Blog

Security Can’t Start Until Multi-Factor Authentication is Turned On

Passwords have long been a target for cybercriminals since they became necessary for switching between users on computers, validating a simple but important security layer. Passwords are typically weak enough to be susceptible to brute force attacks, or too complex to easily remember. Even password generators and password management tools like LastPass have not been […]

Read More…

How Ronaldo’s Hair Explains Cybersecurity

Security tools abound that promise to protect you from the looming threat of hackers everywhere. Many of them look great, but their value is dubious. They might perform some specific task like packet inspection at the perimeter or bot detection, but aren’t actually doing the complex work required to inspect the millions (and in some […]

Read More…

Containers At-Risk: A Review of 21,000 Cloud Environments

Securing your workloads in public clouds requires a different approach than that used for traditional data centers. The need to operate security at cloud speed, respond to continuous change, adapt at scale, and operate with a new operating model all require a dramatic shift in the type of container security solution required by today’s operation. […]

Read More…

Timing Security Market Transitions

Timing Security Market Transitions

On the heals of the ZScaler IPO, the Phantom Cyber, and Evident.IO acquisitions, and the DUO unicorn round, I thought I would share some of my personal thoughts around market transitions in security. And, in particular how it pertains to cloud. Note: This is not a piece about why security startups fail. And, although missing a […]

Read More…

Refocus on What Matters: Risks vs Threats

After visiting the RSA Conference (yes I walked the infamous show floor) I decided to zoom out on what I saw and think about where we are spending our time, resources, and investments as an industry. The one thing that came to me is that we certainly spend a lot of time talking about threats. […]

Read More…

Containers in the Cloud: From Top Hazards to First-Class Cloud Security Citizen

Originally published in TechSpective on April 24, 2018. Microservices have been touted as a revolutionary way of building applications in the cloud which in turn is fueling the demand for containers. This symbiotic relationship between application portability and containers for delivering a single function makes for an ideal platform. At scale, this distribution of discrete jobs, when […]

Read More…

AVOIDING HOLES IN YOUR AWS BUCKETS

Originally published in InfoSec Island on April 12, 2018.  Enterprises are moving to the cloud at a breathtaking pace, and they’re taking valuable data with them. Hackers are right behind them, hot on the trail of as much data as they can steal. The cloud upends traditional notions of networks and hosts, and it topples […]

Read More…

GOING TO RSA? HERE’S YOUR PRE-SHOW CHECKLIST (FOR AWS SECURITY)!

First, develop a clear picture of what you have – and don’t have – for AWS security today. The NIST Cybersecurity Framework is a good way to think this through: Identify: Do you have a clear picture of what your organization has deployed on AWS? Do you know how many AWS Accounts are active at your […]

Read More…

Host-Based IDS

Why Use a Host-Based IDS in AWS  

Does this image look familiar to you?  You’ve probably seen the AWS Shared Security Responsibility model over and over in conferences, tech talks, white papers, and AWS Summits, making it clear that Amazon only protects the infrastructure layer. Your data running in the application layer is your responsibility to secure. This sounds easy to implement […]

Read More…

Driving Towards Least Privilege in AWS: A Baker’s Dozen 

I have learned a lot in the past few years about running and securing public cloud infrastructure and thought I would share some areas that I believe are important. This SlideShare presentation is meant to be a self-read narrative of 13 things to think about AWS security and the move towards least privileged systems. Enjoy, […]

Read More…

Survey Highlights Top Four Trends in Cloud Security Adoption

  Lacework worked with Hurwitz and Associates to survey the market and learn about the current state of cloud security, challenges and learnings from early adopters of the cloud. The results (and Hurwitz’s expert analysis) paint a picture of an industry that’s rapidly moving beyond its initial growing pains – even if there are still […]

Read More…

AWS Misconfiguration

5 Steps to Eliminate AWS Misconfigurations and Open S3 Buckets

I’m an ardent consumer of security news. Sure, it’s part of my job, but reading these stories can still be a real eye-opener. Take, for example, the on-going news about S3 bucket misconfigurations. Cyber criminals have taken notice that buckets configured to allow “All Authorized AWS Users” would, well, allow all authorized AWS users. Not […]

Read More…

Together We Create

Bridging the Gap Between Security and DevOps, Part I

As we head into the New Year I’d like to share some trends I am noticing in the market around securing public clouds and decided to start a four-part series around it. Here in the Bay Area, we have several bridges that connect us. From the more well-known Golden Gate and Bay bridges to the lesser […]

Read More…

The Breach: You Can’t Secure What You Can’t See

As I am sure you have read in the news, an AWS account was allegedly used as a means to access and exfiltrate data. Although I am not sure we will find out the real details, it looks like a relatively straightforward breach. On the surface it appears as though there was no malware installed, […]

Read More…

One employee gets the blame at Equifax. Fair?

In late August, Richard Smith, former CEO of Equifax, gave a speech that included this line: “There’s those companies that have been breached and know it, and there are those companies that have been breached and don’t know it.” (As Fortune notes, at the time of the speech Equifax was breached and they knew it). […]

Read More…

Build the Foundation for Faster cloud compliance with cloud Visibility

2017 has been a tough year for data breaches and privacy violations. Government regulations (HIPAA for healthcare, NERC-CIP for energy, EU GDPR, etc) and industry standards (PCI) have tried to reverse this alarming trend, with more restrictive mandates and financial penalties that can no longer be classified as “the cost of doing business”. […]

Read More…

Another Multi-Billion Dollar Cybersecurity Catastrophe at Equifax

Last week Equifax reported what is possibly the most significant cyber security breach in history – and they are now paying for it. According to MarketWatch, the company’s value plunged more than $3.5B in just 2 trading sessions. Equifax out of pocket costs may exceed $300M. Farhad Manjoo at The New York Times wrote a […]

Read More…

Cloud Workload Security Automate

Forrester’s Insights into Cloud Workload Security: Automate, Automate, Automate

Earlier this week, Forrester released its Vendor Landscape report for cloud workload security solutions (CWS), authored by Andras Cser, Vice President and principal analyst at Forrester. According to the report, 52% of North American infrastructure decision makers believe public cloud implementations are a critical business priority. There’s no question the future belongs to the cloud. […]

Read More…

Machine Learning Models

More Machine Learning Models != Better Results

Earlier this week, Techspective published “Three Critical Machine Learning Questions for Cybersecurity Pros.” That article highlights how ML is changing cybersecurity workflows and it’ll give you some things to consider as you evaluate alternatives. Have a look and let me know what you think! […]

Read More…

Real-World AWS Account Compromises and How Lacework Stops Them

I’m excited and proud to announce that Lacework’s Polygraph technology is now available to protect your AWS account. If you’re an AWS customer, you already know you’re on the hook to secure your own data. Under Amazon’s shared security model, you’re also responsible for the security of your AWS account. Think of it this way: […]

Read More…

Polygraphs: behavior baselining to reveal the elephant

You are probably familiar with the parable of the blind men describing an elephant. Because they experience only what they can touch, each of them has a very different concept of what the animal is. One touches the trunk and concludes it’s a snake. Another explores a leg and concludes it’s a tree. They are, […]

Read More…

Introduction to Polygraphs

In my last blog, I talked about how we developed requirements for a Cloud Workload Protection Platform (CWPP) for modern data centers. In this blog, I’m going to dive into the heart of the matter: how Lacework builds the baseline we use for everything from breach detection to incident investigations. But first, let me recap […]

Read More…

Smitten with containers? What about security?

Developers are smitten with containers. It’s no mystery why — they’re perfect partners for agile development and fast-paced DevOps environments. Containers start up in seconds and use a fraction of the resources of traditional VMs, making them ideal for microservices architectures and scalable apps. Convenience is a big part of the allure too: third party images make […]

Read More…

Whack-a-Mole – Wanna Cry!!

WannaCry was bad news. It crippled hundreds of thousands of hosts. Patients and hospitals couldn’t retrieve records. Automobile manufacturers stopped production. Even now, the criminals continue to collect cash via Bitcoin accounts. WannaCry just might be the wake up call the industry needs. But will it really change anything? Or are we just playing Whack-a-Mole […]

Read More…

Lacework Coming Out Of Stealth!

An incredible milestone in a journey that started two years ago with a simple question: Why does it take enterprises 6+ months to find intruders in their data centers? […]

Read More…

Security Challenges: Just a Handful

A CIO I met recently, capture the current security scenario quite aptly. He said, “ I will not be promoted for doing security right and spending money on it, but I can be fired if things go wrong. The other challenge with security is that the stack has become very complex and I do not […]

Read More…

No Policies. No Rules. No Logs.

 It’s the brass ring of security professionals everywhere: spot every breach in less than one day. Can it be done? On average, how many days does it take to detect a security breach in a modern hybrid cloud environment? 205 days? 146 days? 99 days? The truth is, it doesn’t matter. Any security breach that’s not […]

Read More…