Latest on critical Apache Log4j vulnerability   Read More >

Lacework Cloud Care

Whether you’re a Lacework customer or not, we’re here to help with our free Cloud Care, a Log4j rescue program. Get access to:

Level up your cloud security for all gaming environments

Cloud Security and Compliance for the Gaming Industry

Lacework protects Cloud Gaming Infrastructure

Like a warrior on a quest to max out their EXP, cybercriminals are relentless in attacking all aspects of the gaming industry. As a result, disruptions from cyber attacks can delay game development and distribution and result in a poor experience for players encountering account takeovers, and denial of service.

Gaming Industry Challenges

The gaming industry is a favorite target of cyber attackers, and motivation for attacks ranges from illegally manipulating in-game currency to the simple notoriety of successfully hacking their favorite title. Gaming security faces some unique challenges, given the nature of the industry:

  • Complexity: In some respects, the gaming industry is an easy target. An unnoticed vulnerability in the latest update could leave the castle gates wide open. Companies often use a central platform for all their games, creating an attractive target that can wreak havoc across many franchises with a single successful exploit. Games may have custom protocols that aren’t built to distinguish legitimate traffic from an attack.
  • Always-On: Gamers are online literally 24×7, leaving little to no downtime for patches or cold fixes that could strengthen defenses. Attackers are always on as well, using server farms and hijacking users’ machines to flood data against overwhelmed infrastructure.
  • Valuable: Gaming is a multibillion-dollar industry and growing, surpassing many other forms of traditional media and entertainment. Given the potential for profit, even small successes can embolden attackers to go after bigger targets. Many large companies have been targeted for ransom demands; gaming faces the same potential vulnerability, leading to large payouts.

Compliance Made Easy

While gaming may not have the same regulatory compliance requirements as some industries, managing the logistical and physical security of the IT infrastructure is critical. Like all businesses that accept payment information, gaming companies are responsible for safeguarding customers’ personally identifiable information (PII), including payment details. There may also be national regulations regarding data security where compliance must be demonstrated.

Hosting and scaling dedicated game servers for online, multiplayer games require IT security protocols that contain effective cloud security solutions. Lacework streamlines compliance by continuously tracking configuration changes and providing daily audits to maintain compliance and protection.

Lacework monitors user accounts for abnormal activity, even when that activity is technically authorized. We empower IT security and compliance teams with customizable alerts when items change from compliant to non-compliant.

  • Lacework checks across the industry-accepted CIS Benchmark for secure configurations of cloud accounts and workloads.
  • Lacework includes supplemental checks for common compliance frameworks like PCI DSS and SOC 2.
  • Lacework empowers compliance and security teams with continuous analysis and historical reporting to demonstrate what is being checked, where problems exist, an analysis of each problem encountered, and the steps needed to remediate misconfigurations.
  • Lacework’s configuration compliance solution detects behavioral anomalies, so even if configurations meet required standards, unauthorized use or abnormal activity is detected and alerted on. This ensures that organizations are aware of issues that might go undetected by solutions that rely on manually written compliance rules. Lacework delivers native container and Kubernetes security support, reducing the attack surface and detecting threats in containerized environments.
  • Lacework integrates multi-cloud checks into a single dashboard by continuously monitoring configuration changes and API activity for containers across common platforms.

Innovation at the Speed of DevOps

Leading companies innovate, go to market, and scale quickly with limited resources. These companies ship products at light speed with security at every touchpoint. At Lacework, we empower customers to do this with our cloud security platform. Lacework enables customers with visibility to secure data, networks, and DevOps teams that involve the entire organization and communicates vulnerabilities as soon as they are detected.

Lacework Polygraph® exceeds security and compliance requirements by empowering IT security teams with security content that drives visibility into host workload, container, and Kubernetes platforms as well.

Lacework was built from the ground up for detecting and observing security threats in the cloud, including serverless, containers, and Kubernetes workloads, and streamlines security tasks for software teams building on Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP). 

Always-On Cloud IT Security

Cloud gen security monitoringOne of the most important gaps within gaming systems is robust and real-time monitoring of all activity. Lacework not only constantly monitors networks for anomalies, but our foundation, Polygraph, delivers a deep temporal baseline built from collecting high-fidelity machine/process/users interactions over a period of time.

The Polygraph is used to detect anomalies, generate appropriate alerts, and provide a tool for users to investigate and triage issues including:

  • Activity on all cloud platform resources, such as new activity in a region, activation of new services, or changes to access control lists.
  • Changes to users, roles, or access policies.
  • Tampering to access or customer master keys.

By understanding the natural hierarchies of processes, containers, pods, and machines, Polygraph is able to dynamically develop a behavioral and communication model of your services and infrastructure that aggregates all data points to develop behavioral models.

Learn More

When it comes to development and security, you’re not playing games. Neither is Lacework. We automate and continuously monitor your compliance and security, from build to runtime. Consolidate tools, optimize your SIEM, secure your containers. Run faster, jump further, and expand your empire.

Watch Demo

 

FAQs About Lacework's Configuration Compliance Solution

Lacework uses best practice checks including CIS benchmarks to evaluate security relevant configurations in Amazon AWS, Google GCP, and Microsoft Azure.

Lacework has mappings to PCI, HIPAA, SOC 2, and NIST 800-53 Rev 4.

Lacework supports continuous monitoring of your configurations in your cloud accounts. As configurations drift from best practices, they are detected and an alert is generated. These alerts can be configured to be sent to many of the common alert tools such as Slack, Splunk, Pagerduty, etc.

Lacework has checks for AWS, Azure, and GCP. Lacework provides a single platform that can can support compliance efforts without the need for deploying multiple tools for each cloud provider.

Lacework performs configuration checks based on industry accepted best practices such as CIS. Lacework will then supply reports listing all resources that are in violation, which support remediation efforts. These reports can then be provided to auditors to act as evidence of meeting compliance requirements.