Solutions

Home / Solutions

Breach Detection

IT professionals delivering services from the cloud face big security challenges:

  • Attacks by insiders and compromised accounts are tough to detect and defend
  • East-West traffic has fewer controls, making the cloud vulnerable to bad actors on the inside
  • Security rules and policies in dynamic cloud environments are complex, labor-intensive, and ever-changing

Existing security tools and practices aren’t agile or effective, and they’re not right for today’s dynamic cloud. So we invented a better way: Lacework Polygraph™.

Polygraph’s deep temporal baseline captures the truth of your properly functioning cloud operation. We constantly compare a comprehensive set of operational factors, or “classes,” against the baseline to immediately spot intrusions before they become big problems:

  • Application/Process communications
  • Application launches
  • Machine communications
  • Machine Servers
  • Privilege changes
  • Insider behaviors

The Lacework approach is ideally suited to today’s dynamic cloud operations:

  • No labor-intensive policy development or maintenance
  • Fast implementation
  • Spot and remediate breaches faster with low mean-time-to-detection and precision alerts
  • Graphical interface clarifies the cyber kill chain

Insider Threat Management

Insider threats are an especially demanding challenge for cloud security professionals:

  • Engineers and DevOps personnel need broad access to efficiently do their jobs
  • User credentials are a weak link: social engineering and poor password hygiene can compromise even the most robust systems
  • Once inside, attackers can disappear into unmonitored east-west traffic

Lacework Polygraph protects against insider threats without relying on user credentials or tight controls on east-west traffic. Our patent-pending insider tracking technology exposes the true user behind every command – even when that user attempts to execute commands with an account having more privileges (e.g. using the sudo command).

We monitor a comprehensive baseline of user factors to spot insider threats before they can cause damage:

  • Login location
  • True user behind every command
  • Privilege changes
  • Processes launched by the user
  • Process behavior
  • Process connections

Lacework Polygraph is the most effective solution on the market for managing insider threats in cloud operations:

  • Works even when user credentials are compromised
  • No labor-intensive policy development or maintenance
  • Track and audit all user activities, including commands executed and connections made
  • Integrates easily into existing DevOps practices
  • Complete visibility into the true user behind every process, command, and connection

Investigation Analysis

When a cloud security incident occurs, an accurate and quick investigation is vital to remediate the vulnerability and limit losses. But if you’re the security sleuth, you know it can be hard to get to the bottom of the breach:

  • Alert volumes are overwhelming, making it impossible to investigate every one
  • Establishing the incident timeline is a tedious task of log entry correlation across multiple cloud entities
  • Breach impact assessment is a complex puzzle, often with critical pieces missing

Lacework offers a new and powerful approach to the challenge of incident investigation in the cloud:

  • Instead of using rules and policies to define what is and isn’t a breach, Polygraph uses a deep temporal baseline to spot threats quickly and accurately
  • Polygraph automatically groups similar users, machines, and other entities into “classes” that simplify analysis and dramatically reduce notification clutter
  • Polygraph tracks dynamic interactions between disparate cloud entities to deliver a rich storyline for each incident

Lacework Polygraph’s graphical user interface is the industry’s most powerful investigative tool for security professionals, with features such as:

  • Polygraph charts showing operational classes in context with other entities for quick and clear visualization of relationships
  • “Cause and effect” charts illustrating a variety of interactions, such as a user launching a binary or a virtual machine communicating with an external host
  • Insider tracking that can reveal security breaches perpetrated by rogue users or compromised accounts
  • Drill-downs that expand to show individual class members, one-on-one entity interactions, and other detailed information
  • Temporal comparisons that show the union, intersection, or difference between a polygraph chart at two points in time
  • Integration with external databases to easily research domain records, known-bad IP addresses, and other valuable information

The Lacework Polygraph cloud security solution makes investigations faster and more conclusive, allowing you to tell the story of every incident:

  • Faster, more accurate insight into the entire cyber kill chain
  • Reliable information about the blast radius and impact of any intrusion
  • Trusted results that let you and your team conclusively close the case

DevSecOps Insights

With today’s high-velocity DevOps practices for rapid application updates, code and cloud architectures can change on a dime. Cloud professionals are all too familiar with the myriad factors that must be understood before making changes:

  • Internal and external application dependencies
  • Impact of eliminating a workload on other services
  • Users affected by application changes
  • Required network and firewall updates
  • Resource requirements for network connections, workloads, containers, and more

Although many Lacework customers rely on Polygraph primarily for cloud security, the solution’s ability to collect and present a detailed picture of cloud operations makes it an ideal tool for DevOps professionals. The interface invites exploration and discovery with charts that illuminate operations and clarify entity relationships.

With Lacework Polygraph, cloud engineers and ops professionals can reduce change management risk with tools that illuminate even the most opaque DevOps tasks:

  • Gain insights into machine-to-machine communications to create and maintain more effective micro-segmentation policies
  • Uncover application dependencies to plan a smoother, faster migration to the cloud
  • Use Polygraph’s logical entity view to see beyond machines and networks to truly understand the capacity and performance issues affecting cloud services
  • Control costs and manage risk using Polygraph to audit cloud operations, find rogue instances, and assess the impact of shutting down workloads

DevOps benefits from the visibility Lacework Polygraph provides:

  • Safely make planned changes using Polygraph to understand dependencies and utilization
  • Tune cloud services for better performance based on Polygraph’s summaries of bandwidth and resource consumption
  • See all cloud workloads to better manage shadow IT costs and risks
  • Improve other security capabilities with a clear view of communications between machines and other cloud entities

Request a Free Demo Today!

 

650-386-5103

Give us a Call

info@lacework.net

Send us a Message

Start a Free Trial

Try it Now!