Monitor and Identify Threats for Workloads and Accounts in the Google Cloud Platform (GCP)

Automated, continuous GCP security monitoring and threat detection for Google Cloud Platform and multicloud environments

Lacework Automated Cloud Security

Peace of Mind Security for Every GCP Platform

Google Cloud Platforms (GCP) are not immune from some of the biggest security risks. Potential threats to GCP include data breaches, credential and access management issues and identity protection. Achieving peace of mind requires partnering with a company that understands GCP security. 

Lacework offers an automated, end-to-end GCP security and configuration solution that monitors threats for workloads and accounts in the Google Cloud Platform and across multi-cloud and containerized environments. Lacework is architected as a host-based intrusion detection that identifies and alerts based on behavioral anomalies that could pose threats to an organization’s data and resources.

Our GCP security platform accomplishes this in two fundamental ways: 

  • Lacework checks for a series of controls specific to GCP resources like storage classes and ACLs. It also monitors for processes like Cross-Origin Resource Sharing (CORS), access logs and other elements that can be targeted in the course of attacks. 
  • Lacework builds baseline models of a data center’s behavior to perform anomaly detection that could indicate a security threat. These models are built and updated automatically and do not require manual rules or maintenance. 
  • Lacework enables security teams to efficiently protect assets deployed on GCP, from the initial configuration to live operations.
  • Validating that data is not inadvertently exposed to unauthorized users.
  • Context-aware recommendations to help prioritize and fix violations.

Security Built for Tomorrow, Today

For all GCP events and configurations, Lacework’s security solution monitors activities and behaviors of cloud entities beyond network traffic to detect anomalies indicative of misconfigurations, human error, malicious activities, or threats. 

Lacework enables security teams to identify escalation of privileges, lateral movement, and misuse of GCP resources quickly so that breaches can be identified and stopped early. Lacework achieves this by:

  • Making all risks and threats visible within the Lacework dashboard ranked by risk severity. These can also be delivered through the most common methods such as a Slack channel or a Jira ticket.
  • Scheduling automatic checks, reviews, and alerts for configuration issues that run counter to controls established as best practices for securing GCP. 
  • Providing support for common compliance standards such as SOC2, PCI DSS, and CIS benchmarks. An interactive report, generated from deep insights from activity happening in the environment, delivers insights into passed or failed controls with specific remediation recommendations to fix non-compliant configuration components. 

Lacework’s GCP security solution ensures continuous compliance by auditing your configuration daily and alerting you of any change that represents a degradation in compliance.

Modern Security for Modern Cloud Infrastructures

Lacework is built to detect anomalies across your server hosts and resources, including GCP, other cloud platforms, containers, and Kubernetes. It also finds anomalies involving processes, users, networks, and files. Lacework achieves this by: 

  • Capturing, analyzing, and reporting on all cloud activity so you are able to get an accurate assessment of your GCP and multi-cloud workloads and accounts.
  • Leveraging Polygraph — a deep temporal baseline built by collecting high fidelity machine, process, and user interactions over a period of time — to detect anomalies, generate appropriate alerts and provide a tool for users to investigate and triage issues.

Continuous Monitoring Made Simple

As GCP environments continuously adapt to new users, services, and resources, the corresponding security landscape changes in a dynamic way. We make it easy for you to get an accurate assessment of your GCP and multi-cloud workloads and accounts by providing a single, comprehensive GCP security solution that captures, analyzes, and reports on all cloud activity, so you’ll never be left in the dark again.

The Power of the Polygraph

Our foundation is based on the patent-pending Polygraph technology, a context-rich baseline built from collecting high-fidelity machine, process, and user interactions over time. This technology dynamically develops a behavioral and communication model of your services and infrastructure that understands natural hierarchies (processes, containers, pods, machines, etc.) and aggregates them to develop behavioral models at scale. Together with a behavioral model, the Polygraph is able to monitor your infrastructure for activities that fall outside the model and dynamically update as behaviors change over time.

Using this information, the Polygraph detects anomalies and generates high-fidelity alerts appropriate to your unique environment. Polygraph maps the truth of your cloud instance and helps users quickly visualize the ‘who, what, where, and how far’ of an event. speed investigation, and triage issues saving organizations time and money.

Lacework Polygraph uses deviation from a temporal baseline to detect deviations or changes in the behavior resulting in meaningful alerts. Alerts are either due to a desired change, misconfiguration, or malicious activity. The Lacework Polygraph then scores the alerts based on severity and threat.

Lacework Polygraph breach detection is more precise and accurate because of key technology innovations:

  • Capturing behavior at process/container-level
  • Separating interactive and non-interactive traffic
  • Alert generation at the analysis group-level
  • Advanced deductive analysis that does not rely on heuristics

Robust AWS Configuration Audit

What Makes Our AWS Security Solution a No-brainer 

Lacework provides comprehensive, continuous end-to-end security and configuration support for workloads and accounts running in Amazon Web Services. For all AWS events and configurations, Lacework monitors activities and behaviors of cloud entities beyond network traffic to detect anomalies indicative of a misconfiguration, a human error, malicious activity, or a threat. Lacework enables security and development teams to identify escalation of privileges, lateral movement, misuse of AWS resources early on so that breaches can be stopped early.

  • Find Identity and Access Management (IAM) vulnerabilities including root account use, lax password requirements, and the lack of multi-factor authentication (MFA)
  • Check for logging best practices and ensure AWS CloudTrail is enabled across regions 
  • Verify that log files are validated and encrypted
  • Validating that data is not inadvertently exposed to unauthorized users 
  • Monitor critical account activity like unauthorized API calls and unauthorized access to the management console and root account access
  • Drive secure network configurations and limit access to vulnerable ports, enforcing “least access” privileges and checking for the use of flow logging
  • Quickly assess your S3 settings for S3 buckets at risk

Read more

Speed, Scale, and Integration

Pinpoint exactly how files change — from content and metadata to whether the file was modified or simply appended. Extended information on executables, such as files created without a package installation, command lines used at launch, or currently running processes (with users and network activity).

Ensuring only users with multi-factor authentication delete S3 buckets Validating that data is not inadvertently exposed to unauthorized users.  Monitoring for encryption at rest and in transit. Validating that data is not inadvertently exposed to unauthorized users.  Versioning that protects against deletion or overwrites Context-aware recommendations to help prioritize and fix violations.

  • Boost intelligence with 5 billion files from ReversingLabs’ library.
  • Leverage one-click investigation of events and activities related to FIM signals.
  • Drive cloud-wide search with file type summaries and new file detection.
  • Operate at cloud scale with unprecedented speed Automate configurations, file discovery, and operations.
  • Scale architecture without adding complexity or performance penalties.
  • Context-aware recommendations to help prioritize and fix violations

*Included with all Lacework AWS Cloud Security agents

Read more

Workload Security

Want to go beyond user and entity activities? Lacework’s lightweight agents collect and send data to Lacework’s backend in the cloud where this data is aggregated, and a baseline of the activity in the cloud environment is created. The automated method of detecting undesired activity in cloud and container workloads provides great benefits over traditional rule writing.

Read more

Container Security

Lacework is fully container-aware and monitors all container activities regardless of the container distribution you rely on (Docker and/or Kubernetes). Any malicious activity in a containerized environment will generate an anomaly at one layer or another – Lacework’s threat detection and behavioral analysis identify anomalous activities across your cloud and containers so issues can be remediated before any damage is done.

Read more


Brilliant DevOps and Security Minds Usually Have These Questions:

Lacework is a multi-cloud security SaaS platform that provides automated, end-to-end visibility and threat detection for securing GCP. Our approach simplifies configuration and speeds deployment with a faster time to value.

Lacework’s GCP security platform performs a series of checks against every compute engine firewall rules looking for misconfigurations.

Lacework checks configurations for several different variants of permissions in GCP cloud storage buckets that can risk data exposed and alerts you.

Lacework supports GCP Audit log ingestion and uses these logs to alert you of suspicious behavior in your cloud infrastructure.