Security Solutions That Work for Security and Engineering

Bring data-driven insights to your team with clear notifications of security vulnerabilities occurring in production environments. All with a tidy risk score to keep the focus on what matters.

Security That Drives Insight Into Anomalies, Helps Bridge Teams and Enables a Proactive Stance Against Threats

Network, storage and compute resources must be in constant flux to adapt to business needs. At the same time, security roles are responsible for defining the functions different users have within an ever-changing cloud. Lacework helps security professionals understand and protect the cloud with behavior analytics that detects anomalies and potential threats by mapping activities, events, and behaviors across your cloud environments. Lacework shifts security left and right so software teams become more efficient and security teams can move beyond reactive security.

By observing changes and deviations in your containers, workloads, and clouds, Lacework provides high-fidelity alerts with context when something of significance occurs. Every alert is meaningful and contains data-rich information to help identify whether an organization is actually vulnerable to a particular threat.

As a result, security professionals, analysts, and investigators can quickly see:

  • The users, machines, and applications involved in an incident and accounts, applications, or machines that were patient zero. 
  • The entities involved in incidents and actions compared to their peers.
  • Alerts and risk scores related to specific incidents 
  • The Polygraph view for alerts and incidents

Cloud Security Informed By Big Data Analytics

Public clouds enable enterprises to implement infrastructure-as-code, which allows them to rapidly develop, test, and deploy services at scale. While this agility and flexibility provides many business and technological benefits, the cloud is also more susceptible to new forms of threats and cyberattacks. Unfortunately, legacy security solutions are ill-equipped to handle these, which can leave organizations vulnerable. 

Lacework takes a completely different approach to anomaly detection by collecting process, network, file, and user data to form a base model of normal infrastructure behavior. We then use sophisticated analytics and machine learning techniques to detect anomalies which are indicators of threats.

The Lacework anomaly detection system can be fine-tuned to reduce false positives at the same time.

Cloud Security Thanks to the Power of Polygraph

Lacework’s foundation is Polygraph, a technology that dynamically develops a behavioral and communication model of your services and infrastructure. The model understands natural hierarchies (processes, containers, pods, machines, etc.) and aggregates them to develop behavioral models. 

A behavioral model is in some sense the essence of how a customer’s infrastructure operates. With this model, Polygraph monitors your infrastructure for activities that fall outside the model. In addition, the Polygraph continually updates its models as your data center behavior changes. With the Polygraph organizations can: 

  • Pinpoint exactly how a file changed: content, metadata and whether the file was modified or simply appended.
  • Extend information on executables, such as files created without a package installation, command lines used at launch, currently running processes (with users and network activity), and suspect versions.
  • Expand file intelligence with integrated threat feeds from ReversingLabs’ library of five billion files.
  • Scale their architecture with no added complexity or performance penalties.
  • Protect log and configuration files against tampering.

Detect and resolve anomalous changes in behavior across your workloads, containers, and IaaS accounts that represent a security risk or an IOC with Lacework’s comprehensive anomaly detection system for enterprise DevOps teams. 

Lacework’s Kubernetes security solution provides comprehensive threat detection for dashboards, pods, management nodes, and clusters, in addition to end-to-end security for their public cloud infrastructure workloads, accounts, and containers.

With the rapid adoption of Kubernetes for application and infrastructure orchestration, there’s a corresponding increase in the risk associated with data exposure and vulnerabilities throughout the application lifecycle. Without proper detection of threats, organizations could unwittingly be granting unauthorized access to Kubernetes clusters, applications, and customer data. Lacework’s Kubernetes security platform identifies the risks and threats for Kubernetes-deployed infrastructures, including publicly exposed and unsecured API servers and management consoles.

Lacework was among the first cloud security vendors to highlight the need for rigorous container security. The company’s original research was published earlier this year in a report titled, Containers at Risk: A Review of 21,000 Cloud Environments.

Application Visibility

Lacework provides deep visibility into your Kubernetes deployment. This includes high-level dashboards of your clusters, pods, nodes, and namespaces combined with application-level communication between all of these at the application, process, and network layer.

Threat Detection for Kubernetes

Backed by the power of Lacework’s Polygraph technology, this security solution for Kubernetes includes detection of both risks and threats that may be specifically designed to breach a vulnerability within Kubernetes, a possible miss-configuration, or a threat that can affect your infrastructure by installing malicious code onto one of your containers. The Lacework Polygraph is designed to detect both known and unknown threats that affect Kubernetes environments through the detection of IOC’s and Lacework’s behavioral analysis and machine learning classification.Risks and threats are visible within the Lacework dashboard, are ranked by risk severity, and can be delivered through the most common modern methods such as a Slack channel or a Jira ticket.

Forensics for Kubernetes

Whether you are triaging an alert or digging into deep details around the cause and effect of a change, Lacework’s security platform for Kubernetes has all the information. Our SaaS service allows you to go back in time and look at all related events across your Kubernetes infrastructure that may have caused a breach or exposed you to an unknown risk.

Detailed information about your containers, your applications, and your infrastructure are all available and include information related to Kubernetes such as; pods, nodes, labels, namespaces, and all network information. All this information is available both within the UI and from our API.

Lastly, Lacework’s Kubernetes security solution creates hourly Polygraphs which can demonstrate the change of relationships and events over time. This is a critical tool for understanding and triaging your events.

Case Study

Guidebook wanted an AWS security platform that would protect sensitive information. Using Lacework, Guidebook gained a clear and complete picture of security operations across all AWS implementation and was able to identify vulnerabilities otherwise undiscoverable. Guidebook’s DevOps and Engineering teams now use Lacework to troubleshoot issues and gain operational insights.

“I’m extremely happy with Lacework. I sleep better at night, knowing we have full visibility into our cloud operations. It was the tool that checked all my security boxes”. Devin Ertel, Director of Security and Information Technology, Guidebook

What Our Customers Say

 

FAQs About Lacework's Kubernetes Security Solution

Lacework’s Kubernetes security solution allows you to go back in time and look at all related events across your Kubernetes infrastructure that may have caused a breach or exposed you to an unknown risk.

Supported Platforms

Account security solutions for cloud containers & multicloud
environments via a single unified console

Share this with your network
Twitter Twitter Twitter Share