Cloud Container Security Solutions

Container Monitoring, Visibility, and Visualization of Deployed Containers

Lacework delivers native container security support, reduces the attack surfaces and effectively detects threats in a containerized environment. Our cloud container security monitoring platform automatically discovers every container across a user’s environment and clusters them based on different behaviors. Lacework visualizes your containerized applications in real-time, providing a clear understanding of communications, launches and other cloud runtime behaviors. 

Host Security

Containers can be thought of as lightweight virtual machines with much leaner system requirements. Virtualization emulates the guest system, translating every instruction between the guest and host. Containers, on the other hand, share the kernel and execute instructions on the host directly. This implies that the main attack surface is still the host as it is shared across containers and any compromise at the host level can compromise all containers. The other challenge is that not all services are run in the container as there is a long list of OS level and management services which run outside containers and are part of the attack surface.

Cloud Container Security Using Behavioral Patterns

Lacework’s container security platform discovers every container and uses machine learning to establish each container’s normal behavioral patterns. We then place containers with similar behaviors into a single, logical cluster – called a “Polygraph” – each with a baseline of expected characteristics and behaviors.

Clustering containers based on behavior dramatically simplifies the visualization of a containerized cloud in a Lacework Polygraph^® by representing dozens or even hundreds of similar containers as a single item. This means new containers or configuration changes do not generate alerts as long as behaviors stay within the expected baseline.

This also reduces notification clutter by delivering high-precision alerts only once per container cluster. Lacework’s container security platform creates multiple types of polygraphs based on different behavioral categories:

• The communication polygraph baselines the communication pattern between different container clusters;
• The launch polygraph baselines the launch behavior of the container clusters;
• The privilege change polygraph baselines the user privilege changes within the containers;
• The user activity polygraph baselines user behavior.

Continuous Container Security Monitoring for Compliance

Lacework’s cloud container security monitoring platform brings multicloud checks into one dashboard by continuously monitoring configuration changes and API activity for containers across AWS, Azure, and GCP platforms. CIS benchmark scans are performed during container image development and container deployments. Our security platform also includes supplemental checks based on industry best practices and common compliance frameworks like PCI-DSS, SOC 2, HIPAA, NIST, etc.

Unlike most other container security solutions that only identify non-conforming compliance rules, Lacework goes a step further and alerts your team about any behavioral anomalies – even when the associated configurations meet the required standards.

From automated threat detection to compliance, Lacework’s offers a comprehensive approach to container security that ensures nothing is left unprotected, which point solutions can’t guarantee.

The Power of the Polygraph

Lacework’s foundation for securing containers is Polygraph, where a deep temporal baseline is built from collecting high fidelity machine, processes, and user interactions over a period of time. The Polygraph is used to detect anomalies, generate appropriate alerts, and provide a tool for users to investigate and triage issues in their cloud container environments.