability. It’s because of this that DevOps teams are adopting modern aspects of development, including […]

Read More…

4 Ways Lacework Detects Confluence Attacks

Last week we blogged about attacks exploiting a Confluence vulnerability (CVE-2019-3396). You may be wondering how Lacework detects these attacks? In this blog, we answer that question! If you recall, CVE-2019-3396 is an unauthenticated remote code execution (RCE) vulnerability. It’s exploited with a specially crafted HTTP POST request to a vulnerable Confluence Server. In the […]

Read More…

The Benefits of a Host-Based IDS for Cloud Environments

There are significant benefits to using a Host-Based Intrusion Detection System (HIDS) to monitor system activities in cloud environments. Traditionally, most organizations struggled to choose between deploying a Host Based Intrusion Detection System (HIDS) and a Network Based Intrusion Detection System (NIDS). Each of these intrusion detection systems provided strengths and weaknesses. However, today’s cloud-based […]

Read More…

If You Can See It, You Can Secure It: Anomaly Detection in the Cloud

No matter what you sell to customers, you are in the data business. Data is used to help your people make better decisions, deliver better products and services, and maintain competitive advantages. The trove of data you’re sitting on includes all kinds of private information, including payment card details, employee records, health data, and various […]

Read More…

An Unauthenticated RCE Gold Rush: A Look at Attacks Exploiting Confluence CVE-2019-3396

The recent Confluence vulnerability (CVE-2019-3396) created a gold rush for threat actors. Attackers are exploiting it for cryptojacking, DDoS attacks, and ransomware. We observed some of these attacks in the wild and via our honeypots. In this blog we will share interesting details from the attacks. CVE-2019-3396 On March 20th, 2019 the vulnerability was announced […]

Read More…

Effective Compliance Requires a Security-First Approach

In the cloud, compliance and security are highly reliant upon one another, and they share a common goal: responsibility for keeping an organization’s data, users, resources, and intellectual property safe and usable. While some organizations see these two as separate activities, smart enterprises recognize how effective compliance and security are tightly connected. The key, however, […]

Read More…

Visibility is Critical for Workload Threat Defense

The dynamic nature of public cloud and hybrid environments expose applications to new forms of threats and cyber-attacks. Unfortunately, legacy security solutions are unequipped to handle these new threat vectors. Often, threats evade detection for extended periods of time. Longer threat detection cycles not only raises the organization’s risk profile, but it also impacts the bottom-line. […]

Read More…

Why Container Security Isn’t Enough

How is it cloud container security is not ensuring data integrity or preventing data compromise?  What is Container Security? Container security has familiar controls such as: Access to build/update container software, code, deployment. Operating system security including patches and operating systems. Container labels (see table below for container definitions) which ensure services and replication across […]

Read More…

Citrix’ Undetected Hackers Are Why You Need Anomaly Detection

It’s been reported that Citrix’ internal networks were attacked for six months before the breach was discovered. Citrix officials stated that the hackers “removed files from our systems, which may have included files containing information about our current and former employees and, in limited cases, information about beneficiaries and/or dependents.” Apparently, that information may have […]

Read More…

80 Million Personal Records Discovered on Open Microsoft Database

An open database with private information on 80 million American families was discovered on a Microsoft cloud server. It is not known what company owned the 24GB worth of data that was exposed, but researchers are tracking down that information. The magnitude of the breach is huge, representing more than half the total number of […]

Read More…

Rules and Best Practices Still Couldn’t Prevent the Docker Hub Breach

The recent Docker Hub breach hits home with anyone who develops and hosts code on Docker Hub, GitHub, or any other cloud-based repository. But while the magnitude of the damage was significant, it’s still remarkable that these kinds of breaches continue to happen. As of now, we know the Hub was not only exposed, but […]

Read More…

Do Data Leaks Have to Be So Common?

Just as you would protect your physical assets by locking the doors to your shop, the data that is stored and transacted in your cloud must also be secured like valuable assets. The problem, however, is that data changes, assets are spun up on the fly, and change is continuous. Data is used with such […]

Read More…

Silent But Deadly: Cloud Security and Cryptomining

The crypto currency frenzy at the end of 2017 is well behind us, and the bubble has burst, but that doesn’t mean that you shouldn’t be paying attention to this anymore. Especially if you run any of your compute infrastructure in a public cloud provider, especially using Amazon’s AWS, there are potential risks that require […]

Read More…

Be Quick But Don’t Hurry: Container Security in Cloud Environments

It’s hard to argue against the benefits of containers and containerized applications running on cloud resources. Containers enable agile deployment capabilities, so require less coordination and oversight than on-premises or virtualization infrastructure and, in many cases, offer more flexibility. Advances in container orchestration, service meshing, and microservices mean applications are more portable and can be […]

Read More…

Latest Hacks: Legal Docs Exposed Through Unprotected Elasticsearch Server

Evisort, a legal document and contracts management service, exposed highly sensitive data through an unprotected Elasticsearch server. This kind of thing is happening with greater frequency as environments become numerous and complex and are coupled with powerful, easy to use software. In our latest Hack Report, learn how to implement access controls, proper authentication, user, […]

Read More…

Top Threats to Cloud Security

Top 10 Threats to Cloud Security: AWS Security Week New York

Last week I had the pleasure of attending my first AWS Security Week. This was held at the AWS New York City loft from April 15th – April 18th. The AWS Lofts are a cool place for people to come in hangout, meet, code, etc all free of charge. AWS frequently hosts weeks of learning […]

Read More…

The Basics of Configuration Compliance

The public cloud has enabled customers to move fast and adapt to changing needs by allowing them to quickly spin up infrastructure programmatically or with just a few clicks. This has allowed companies to grow quickly, and for technological advancements to be implemented rapidly. However, as simple as it is to stand up infrastructure it’s […]

Read More…

Latest Hacks: Microsoft’s Hotmail, MSN Compromised With User Credentials

Microsoft has admitted that email accounts for MSN.com and Hotmail, both services owned and managed by Microsoft, have had their accounts compromised sometime between January 1 and March 28, 2019. It appears that attackers were able to identify user’s email addresses, email folder names, email subject lines, and the email addresses of those with whom […]

Read More…

Cryptojacking Campaign Targets Exposed Kubernetes Clusters

Reports on in-the-wild attacks on Kubernetes clusters are somewhat sparse. This coupled with multiple attack vectors prompted us to deploy Kubernetes honeypots with very loose security controls to catch real-world attacks. Our hypothesis was that an attack would happen quickly through the insecure API and that the attacker would abuse the cluster to deploy coinminers. […]

Read More…

Why Process-to-Process Visibility Is So Important

One of the challenges in securing processes operating in cloud environments is the visibility limitations imposed either by the cloud service provider or the customer’s solution architecture. In the case of the cloud service provider, because the environment is shared by everyone who has access to that cloud service, including many thousands of their customers […]

Read More…

Stratics Networks Robocaller Database Exposed on AWS

If robocalls raise your blood pressure and cause you to scream things your mother would not be proud of, you may want to avoid breakable items because now there is even MORE of a reason to be angry. Toronto-based Stratics Networks invented “ringless voicemails” which are used by telemarketers to autodial massive lists of numbers […]

Read More…

The New School of Security: Using the Cloud to Secure the Cloud

Legacy security was built on the premise of a moat; keep people and data away from the infrastructure, and they can’t attack it. Firewalls, intrusion detection systems, or intrusion prevention systems –  these tools delivered “network-centric” solutions and aimed to keep access at a safe distance. Originally, firewalls performed the task of preventing unwanted, and […]

Read More…

Facebook Exposes User Data Through Unprotected AWS S3 Buckets

Two repositories of unprotected Facebook user data sitting in Amazon S3 buckets have been discovered. More than 540 million files with personal data were exposed, potentially leaking hundreds of millions of records about users, including their names, passwords, comments, interests, and likes. The data sets had been uploaded to Amazon’s cloud system by two different […]

Read More…

File integrity monitoring Lacework

File Integrity Monitoring: Using Lacework’s SaaS Solution for SaaS Environments

One of the critical distinctions about Lacework is in our approach. While all security vendors talk about things like security posture and identification of threats, we have actually constructed a methodology that is tactically applied to finding issues, alerting on them, and preventing issues. We also realize that the best way to deliver security is […]

Read More…

Cloud Security This Week – March 29, 2019

New From Lacework Security Relevance Can’t Be Bought Surprisingly, some security vendors see the confusion in the problem and apply confusion to the solution. Palo Alto Networks has taken the approach that variety and inconsistency make for a compelling security story.  Avoiding Limitations of Traditional Approaches to Security To get a better understanding of the […]

Read More…

Ways to get cloud security wrong blog

There Are a Lot of Ways to Get Cloud Security Wrong

In a previous blog on new approaches to security, we looked at how traditional data center defenses were designed to protect a defined perimeter by monitoring and controlling data that moves in and out of the network environment. Defending the perimeter requires a layered defense strategy that typically includes routers, firewalls, antivirus protection, and access/ID […]

Read More…

Lacework is purpose-built for cloud and container security; Palo Alto Networks is employing a duct tape strategy.

Security Relevance Can’t Be Bought

Lacework is purpose-built for cloud and container security; Palo Alto Networks is employing a duct tape strategy.   Those of us who sweat the details of things like configurations and file integrity monitoring know that complexity and imprecision are our constant enemies. Enterprise data lives and functions in a massively complex, continuously changing state that […]

Read More…

Cloud Security This Week – March 22, 2019

New from Lacework Integrating DevOps and Security While DevOps emphasizes speed, it has not always necessarily focused as much on security. Learn the three key practices that are critical to integrating the processes and mindsets of DevOps and SecOps. Triaging a CryptoSink Infection in 5 Minutes with Lacework When triaging an alert, a security analyst […]

Read More…

Integrating DevOps and Security

With the cloud, enterprises gain operational and management advantages of agility, scalability, and ease of use. The cloud also enables IT teams to apply continuous integration/continuous deployment (CI/CD) methods to deliver applications and functionality rapidly. To capitalize on the capabilities of the cloud, many organizations are turning to a development and delivery methodology known as […]

Read More…

Triaging a CryptoSink Infection in 5 Minutes with Lacework

Triaging a CryptoSink Infection in 5 Minutes with Lacework

In medical terms, triage is the assignment of degrees of urgency to wounds or illnesses to decide the order of treatment of a large number of patients or casualties. For security practitioners, triage is assigning priorities and order to security events. When triaging an alert, a security analyst needs to quickly and accurately determine if […]

Read More…

The Cloud’s Unique Security Challenges

The Cloud’s Unique Security Challenges

One of the greatest cloud security challenges comes from the fact that the cloud delivers its infrastructure components, things like gateways, servers, storage, compute, and all the resources and assets that make up the cloud platform environment, as virtual services. There is no traditional network or infrastructure architecture in the cloud. Deploying workloads into the […]

Read More…

Anomaly Detection vs. Rules: Better Security Insights, Designed for the Modern Enterprise

Traditionally with monitoring tools – whether security, application, or infrastructure – it’s necessary to invest considerable time configuring the product and writing rules that are specific to your environment. This is done so your team gets the right alerts on issues that run counter to your requirements and environmental set up. With innovations in machine […]

Read More…

Container Security: A Popular Topic at BSidesSF ‘19

Before the masses assembled for RSAC, BSidesSF 2019 took place at the Metreon AMC 16 in San Francisco, CA. As it turns out, a movie theater is an amazing venue for a conference like BSides. Talks were held in the City View movie theaters and even the IMAX theater, which happens to be the 3rd […]

Read More…

Cloud Security This Week – March 1, 2019

New from Lacework Lacework at RSA Lacework is going to rock RSA, and we want you to join us! Here’s a guide to all the Lacework parties, sessions, panels, and secrets to getting our sweet swag. Booth #4603 – we’ll be there with the volume cranked up to 11! Avoiding Container Vulnerabilities To get a […]

Read More…

Talking Kubernetes at Denver ISSA

Last month we had the pleasure of speaking about securing Kubernetes at ACoD 2019. This month I had the opportunity to speak on the same topic at the Denver Information Systems Security Association (ISSA) chapter meetings. Denver ISSA is a not-for-profit organization with a mission of “Developing and Connecting Denver’s Cybersecurity Leaders.” They hold chapter meetings […]

Read More…

For Those About To Rock RSA, Lacework Salutes You!

The city by the bay is the birthplace of the Grateful Dead, Journey, Sly & the Family Stone and a pantheon of great rockers. The Sex Pistols famously went out in a blaze of glory at the Mabuhay Gardens on Broadway, and Metallica still comes home regularly to rock the bay. The history of rock […]

Read More…

PCI Compliance in the Public Cloud

Compliance frameworks provide a structure for how enterprises organize and secure their content and resources. Because they are created and governed for the purposes of protection and interoperability, they provide necessary safeguards that help organizations structure their security posture. They can also be onerous and burdensome which can lead to security and compliance teams falling […]

Read More…

Cloud Security This Week – February 22, 2019

New from Lacework Lacework Extends Multicloud Support With Workload And Account Security For Google Cloud Platform Lacework has released a new version that provides support for Google Cloud Platform (GCP) and Google Kubernetes Engine (GKE). This latest version allows customers to apply threat detection and deep visibility into cloud events for workloads and accounts across multiple […]

Read More…

Lacework for GCP: Security for Orchestration, Multicloud, and Kubernetes

This week, Lacework announced support for Google Cloud Platform (GCP), which further establishes our commitment to customers running workloads in multicloud environments. It comes on the heels of our recent support for Azure, and before that, support for Kubernetes. The net of all of this is that as organizations increase the reach of their data, […]

Read More…

Lacework for Azure and Multicloud Environments: One Solution for the Problem of Cloud Security

Lacework for Azure and Multicloud Environments: One Solution for the Problem of Cloud Security

Lacework today announced support for Microsoft Azure, which means two things: Our customers get threat detection of behavioral anomalies for cloud and container environments as a single pane of glass over both AWS and Azure. With so many of our customers opting to distribute workloads into different environments, this now gives them security coverage over […]

Read More…

Art Into Science: Conference Overview & Securing K8s

Photo via Art into Science 2019 Last week we had the pleasure of attending and presenting at Art into Science: A Conference for Defense (ACoD) 2019. It was a blast listening to a variety of amazing talks, and speaking on Kubernetes security. In this post, we share background on the conference, discuss some of our […]

Read More…

Your etcd is Showing: Thousands of Clusters Open to the Internet

Photo by Matt Artz on Unsplash Usage of the distributed key-value store etcd is at an all time high. The fastest growing open source project Kubernetes uses etcd to store data critical to the operation of its clusters. Like many open source, easy to use data stores, the simplicity of setup is a double edged sword. […]

Read More…