Lacework automates threat defense, intrusion detection, and compliance for cloud workloads & containers.
Workload and account security for multicloud and container environments.
The public cloud enables enterprises to automatically scale workloads, deploy faster, and build freely. This supports their speed and scale needs, but it has made it increasingly difficult to make sense of the activity happening within their environments.
Lacework’s lightweight agent provides visibility to all processes and applications within an organization’s cloud and container environments. The breadth and depth of visibility helps detect vulnerabilities, and then uses Lacework’s machine learning analysis to identify anomalous behavior that poses threats.
Lacework provides comprehensive, continuous end-to-end security and configuration support for workloads and accounts running in AWS and in multi cloud environments.
- Find Identity and Access Management (IAM) vulnerabilities, including the use of “root” account, password requirements, and use of multi-factor authentication
- Check for logging best practices, ensure AWS CloudTrail is enabled across regions, and log files validated and encrypted
- Monitor critical account activity such as unauthorized API calls and use of the management console and the “root” account
- Confirm secure network configurations, including limiting access to vulnerable ports, enforcing “least access” privileges and checking for the use of flow logging
- Assess your S3 settings for S3 buckets at risk
Lacework provides comprehensive, continuous end-to-end security and configuration support for workloads and accounts running in Microsoft Azure. For all Azure events and configurations, Lacework monitors activities and behaviors of cloud entities beyond network traffic to detect anomalies indicative of a misconfiguration, a human error, malicious activity or a threat. Lacework enables security and development teams to identify escalation of privileges, lateral movement, misuse of Azure resources early on so that breaches can be stopped early.
Lacework offers an automated, end-to-end security and configuration solution that monitors threats for workloads and accounts in GCP and across multicloud and containerized environments. Lacework checks for a series of controls specific to GCP resources like Storage Buckets, ACLs and other resources, and for processes like Cross-Origin Resource Sharing (CORS), access logs, and other elements that can be targeted in the course of attacks.
Lacework is fully container-aware and monitors all container activities regardless of the container distribution you rely on (Docker and/or Kubernetes). Any malicious activity in a containerized environment will generate an anomaly at one layer or another – Lacework’s threat detection and behavioral analysis identifies anomalous activities across your cloud and containers so issues can be remediated before any damage is done.
Lacework’s lightweight agents collect and send data to Lacework’s backend in the cloud where this data is aggregated, and a baseline of the activity in the cloud environment is created. The automated method of detecting undesired activity in cloud and container workloads provides great benefits over traditional rule writing.