Blog

Privilege Escalation and a Proposal for Acceptable Exclusion

Privilege Escalation and a Proposal for Acceptable Exclusion

Photo by Annie Sowards on Unsplash “I’d never join a club that would allow a person like me to become a member.” — Woody Allen Social concepts about exclusivity and inclusion have changed over the last 50 years. It used to be common for social and professional clubs to aggressively seek homogeneity among their membership and exclude […]

Read More…

Lacework Supports PCI Compliance with FIM Solution

Lacework Supports PCI Compliance with FIM Solution

Photo by Samuel Zeller on Unsplash If you wanted to name a technology product category so it got beat up in the schoolyard, you might call it File Integrity Monitoring. Like a lot of products in the security space, File Integrity Monitoring (FIM) as a moniker accurately explains what the solution provides, but it’s about […]

Read More…

PCI Compliance for cloud environments: Tackle FIM and other requirements with a host-based approach

PCI Compliance for Cloud Environments: Tackle FIM and Other Requirements With a Host-Based Approach

Photo by Hannes Egler on Unsplash Compliance frameworks and security standards are necessary, but they can be a burden on IT and security teams. They provide structure, process, and management guidelines that enable businesses to serve customers and interoperate with other organizations, all according to accepted guidelines that facilitate a better experience for end users. […]

Read More…

Using Lacework, Brightcove Automates Security and Compliance Across Multiple AWS Accounts Covering Development, Testing, and Production

Lacework Selected by Brightcove for Automation of Security at Scale for Its AWS-Hosted Video Service

Mountain View, Calif. – July 18, 2018 –  Lacework®, the industry’s first solution to bring automation, speed and scale to cloud security, today announced that Brightcove Inc. (NASDAQ: BCOV) has selected Lacework to provide continuous security for its cloud-based online video platform hosted on Amazon Web Services (AWS). With Lacework, Brightcove automates security monitoring and […]

Read More…

Security Can’t Start Until Multi-Factor Authentication is Turned On

Passwords have long been a target for cybercriminals since they became necessary for switching between users on computers, validating a simple but important security layer. Passwords are typically weak enough to be susceptible to brute force attacks, or too complex to easily remember. Even password generators and password management tools like LastPass have not been […]

Read More…

Veeva

Lacework Helps Veeva Systems Automate Security and Compliance for its AWS Cloud

Mountain View, Calif. – May 17, 2018 –  Lacework®, the industry’s first solution to bring automation, speed and scale to cloud security, today announced that Veeva Systems has chosen the Lacework Cloud Security Platform to provide advanced security and compliance capabilities atop its infrastructure hosted in Amazon Web Services (AWS). Lacework enables Veeva, a leader […]

Read More…

Refocus on What Matters: Risks vs Threats

After visiting the RSA Conference (yes I walked the infamous show floor) I decided to zoom out on what I saw and think about where we are spending our time, resources, and investments as an industry. The one thing that came to me is that we certainly spend a lot of time talking about threats. […]

Read More…

Lacework Named a Gartner Cool Vendor in Cloud Security for 2018

Mountain View, Calif. – May 15, 2018 –  Lacework®, the industry’s first solution to bring automation, speed and scale to cloud security, has been named a Cool Vendor in the May 2018 report, Cool Vendors in Cloud Security,1 by Gartner, Inc. This report, authored by analysts Jay Heiser, Neil MacDonald, Lawrence Orans, and Steve Riley, examined […]

Read More…

AWS Misconfiguration

5 Steps to Eliminate AWS Misconfigurations and Open S3 Buckets

I’m an ardent consumer of security news. Sure, it’s part of my job, but reading these stories can still be a real eye-opener. Take, for example, the on-going news about S3 bucket misconfigurations. Cyber criminals have taken notice that buckets configured to allow “All Authorized AWS Users” would, well, allow all authorized AWS users. Not […]

Read More…

Build the Foundation for Faster cloud compliance with cloud Visibility

2017 has been a tough year for data breaches and privacy violations. Government regulations (HIPAA for healthcare, NERC-CIP for energy, EU GDPR, etc) and industry standards (PCI) have tried to reverse this alarming trend, with more restrictive mandates and financial penalties that can no longer be classified as “the cost of doing business”. […]

Read More…

Machine Learning Models

More Machine Learning Models != Better Results

Earlier this week, Techspective published “Three Critical Machine Learning Questions for Cybersecurity Pros.” That article highlights how ML is changing cybersecurity workflows and it’ll give you some things to consider as you evaluate alternatives. Have a look and let me know what you think! […]

Read More…