Cloud Security Platform for DevOps, Workloads, and Cloud Containers
Visibility into all processes and applications within your cloud and container environments from a single, unified view
Workload and Account Security for Multicloud and Container Environments
The public cloud enables enterprises to automatically scale workloads, deploy faster, and build freely. This supports their speed and scale needs, but it has made it increasingly difficult to make sense of the activity happening within their environments.
Lacework’s lightweight agent provides visibility to all processes and applications within an organization’s cloud and container environments. The breadth and depth of visibility helps detect vulnerabilities, and then uses Lacework’s machine learning analysis to identify anomalous behavior that poses threats.
The Journey to the Cloud
Lacework is the only complete cloud security platform designed to effectively accelerate and secure your journey to the cloud.
The Power of the Polygraph
Our foundation is based on the patent-pending Polygraph technology, a context-rich baseline built from collecting high-fidelity machine, process, and user interactions over time. This technology dynamically develops a behavioral and communication model of your services and infrastructure that understands natural hierarchies (processes, containers, pods, machines, etc.) and aggregates them to develop behavioral models at scale. Together with a behavioral model, the Polygraph is able to monitor your infrastructure for activities that fall outside the model and dynamically update as behaviors change over time.
Using this information, the Polygraph detects anomalies and generates high-fidelity alerts appropriate to your unique environment. Polygraph maps the truth of your cloud instance and helps users quickly visualize the ‘who, what, where, and how far’ of an event. speed investigation, and triage issues saving organizations time and money.
Lacework Polygraph uses deviation from a temporal baseline to detect deviations or changes in the behavior resulting in meaningful alerts. Alerts are either due to a desired change, misconfiguration, or malicious activity. The Lacework Polygraph then scores the alerts based on severity and threat.
Lacework Polygraph breach detection is more precise and accurate because of key technology innovations:
- Capturing behavior at process/container-level
- Separating interactive and non-interactive traffic
- Alert generation at the analysis group-level
- Advanced deductive analysis that does not rely on heuristics
Lacework provides comprehensive, continuous end-to-end security and configuration support for workloads and accounts running in AWS and in multi cloud environments.
- Find Identity and Access Management (IAM) vulnerabilities, including the use of “root” account, password requirements, and use of multi-factor authentication
- Check for logging best practices, ensure AWS CloudTrail is enabled across regions, and log files validated and encrypted
- Monitor critical account activity such as unauthorized API calls and use of the management console and the “root” account
- Confirm secure network configurations, including limiting access to vulnerable ports, enforcing “least access” privileges and checking for the use of flow logging
- Assess your S3 settings for S3 buckets at risk
Lacework provides comprehensive, continuous end-to-end security and configuration support for workloads and accounts running in Microsoft Azure. For all Azure events and configurations, Lacework monitors activities and behaviors of cloud entities beyond network traffic to detect anomalies indicative of a misconfiguration, a human error, malicious activity or a threat. Lacework enables security and development teams to identify escalation of privileges, lateral movement, misuse of Azure resources early on so that breaches can be stopped early.
Lacework offers an automated, end-to-end security and configuration solution that monitors threats for workloads and accounts in GCP and across multicloud and containerized environments. Lacework checks for a series of controls specific to GCP resources like Storage Buckets, ACLs and other resources, and for processes like Cross-Origin Resource Sharing (CORS), access logs, and other elements that can be targeted in the course of attacks.
Lacework is fully container-aware and monitors all container activities regardless of the container distribution you rely on (Docker and/or Kubernetes). Any malicious activity in a containerized environment will generate an anomaly at one layer or another – Lacework’s threat detection and behavioral analysis identifies anomalous activities across your cloud and containers so issues can be remediated before any damage is done.
Lacework’s lightweight agents collect and send data to Lacework’s backend in the cloud where this data is aggregated, and a baseline of the activity in the cloud environment is created. The automated method of detecting undesired activity in cloud and container workloads provides great benefits over traditional rule writing.