Cloud Container Security Solutions

Visualize your containerized applications in real-time, for a clear understanding of communications, launches and other cloud runtime behaviors

iconAvoiding Container Vulnerabilities

iconSecurity Focused Container Orchestration

iconA Security Guide to Container Orchestration

Container Visibility and Visualization of Deployed Containers


Lacework delivers native container security support, reduces the attack surfaces and effectively detects threats in a containerized environment. It automatically discovers every container across a user’s environment and clusters them based on different behaviors. Lacework visualizes your containerized applications in real-time, providing a clear understanding of communications, launches and other cloud runtime behaviors. 

Host Security
Containers can be thought of as lightweight virtual machines with much leaner system requirements. Virtualization emulates the guest system, translating every instruction between the guest and host. Containers, on the other hand, share the kernel and execute instructions on the host directly. This implies that the main attack surface is still the host as it is shared across containers and any compromise at the host level can compromise all containers. The other challenge is that not all services are run in the container as there is a long list of OS level and management services which run outside containers and are part of the attack surface.

Cloud Container Security Using Behavioral Patterns
Lacework discovers every container and uses machine learning to establish each container’s normal behavioral patterns. We then place containers with similar behaviors into a single, logical cluster – called a “Polygraph” – each with a baseline of expected characteristics and behaviors.

Clustering containers based on behavior dramatically simplifies the visualization of a containerized cloud in a Lacework Polygraph® by representing dozens or even hundreds of similar containers as a single item. This means new containers or configuration changes do not generate alerts as long as behaviors stay within the expected baseline.

This also reduces notification clutter by delivering high-precision alerts only once per container cluster. Lacework creates multiple types of polygraphs based on different behavioral categories:

  • The communication polygraph baselines the communication pattern between different container clusters;
  • The launch polygraph baselines the launch behavior of the container clusters;
  • The privilege change polygraph baselines the user privilege changes within the containers;
  • The user activity polygraph baselines user behavior.

Lacework's Cloud Workload and Container Security Solutions

Are Trusted by These Amazing Companies

Customer Reviews

  • “As a Lacework customer we are excited to see their continued innovation in the area of multi-cloud support and, in particular, deep integration with Kubernetes and GKE.”
    Will Gregorian | Iterable
  • “Lacework Polygraph, within minutes of the attack occurring, was able to detect something that the other ones were not. It outperformed everything we’ve been doing.”
    Mario Duarte | Snowflake Computing
  • “I’m extremely happy with Lacework. I sleep better at night knowing we have full visibility into our cloud operations. It was the one tool that checked all my security boxes.”
    Devin Ertel | Guidebook
  • “Lacework offers us speed and offers us the ability to focus on what we do in terms of building a great product that’s secure. I would definitely recommend it to other IT professionals or product companies that are building a cloud-based application.”
    Ian O’Brien | Arista Networks

Supported Platforms

FAQs About Lacework's Container Security Solutions

Lacework’s security platform provides visibility into container activity. The Lacework agent deployed within the underlying host or within a container collects all network and process activity throughout the container’s lifecycle, providing visibility and valuable behavioral insights. The Lacework platform continuously profiles the telemetry to baseline your environment, and identify and alert on any anomalous activity patterns.

The Lacework agent deployed within the underlying host or within a container collects container runtime activity for network, process and system activity throughout the container’s lifecycle. The Lacework platform continuously profiles the telemetry to baseline your environment, identify and alert on any anomalous activity patterns, providing visibility and valuable behavioral insights.

The Lacework Platform can be configured to continuously scan and monitor multiple container repositories located within V2 compliant registries, such as Docker, GCR or ECR, and identifies all known CVEs in each container image layer, and also identifies which images are currently running in monitored environments.

You can integrate Lacework Container Vulnerability assessments with external workflows using API, CI/CD Jenkins Plugins, and K8 Admissions controllers for active risk management within your software supply chain and microservice deployments.

The Lacework Cloud Security Platform currently supports DockerHub, Google GCR, and Amazon ECR Registries.

The Lacework Workload Security Monitor can be deployed as a privileged container, side-car container or as a daemon-set, and supports Kubernetes (K8s) and managed container services such as AWS ECS and Fargate.

Share this with your network
Twitter Twitter Twitter Share