Anomaly-Based Host Intrusion Detection System (HIDS)
Host intrusion detection overcomes the limitations of network intrusion detection systems
Anomaly Intrusion Detection and Security at the Host Layer
Lacework enables organizations to strengthen their cloud security with an anomaly-based intrusion detection system that operates at the host-level. Because data is collected at the host level, security teams can more accurately and effectively detect insider attacks that others wouldn’t be identified in network traffic. Instead of using the same signatures and rules that hackers already know about, our host intrusion detection system (HIDS) operates far beyond the limitations of a network-based intrusion detection system to identify all activity happening across all cloud workloads and accounts.
Security of your workloads depends on how well your HIDS solution can detect insider attacks that otherwise won’t be caught in the network traffic, and how well you can investigate an infected host or application based on the data that has been collected.
Host intrusion detection overcomes the limitations of network intrusion detection systems that are traditionally used in an enterprise data center or non-cloud based infrastructure. Intrusion detection originally looked only at ingress and egress traffic on an enterprise’s network. But to address the constantly changing nature of cloud and containerized environments, a new, agile, and far more comprehensive solution are required.
Actionable, Easy to Navigate Information About Every Incident
- Visualize interactions and communications between cloud entities
- Review incidents at any level of detail
- Integrated information from third-party threat databases
- Global search finds related events anywhere they occur across your cloud
Comprehensive Data Collection
- Continuous and automatic
- Telemetry available from every cloud process
- Deeply integrated with available cloud services and compliance metrics
- Summarized alerts provide visibility and context
- Aggregation, risk scoring and customization minimizes alert “noise”
- Links and additional information make it easy to get to the bottom of each alert
Lacework's Cloud Workload and Container Security Solutions
Are Trusted by These Amazing Companies
- “As a Lacework customer we are excited to see their continued innovation in the area of multi-cloud support and, in particular, deep integration with Kubernetes and GKE.”
Will Gregorian | Iterable
- “Lacework Polygraph, within minutes of the attack occurring, was able to detect something that the other ones were not. It outperformed everything we’ve been doing.”
Mario Duarte | Snowflake Computing
- “I’m extremely happy with Lacework. I sleep better at night knowing we have full visibility into our cloud operations. It was the one tool that checked all my security boxes.”
Devin Ertel | Guidebook
- “Lacework offers us speed and offers us the ability to focus on what we do in terms of building a great product that’s secure. I would definitely recommend it to other IT professionals or product companies that are building a cloud-based application.”
Ian O’Brien | Arista Networks
FAQs About Lacework's Host Intrusion Detection System
Lacework monitors all incoming and outgoing network connections, along with all running processes. By utilizing machine learning behavioral modeling and threat feeds, Lacework excels at identifying intrusions on a host.
Yes, Lacework ingests threat feeds to identify malicious IPs communicating with your resources, as well as any of your resources communicating with bad IPs or domains. Additionally, Lacework takes hashes of your files to identify any known malicious files that exist within your environment.
Yes, Lacework uses machine learning to automatically build baselines off the normal activity within your environment. As new activities occur, Lacework is able to use machine learning to identify and prioritize this new activity.
Lacework reviews how all of your processes are communicating to other processes over the network. Lacework will automatically alert you to anomalous behavior from activities such as one host communicating to another host, or even a container communicating with another container in your environment for the first time.
Lacework automatically correlates activity and critical information into an event dossier. This is a single pane of glass that correlates critical information for incident response such as source, process data, and even command line arguments. This helps IR teams by not needing to manually collect and correlate this information when responding to an incident.
Lacework supports the ability to send alerts through outbound integrations to common platforms. This allows you to receive Lacework alerts without altering you current workflow as your team monitors your SIEM feed.
When working to meet compliance measures, a common requirement is an intrusion detection solution. Lacework for workloads operates at the host level. Using machine learning, Lacework detects anomalies and alerts on potential intrusions. This allows you to use Lacework as a control to meet intrusion detection requirements.