Active Host Vulnerability Monitoring
Monitor and alert on vulnerabilities in your cloud environments
Benefit from Active Vulnerability Monitoring at the Host Layer
Ephemeral and immutable compute have changed the economics and velocity of building software, but traditional security approaches have failed to keep up. This includes deciphering which of the millions of known vulnerabilities actually pose a risk to the hundreds of software packages running on thousands of hosts and containers scaling in the cloud. The security of your workloads depends on how well you can find and fix host vulnerabilities across all your cloud environments and workloads deployed on AWS, Azure, and GCP.
Lacework monitors host vulnerabilities providing detailed context that helps organizations understand their risk posture and address gaps in their cloud environment.
Lacework’s Active Host Vulnerability Monitoring Capabilities Provide:
- Monitoring for Ephemeral Hosts at Scale: Telemetry to distill and focus on vulnerabilities in ephemeral and immutable infrastructure
- A Pre-Flight Check API: Scan a host image (e.g., AWS AMI) for known vulnerabilities before deploying to a live environment
- Scanning for Active Vulnerabilities: Connect known CVEs with active packages on hosts for live visibility to active packages with associated vulnerabilities
- Support for CI/CD and Infrastructure-as-Code Integrations: Tighten the feedback loop and shift security left by integrating the Lacework API into GitHub, GitLab, Jenkins and other workflows
- Reporting Designed to Help Security Teams Focus on What Matters: Shift security right with tailored reports on new active CVEs, and know definitively when a patch has been applied
- An Updated CLI: CLI updates for self-serve vulnerability scanning and data and a new vulnerability dashboard
Get High-Fidelity Host Vulnerability Alerts
Lacework’s console raises alerts when vulnerabilities are detected during a host assessment. At launch, the Lacework platform supports alerting to any routing channel like Slack, Jira, Pager Duty, and others of the following scenarios:
- A new software vulnerability within monitored hosts for a defined severity level
- A known software vulnerability within monitored hosts for a defined severity level
- A software vulnerability severity change within monitored hosts
- A software vulnerability patch status change within monitored hosts
Receive Actionable, Easy to Navigate Information About Each Vulnerability
- Conduct pre-flight vulnerability checks on your containers and workloads prior to shipping to production
- Review host vulnerabilities with rich context and take action
- Triage and prioritize fixes with information at your fingertips
- Quickly find new vulnerabilities when they appear
Take Advantage of Comprehensive Data Collection
- Host vulnerability data capture is continuous and automatic
- Record available telemetry from relevant cloud processes
- Support compliance efforts with comprehensive metrics
- Integrate Lacework data with technology partners like DataDog, New Relic, and Snowflake
Receive Accurate Alerts with Rich Context
- Activities and events organized into behaviors provide visibility and context
- Aggregation, risk scoring, and customization all work to minimize alert noise while improving fidelity
- Links and additional information make it easy to get to the bottom of each alert with just a few clicks
Conduct Comprehensive Vulnerability Checks
Making full use of the National Vulnerability Database as well as vulnerabilities uncovered by our own research team, Lacework Labs, the Lacework platform now checks every package against more than two million CVEs. By checking every package against the full library of CVEs and known threats, we not only catch packages with vulnerabilities that were just released, but we can also even detect package vulnerabilities that were released many years ago. Combined with Lacework’s ability to use UEBA to track and alert on anomalies, this new capability means that Lacework can provide unparalleled detection for known and unknown threats.
Know the Difference Between Vulnerability and Being Vulnerable
A vulnerability is a weakness in a software system. Organizations become vulnerable when a vulnerability is exploited in an attack that leverages that vulnerability. Modern cloud security is about balancing risk and reward. While having a vulnerability isn’t great, the risk factor increases significantly once the vulnerability is an active exploit in the wild and the vulnerability is in production.
Experts estimate that 24% of organizations have hosts missing high-severity patches in the public cloud, and the problem could be much worse for larger enterprises. While assessing a recent environment, Lacework discovered 51,000 vulnerabilities present across a multi-cloud infrastructure. At the current patch rate for most environments, it would take a significant amount of time to patch all those vulnerabilities (average time to patch in the cloud is more than 30 days).
Using Lacework’s new host vulnerability monitoring scans, a security team leader was able to quickly determine that those vulnerabilities were related to 2,800 actual hosts. And of those hosts, those vulnerabilities could be traced to 78 images that needed to be repaired. With the new scope of work reduced to a manageable level, the security and DevOps teams were able to address the gaps in less than a week.
What Our Customers Say
- “[We] got rid of a lot of tools and the need to log into multiple interfaces…forget that mess!!! Hundreds of false positives before are now down to one and two things we need to pay attention to because of Lacework. Tracking down alerts was taking 50 percent of the Engineering / DevOps team’s time to triage and [make] changes. Now they get one to two per day, log on in the morning, check the few alerts and go about their day.”
- “A second set of eyes when it comes to security. With the growth of instances and containers, it is difficult to monitor and review every log or activity. By using Lacework, we’ve been able to use the Lacework AI to net down patterns, violations, and compliance activity all in a single dashboard saving time and resources. More importantly, historical charts and reports are extremely helpful for audits to demonstrate alerting, notification and review.”
- “Lacework Polygraph, within minutes of the attack occurring, was able to detect something that the other ones were not. It outperformed everything we’ve been doing.”
- “I’m extremely happy with Lacework. I sleep better at night knowing we have full visibility into our cloud operations. It was the one tool that checked all my security boxes.”
- “Lacework offers us speed and offers us the ability to focus on what we do in terms of building a great product that’s secure. I would definitely recommend it to other IT professionals or product companies that are building a cloud-based application.”
FAQs About Lacework's Host-based Intrusion Detection System
Lacework’s host-based intrusion detection system monitors all incoming and outgoing network connections, along with all running processes. By utilizing machine learning behavioral modeling and threat feeds, Lacework excels at identifying intrusions on a host.
Yes, Lacework’s HIDS solution ingests threat feeds to identify malicious IPs communicating with your resources, as well as any of your resources communicating with bad IPs or domains. Additionally, Lacework takes hashes of your files to identify any known malicious files that exist within your environment.
Yes, Lacework uses machine learning to automatically build baselines off the normal activity within your cloud environment. As new activities occur, Lacework’s HIDS is able to use machine learning to identify and prioritize this new activity.
Lacework reviews how all of your processes are communicating to other processes over the network. Lacework will automatically alert you to anomalous behavior from activities such as one host communicating to another host, or even a container communicating with another container in your environment for the first time.
Lacework’s host-based intrusion detection system automatically correlates activity and critical information into an event dossier. This is a single pane of glass that correlates critical information for an incident response such as source, process data, and even command-line arguments. This helps IR teams by not needing to manually collect and correlate this information when responding to an incident.
Lacework’s HIDS supports the ability to send alerts through outbound integrations to common platforms. This allows you to receive Lacework alerts without altering your current workflow as your team monitors your SIEM feed.
When working to meet compliance measures, a common requirement is an intrusion detection solution. Lacework’s host-based intrusion detection system for workloads operates at the host level. Using machine learning, Lacework detects anomalies and alerts on potential intrusions. This allows you to use Lacework as a control to meet intrusion detection system requirements.
Account security solutions for cloud containers & multicloud
environments via a single unified console