Blog

Why Organizations Are Still Learning From the Uber Breach

Why Organizations Are Still Learning From the Uber Breach

Photo by Dan Freeman on Unsplash This has been a rough month for Vasile Mereacre and Brandon Glover. These two gentlemen were arrested for their parts as the hackers who stole millions of users’ data from Uber in 2016, and were also indicted on federal hacking and extortion charges for stealing user data from 55,000 […]

Read More…

In the news - cyberattacks or the discovery of a breach of sensitive data.

I Read the News Today, Oh Boy

Photo by Flemming Fuchs on Unsplash Every morning, I begin my day with the same routine I’ve had for many years. You and I aren’t that close yet, so I won’t go into the specifics of my dawn activities, but I can safely divulge that it involves fleece, coffee, and a quick scan of the […]

Read More…

Privilege Escalation and a Proposal for Acceptable Exclusion

Privilege Escalation and a Proposal for Acceptable Exclusion

Photo by Annie Sowards on Unsplash “I’d never join a club that would allow a person like me to become a member.” — Woody Allen Social concepts about exclusivity and inclusion have changed over the last 50 years. It used to be common for social and professional clubs to aggressively seek homogeneity among their membership and exclude […]

Read More…

Lacework Supports PCI Compliance with FIM Solution

Lacework Supports PCI Compliance with FIM Solution

Photo by Samuel Zeller on Unsplash If you wanted to name a technology product category so it got beat up in the schoolyard, you might call it File Integrity Monitoring. Like a lot of products in the security space, File Integrity Monitoring (FIM) as a moniker accurately explains what the solution provides, but it’s about […]

Read More…

Lacework Kubernetes Meetup

Kubernetes, Pizza, and Learning From Our Community

  Yesterday was a big day for Lacework. We announced a $24 million series B round of funding which will help us continue our momentum in building the market’s most comprehensive cloud security solution. Even in today’s funding environment, that’s a significant amount, and we already have plans to invest heavily (and wisely) in product development, […]

Read More…

Using the Cloud to Secure the Cloud: Lacework and the New Era of Cloud Security

Using the Cloud to Secure the Cloud: Lacework and the New Era of Cloud Security

Today, we announced a great milestone for Lacework — the closing of a $24 million Series B round of funding from a stellar group of investors that includes Sutter Hill, Liberty Global Ventures, Spike Ventures and the Web Investment Network (WIN). This is a massive opportunity, and not just because we have capital to continue […]

Read More…

PCI Compliance for cloud environments: Tackle FIM and other requirements with a host-based approach

PCI Compliance for Cloud Environments: Tackle FIM and Other Requirements With a Host-Based Approach

Photo by Hannes Egler on Unsplash Compliance frameworks and security standards are necessary, but they can be a burden on IT and security teams. They provide structure, process, and management guidelines that enable businesses to serve customers and interoperate with other organizations, all according to accepted guidelines that facilitate a better experience for end users. […]

Read More…

We just looked at 2 billion #cloud events

I Just Looked at 2 Billion Cloud Events. Here’s What I Found.

Photo by Jase Ess on Unsplash Our relationship with Lacework customers usually starts with a 30-day trial of our solution. Going in to it, they typically acknowledge lack of necessary visibility into their cloud environment. They also, however, tend to massively discount the reality of threats and risks to which they’re exposing their users and data. It’s not […]

Read More…

Using Lacework, Brightcove Automates Security and Compliance Across Multiple AWS Accounts Covering Development, Testing, and Production

Lacework Selected by Brightcove for Automation of Security at Scale for Its AWS-Hosted Video Service

Mountain View, Calif. – July 18, 2018 –  Lacework®, the industry’s first solution to bring automation, speed and scale to cloud security, today announced that Brightcove Inc. (NASDAQ: BCOV) has selected Lacework to provide continuous security for its cloud-based online video platform hosted on Amazon Web Services (AWS). With Lacework, Brightcove automates security monitoring and […]

Read More…

Security Can’t Start Until Multi-Factor Authentication is Turned On

Passwords have long been a target for cybercriminals since they became necessary for switching between users on computers, validating a simple but important security layer. Passwords are typically weak enough to be susceptible to brute force attacks, or too complex to easily remember. Even password generators and password management tools like LastPass have not been […]

Read More…

How Ronaldo’s Hair Explains Cybersecurity

Security tools abound that promise to protect you from the looming threat of hackers everywhere. Many of them look great, but their value is dubious. They might perform some specific task like packet inspection at the perimeter or bot detection, but aren’t actually doing the complex work required to inspect the millions (and in some […]

Read More…

Veeva

Lacework Helps Veeva Systems Automate Security and Compliance for its AWS Cloud

Mountain View, Calif. – May 17, 2018 –  Lacework®, the industry’s first solution to bring automation, speed and scale to cloud security, today announced that Veeva Systems has chosen the Lacework Cloud Security Platform to provide advanced security and compliance capabilities atop its infrastructure hosted in Amazon Web Services (AWS). Lacework enables Veeva, a leader […]

Read More…

Lacework Named a Gartner Cool Vendor in Cloud Security for 2018

Mountain View, Calif. – May 15, 2018 –  Lacework®, the industry’s first solution to bring automation, speed and scale to cloud security, has been named a Cool Vendor in the May 2018 report, Cool Vendors in Cloud Security,1 by Gartner, Inc. This report, authored by analysts Jay Heiser, Neil MacDonald, Lawrence Orans, and Steve Riley, examined […]

Read More…

Avoiding Holes in Your AWS Buckets

Originally published in InfoSec Island on April 12, 2018.  Enterprises are moving to the cloud at a breathtaking pace, and they’re taking valuable data with them. Hackers are right behind them, hot on the trail of as much data as they can steal. The cloud upends traditional notions of networks and hosts, and it topples […]

Read More…

GOING TO RSA? HERE’S YOUR PRE-SHOW CHECKLIST (FOR AWS SECURITY)!

First, develop a clear picture of what you have – and don’t have – for AWS security today. The NIST Cybersecurity Framework is a good way to think this through: Identify: Do you have a clear picture of what your organization has deployed on AWS? Do you know how many AWS Accounts are active at your […]

Read More…

AWS Security

New Cloud Operating Model Fuels Adoption of Lacework Automated Security and Compliance Solution

Mountain View, Calif. – March 28, 2018 – Lacework®, the industry’s first solution to bring automation, speed and scale to cloud security, today announced a landmark year for the company, with amplified customer satisfaction, enhancements to its cloud security platform and noteworthy industry recognition. Within a two-month period, Lacework saved its customers the need to […]

Read More…

Host-Based IDS

Why Use a Host-Based IDS in AWS  

Does this image look familiar to you?  You’ve probably seen the AWS Shared Security Responsibility model over and over in conferences, tech talks, white papers, and AWS Summits, making it clear that Amazon only protects the infrastructure layer. Your data running in the application layer is your responsibility to secure. This sounds easy to implement […]

Read More…

Driving Towards Least Privilege in AWS: A Baker’s Dozen 

I have learned a lot in the past few years about running and securing public cloud infrastructure and thought I would share some areas that I believe are important. This SlideShare presentation is meant to be a self-read narrative of 13 things to think about AWS security and the move towards least privileged systems. Enjoy, […]

Read More…

Survey Highlights Top Four Trends in Cloud Security Adoption

  Lacework worked with Hurwitz and Associates to survey the market and learn about the current state of cloud security, challenges and learnings from early adopters of the cloud. The results (and Hurwitz’s expert analysis) paint a picture of an industry that’s rapidly moving beyond its initial growing pains – even if there are still […]

Read More…

AWS Misconfiguration

5 Steps to Eliminate AWS Misconfigurations and Open S3 Buckets

I’m an ardent consumer of security news. Sure, it’s part of my job, but reading these stories can still be a real eye-opener. Take, for example, the on-going news about S3 bucket misconfigurations. Cyber criminals have taken notice that buckets configured to allow “All Authorized AWS Users” would, well, allow all authorized AWS users. Not […]

Read More…

Together We Create

Bridging the Gap Between Security and DevOps, Part I

As we head into the New Year I’d like to share some trends I am noticing in the market around securing public clouds and decided to start a four-part series around it. Here in the Bay Area, we have several bridges that connect us. From the more well-known Golden Gate and Bay bridges to the lesser […]

Read More…

The Breach: You Can’t Secure What You Can’t See

As I am sure you have read in the news, an AWS account was allegedly used as a means to access and exfiltrate data. Although I am not sure we will find out the real details, it looks like a relatively straightforward breach. On the surface it appears as though there was no malware installed, […]

Read More…

Amazon Web Services

Lacework Announces New Capabilities Enabling AWS Customers to Rapidly Implement Security Best Practices and Proactively Identify S3 Buckets at Risk

Mountain View, Calif. – November 15, 2017 – Lacework™, the industry’s first solution to bring automation, speed and scale to cloud security, today announced new features that enable Amazon Web Services (AWS) customers to easily and continuously maintain an AWS cloud configuration that is compliant with proven security best practices. Lacework now automatically reports on […]

Read More…

Build the Foundation for Faster cloud compliance with cloud Visibility

2017 has been a tough year for data breaches and privacy violations. Government regulations (HIPAA for healthcare, NERC-CIP for energy, EU GDPR, etc) and industry standards (PCI) have tried to reverse this alarming trend, with more restrictive mandates and financial penalties that can no longer be classified as “the cost of doing business”. […]

Read More…

Real-World AWS Account Compromises and How Lacework Stops Them

I’m excited and proud to announce that Lacework’s Polygraph technology is now available to protect your AWS account. If you’re an AWS customer, you already know you’re on the hook to secure your own data. Under Amazon’s shared security model, you’re also responsible for the security of your AWS account. Think of it this way: […]

Read More…

Polygraphs: behavior baselining to reveal the elephant

You are probably familiar with the parable of the blind men describing an elephant. Because they experience only what they can touch, each of them has a very different concept of what the animal is. One touches the trunk and concludes it’s a snake. Another explores a leg and concludes it’s a tree. They are, […]

Read More…

Introduction to Polygraphs

In my last blog, I talked about how we developed requirements for a Cloud Workload Protection Platform (CWPP) for modern data centers. In this blog, I’m going to dive into the heart of the matter: how Lacework builds the baseline we use for everything from breach detection to incident investigations. But first, let me recap […]

Read More…

No Policies. No Rules. No Logs.

 It’s the brass ring of security professionals everywhere: spot every breach in less than one day. Can it be done? On average, how many days does it take to detect a security breach in a modern hybrid cloud environment? 205 days? 146 days? 99 days? The truth is, it doesn’t matter. Any security breach that’s not […]

Read More…