GCP Security

Automated, Continuous GCP Security Monitoring and Threat Detection for Google Cloud Platform and Multicloud Environments

Lacework offers an automated, end-to-end GCP security and configuration solution that monitors threats for workloads and accounts in the Google Cloud Platform and across multi-cloud and containerized environments. As a purpose-built solution for modern IT infrastructures, Lacework is architected as a host-based intrusion detection that can identify and alert based on behavioral anomalies that could pose a threat to an organization’s data and resources.

Lacework’s GCP security platform accomplishes this in two fundamental ways: 1) Lacework checks for a series of controls specific to GCP resources like storage classes, ACLs and other resources, and for processes like Cross-Origin Resource Sharing (CORS), access logs, and other elements that can be targeted in the course of attacks. And 2) in order to adapt to the dynamic and ephemeral nature of GCP and other cloud environments, Lacework builds baseline models of a data center’s behavior to perform anomaly detection that could indicate a security threat. These models are built and updated automatically and do not require manual rules or maintenance. Lacework enables security teams to efficiently protect assets deployed on GCP, from the initial configuration to everyday operations.

Automated Threat Detection

For all GCP events and configurations, Lacework’s GCP security solution monitors activities and behaviors of cloud entities beyond network traffic to detect anomalies indicative of misconfigurations, human error, malicious activities or threats. Lacework enables security teams to identify escalation of privileges, lateral movement, and misuse of GCP resources quickly on so that breaches can be identified and stopped early.

Risks and threats are visible within the Lacework dashboard, are ranked by risk severity, and can be delivered through the most common modern methods such as a Slack channel or a Jira ticket.

Compliance and Misconfiguration Identification

Lacework automatically checks, reviews, and alerts on configuration issues that run counter to controls established as best practices for securing GCP. Lacework supports common compliance standards such as SOC2, PCI DSS, and CIS benchmarks. An interactive report, generated from deep insights from activity happening in the environment, delivers insights into passed or failed controls with specific remediation recommendations to fix non-compliant configuration components. A similar report is available for security controls for Google Cloud Storage.

Lacework’s GCP security solution ensures continuous compliance by auditing your configuration daily and alerting you of any change that represents a degradation in compliance.

Purpose-Built for Modern Cloud Infrastructures

Lacework is purpose-built to deeply learn and detect anomalies across a customer’s server hosts and resources, including GCP, other cloud platforms, containers, Kubernetes, processes, users, networks, and file behavior. Lacework is a single, comprehensive GCP security solution that captures, analyzes, and reports on all cloud activity so you are able to get an accurate assessment of your GCP and multi-cloud workloads and accounts.

The Power of the Polygraph

Lacework’s foundation is Polygraph, a deep temporal baseline built from collecting high fidelity machine/process/users interactions over a period of time. The Polygraph is used to detect anomalies, generate appropriate alerts, and provide a tool for users to investigate and triage issues.

Fundamentally, our Polygraph technology dynamically develops a behavioral and communication model of your GCP services and cloud infrastructure. The model understands natural hierarchies (processes, containers, pods, machines, etc.) and aggregates them to develop behavioral models. A behavioral model is, in some sense, the essence of how a customer’s infrastructure operates. With this model, Polygraph monitors your GCP infrastructure for activities that fall outside the model. In addition, the Polygraph continually updates its models as your data center behavior changes.