Cloud Container Security From Build-Time to Run-Time
Visualize your containerized applications in real-time, for a clear understanding of communications, launches and other cloud runtime behaviors
Better Container Monitoring Means Better Container Security
The truth is scary: any compromise at the host level will compromise all other containers. Containers share the same kernel and execute instructions as the host, which greatly complicates the attack surface for IT security teams.
Lacework delivers native container security support, reducing the attack surface, and detecting threats in a containerized environment. Our cloud container security monitoring platform automatically discovers every container across a user’s environment and clusters them based on different behaviors. We then visualize your containerized applications in real-time, providing a clear understanding of communications, launches and other cloud runtime behaviors.
Containers can be thought of as lightweight virtual machines with much leaner system requirements. Virtualization emulates the guest system, translating every instruction between the guest and host. Containers, on the other hand, share the kernel and execute instructions on the host directly. This implies that the main attack surface is still the host as it is shared across containers and any compromise at the host level can compromise all containers. The other challenge is that not all services are run in the container as there is a long list of OS level and management services which run outside containers and are part of the attack surface.
Cloud Container Security Accomplished
Containers with similar behaviors are placed into a single, logical cluster – called a Polygraph – each with a baseline of expected characteristics and behaviors. The Polygraph is Lacework’s foundation for securing containers, where a deep temporal baseline is built from collecting high fidelity machine, processes, and user interactions over a period of time.
Clustering containers based on behavior dramatically simplifies the visualization of a containerized cloud in a Lacework Polygraph by representing dozens or even hundreds of similar containers as a single item. This means new containers or configuration changes do not generate alerts as long as behaviors stay within the expected baseline.
Lacework’s container security platform creates multiple types of polygraphs based on different behavioral categories. They include:
- The communication polygraph baseline tracks communication patterns between different container clusters;
- The launch polygraph baseline watches the launch characteristics of all clusters;
- The privilege change polygraph baseline contains data about all user privilege changes within the containers;
- The user activity polygraph baselines user behavior over time.
With Polygraph, IT security teams can detect anomalies, generate appropriate alerts, and leverage a tool to investigate and triage issues across AWS, Azure, and GCP platforms.
Visit for the Security, Stay for the Compliance
Unlike most other container security solutions that only identify non-conforming compliance rules, Lacework goes a step further and alerts your team about any behavioral anomalies – even when the associated configurations meet the required standards.
Lacework’s cloud container security monitoring platform brings multi-cloud checks into one dashboard by continuously monitoring configuration changes and API activity for containers across AWS, Azure, and GCP platforms. CIS benchmark scans are performed during container image development and container deployments. Our security platform also includes supplemental checks based on industry best practices and common compliance frameworks like PCI-DSS, SOC 2, HIPAA, NIST, etc.
From automated threat detection to compliance, Lacework’s offers a comprehensive approach to container security that ensures nothing is left unprotected, which point solutions can’t guarantee.
Visualize Your Containers and Workloads with Polygraph
Polygraph, Lacework’s foundation for securing containers, helps customers visualize their cloud, containers, and workloads by organizing activities into behaviors and tracking those behaviors over time. By collecting and correlating high-fidelity machine, process, and user interactions, Polygraph can detect anomalies, generate high-quality alerts, and provide a tool for users to investigate and triage issues across their cloud container environments.
What Our Customers Say
- “[We] got rid of a lot of tools and the need to log into multiple interfaces…forget that mess!!! Hundreds of false positives before are now down to one and two things we need to pay attention to because of Lacework. Tracking down alerts was taking 50 percent of the Engineering / DevOps team’s time to triage and [make] changes. Now they get one to two per day, log on in the morning, check the few alerts and go about their day.”
- “A second set of eyes when it comes to security. With the growth of instances and containers, it is difficult to monitor and review every log or activity. By using Lacework, we’ve been able to use the Lacework AI to net down patterns, violations, and compliance activity all in a single dashboard saving time and resources. More importantly, historical charts and reports are extremely helpful for audits to demonstrate alerting, notification and review.”
- “Lacework Polygraph, within minutes of the attack occurring, was able to detect something that the other ones were not. It outperformed everything we’ve been doing.”
- “I’m extremely happy with Lacework. I sleep better at night knowing we have full visibility into our cloud operations. It was the one tool that checked all my security boxes.”
- “Lacework offers us speed and offers us the ability to focus on what we do in terms of building a great product that’s secure. I would definitely recommend it to other IT professionals or product companies that are building a cloud-based application.”
FAQs About Lacework's Container Security Solutions
Lacework’s container security platform provides visibility into cloud container activity. The Lacework agent deployed within the underlying host or within a container collects all network and process activity throughout the container’s lifecycle, providing visibility and valuable behavioral insights. The Lacework’s container security platform continuously profiles the telemetry to baseline your environment, and identify and alert on any anomalous activity patterns.
The Lacework agent deployed within the underlying host or within a container collects container runtime activity for network, process and system activity throughout the container’s lifecycle. Our cloud container security platform continuously profiles the telemetry to baseline your environment, identify and alert on any anomalous activity patterns, providing visibility and valuable behavioral insights.
Lacework’s cloud container security platform can be configured to continuously scan and monitor multiple container repositories located within V2 compliant registries, such as Docker, GCR or ECR, and identifies all known CVEs in each container image layer, and also identifies which images are currently running in monitored container environments.
You can integrate Lacework Container Vulnerability assessments with external workflows using API, CI/CD Jenkins Plugins, and K8s Admissions controllers for active risk management within your software supply chain and microservice deployments.
The Lacework Cloud Security Platform currently supports container security protection for DockerHub, Google GCR, and Amazon ECR Registries.
Account security solutions for cloud containers & multicloud
environments via a single unified console