De Log4j à l'avenir des entreprises : notre bilan de l'année
December 29, 2021
Here at Lacework we’ve had a really busy and wonderful year. Our editorial team, Lacework Labs and our leaders have been busy writing about everything from Jay Parikh joining Lacework as co-CEO, to the Log4j vulnerability and everything in between. We wanted to make sure you had a chance to catch up on our whereabouts so, we put together some of our most important blogs from 2021, in case you missed them.
“Lacework Labs is constantly monitoring for attackers adopting new vulnerabilities into their toolkits. Lacework Labs has identified opportunistic attackers leveraging the recent Log4J vulnerability (CVE-2021-44228). This vulnerability is being felt by every sector of the industry and is currently an evolving situation. Lacework Labs currently believes that some attackers are simply attempting to see what they have access to, while others are deploying malware against vulnerable hosts. Researchers are identifying ways to evade static rule detection and attackers are adopting this vulnerability into their arsenal of capabilities including the spreading of Mirai and Kinsing variants.”
“When it comes to the Log4j vulnerability, and any other zero day or recently discovered vulnerability, our customers know all-too-well how critical it is to quickly find out how exposed their operations are, and if they’ve been compromised. And luckily, there are many solutions available that simply help identify vulnerabilities. But the ideal scenario is tying together a view of the systems across a company’s entire cloud environment and looking for active signs of compromise. We’ve seen this both reduce risk and better protect businesses long-term. And this is especially important given how challenging it can be to find all programs and systems impacted by Log4j.”
“If 2020 and 2021 taught us anything, it’s to expect the unexpected. This is especially true with respect to cyber threats which can make predicting the future difficult. Additionally the threat landscape is often influenced by numerous macro-trends (pandemic, geopolitics, cryptocurrencies) which can further complicate forecasts. We know that the landscape shifts each year, which is why we write an annual predictions report from the experts on our research team. This list is based on what we expect to see happen in 2022 and what we think you should do to prepare and protect yourself.”
“Lacework was founded seven years ago to help address the unique challenges businesses faced in the cloud. Since then, the market has grown exponentially, and our cloud security platform has grown right along with it. Which is why today we’re announcing an investment in Lacework that represents the largest funding round in security industry history. This new investment will help us further speed our own innovation and operations, all with a focus on helping our customers embrace security not as a blocker, but as an enabler of innovation – just as we have.”
“In the world of IT, DevOps and Security have a reputation of mixing as well as oil and water. DevOps wants to get apps and software out the door as quickly as possible, while security’s goal is to make sure bad actors don’t get in. The thing is, they’re both right. All the speed of development is useless if it creates misconfigurations or vulnerabilities. Security is rendered less effective if it’s shoved toward the end of the process.
This is just one reason why we are thrilled to announce that Lacework has acquired Soluble. This acquisition expands our coverage to include Infrastructure as Code (IaC), in addition to AWS, GCP, Azure, private and hybrid cloud, Kubernetes, containers, workloads, all of which serve to interlace security at the earliest point in the DevOps cycle.”
“In new research from the Lacework Labs Team, it’s clear organizations should start thinking of cybercriminals as business competitors. Thanks to more than three months of exhaustive monitoring and tracking malicious cloud activity, the team has uncovered evolving attack techniques and campaigns originating from across the globe, mostly characterized by a rising demand for access to cloud accounts. Whether this be cloud account credentials sold in underground marketplaces or through direct attempts to gain access, cybercriminals are increasingly looking to profit from vulnerable business resources.”
“I am delighted to announce my good friend and world-class technology executive, Jay Parikh, will join me and Lacework as our Co-CEO, starting today. Jay will lead our innovation engine – including our product, engineering, and infrastructure efforts, while I focus on our growth, market expansion, and overall business operations. Together, we’ll drive our strategy; a relentless focus on our customers’ and partners’ success; and build the best team and culture in our industry.”
Copyright 2021 Lacework Inc. All rights reserved.