Security for Containers and Multi-Cloud Environments
Account Security Solutions for Cloud Containers & Multicloud Environments
Comprehensive cloud account security for AWS, Azure, and GCP accounts
Lacework offers comprehensive cloud account security for AWS, Azure, and GCP accounts that provides insights about configuration changes that could lead to threats. At the console level of a cloud environment, an organization can inadvertently apply misconfigurations that could leak data or open up an easy attack surface to a hacker. With continuous updates and broad administrative access happening within cloud environments, account changes are normal. Yet with increased activity comes increased vulnerability.
Through API integration between accounts, Lacework looks at all of the security-relevant configurations and identifies where the organization is passing or failing certain account security best practices for these particular configurations. These checks are run continuously, and security teams receive automated alerts about any configuration changes that violate security compliance. Among a myriad of issues, it is able to identify things such as:
- S3 buckets in AWS that are misconfigured and left publicly open
- Security groups allowing unrestricted access to SSH
- IAM users that don’t have MFA enabled
- Security groups that are misconfigured
- New regions are being spun up specifically for Bitcoin mining
Data from the cloud accounts is ingested, and Lacework applies machine learning to logs to generate high fidelity alerts on any behaviors or events that could be an indicator of compromise at the account resource level. Lacework also proactively alerts on any account security misconfigurations at the time they occur.
Monitor Ongoing Activity
- Detects and alerts of activity on all cloud platform resources, such as new activity in a region, activation of new services, or changes to access control lists
- Notes changes to cloud account users, roles, or access policies
- Prevents access or customer master key tampering
- Reduces alert fatigue with customizable alerts and reports that eliminate repetitive or irrelevant results
Identify Configuration Issues
- Find Identity and Access Management (IAM) vulnerabilities, including root account, password requirements, and MFA usage
- Check for logging best practices, enable log files across regions, and ensure that log files are validated and encrypted
- Monitor critical account activity such as unauthorized API calls and use of the management console for unauthorized purposes
- Confirm secure network configurations, including limiting access to vulnerable ports, enforcing “least access” privileges, and checking for the use of flow logging
Track Configuration Continuously
- Maintain compliance and protection with a daily re-audit
- Monitor account activity for abnormal activity, even when that activity is technically authorized
- Receive customizable alerts when items change from compliant to non-compliant
FAQs About Lacework's Account Security Solution
Lacework continually scans and analyzes API activity logs to create a baseline of normal activity in your cloud accounts and notifies you when potentially dangerous activity in a cloud account is detected.
Lacework has integrations into all 3 major cloud providers, AWS, GCP, and Azure. This allows for a single pane of glass that does not require configuring disparate tools across each cloud provider.
Lacework checks for common misconfigurations that can result in data leakage such as exposed S3 buckets. Additionally, Lacework looks at cloud account audit logs to identify any actions that may show risk.
Lacework uses cloud user audit logs to detect anomalous behavior in AWS. If a user creates new compute instances in a new region Lacework will detect this and alert you. This is a common action taken by attackers to hide compute that is being used for illicit cryptomining.
Lacework visualizes and baselines all user activity within AWS. Lacework looks for privileged usage and alerts on activity such as use of the root account within AWS. Additionally, by utilizing the baseline, Lacework can identify anomalies and privileged access to critical services such as IAM.