Blog

Cloud Security This Week – November 30, 2018

  At the risk of sounding like an alarmist, the fact is that this week was an absolute doozy for security-watchers. Leading off with the massive breach of 500 million Starwood customer records, to evidence that NSA hacking tools are still being used for nefarious purposes, it makes one question if we’re getting any better […]

Read More…

ELF of the Month_ Linux DDoS Malware Sample

ELF of the Month: Linux DDoS Malware Sample

Each month we take a look at a malicious Executable and Linkable Format (ELF) file, the common executable file format for Unix and Unix-like Operating Systems, and share details about the sample. In this edition of ELF of the Month we take a look at a Linux DDoS sample recently uploaded to VirusTotal. This particular […]

Read More…

Next Generation Firewall is Your Grandfather’s Generation in the Cloud

I have been in security for a long time. Seeing the firewall replaced with the “Next Generation Firewall” signaled a big milestone as we went from a model that focused on IP addresses to one that targeted applications, users and content. It was a major shift that provided a lot more visibility and context on […]

Read More…

A Cybersecurity Three Pointer: How Basketball Explains Risk in the Cloud

A Cybersecurity Three Pointer: How Basketball Explains Risk in the Cloud

Photo by Erica Nilsson on Unsplash Basketball season is in full swing which means we’re in for some long range Steph Curry three pointers, savage Giannis Antetokounmpo dunks, and an endless supply of Gregg Popovich memes. Teams have to be ready for anything in the course of the season, and those most able to be […]

Read More…

Cloud Security This Week – October 19, 2018

  New from Lacework Anatomy of a Redis Exploit Insight into a honeypot experiment conducted by Lacework where we created a Redis honeypot. In our monitoring, we detected a cryptocurrency mining botnet that compromised the server by exploiting a Lua vulnerability. We explain the experiment framework and what we discovered.   Lacework Meetup: Securing Containers […]

Read More…

Anatomy of a Redis Exploit

Anatomy of a Redis Exploit

Photo by Sonja Langford on Unsplash At Lacework Labs we have been setting up honeypots as part of our ongoing research into securing public cloud infrastructure. Recently we noticed one of our Redis honeypots was compromised. We were running a stock version of Redis which allowed inbound connections. During our monitoring, a cryptocurrency mining botnet […]

Read More…

History is repeating itself with cybersecurity acquisitions. It’s NOT making organizations safer.

The New Security Stack: While old school security vendors are trying to buy their way into relevance, it’s still not making organizations any safer

Photo by Jacek Dylag on Unsplash We’ve heard it a million times: those who don’t learn from history are doomed to repeat it. Some of us take heed, while most figure we can beat history on our own terms. What we can’t beat, however is evolution. Evolution has brought us, both from a technology and […]

Read More…

Cybersecurity is Everyone’s Business, All the Time

Cybersecurity is Everyone’s Business, All the Time

Photo by Dianor S on Unsplash This week begins the Department of Homeland Security’s National Cyber Security Awareness Month which promotes awareness and best practices for how citizens should think about security and how it relates to their data, their organizations, and ultimately, our nation. Just as Smokey the Bear was created in the 1940’s […]

Read More…

Cloud Security This Week

Cloud Security This Week – September 28, 2018

  New from Lacework Cybersecurity in the News…Again…And Again A roundup of three major cybersecurity breaches. This is becoming common, and not just for people who live the world of cybersecurity. It’s a harbinger of our connected world, and one that keeps delivering headlines.   Secure Your AWS Cloud with Lacework Webcast replay that explains […]

Read More…

Lacework Achieves SOC 2 Type II Compliance

Mountain View, Calif. – September 26, 2018 –  Lacework®, the industry’s first solution to bring automation, speed and scale to cloud security, has received Service Organization Control (SOC) 2, Type II Certification, which provides independent validation that Lacework security controls comply with the American Institute of Certified Public Accountants’ applicable Trust Services Principles and Criteria. […]

Read More…

In the news - cyberattacks or the discovery of a breach of sensitive data.

I Read the News Today, Oh Boy

Photo by Flemming Fuchs on Unsplash Every morning, I begin my day with the same routine I’ve had for many years. You and I aren’t that close yet, so I won’t go into the specifics of my dawn activities, but I can safely divulge that it involves fleece, coffee, and a quick scan of the […]

Read More…

Lacework Supports PCI Compliance with FIM Solution

Lacework Supports PCI Compliance with FIM Solution

Photo by Samuel Zeller on Unsplash If you wanted to name a technology product category so it got beat up in the schoolyard, you might call it File Integrity Monitoring. Like a lot of products in the security space, File Integrity Monitoring (FIM) as a moniker accurately explains what the solution provides, but it’s about […]

Read More…

Lacework Kubernetes Meetup

Kubernetes, Pizza, and Learning From Our Community

  Yesterday was a big day for Lacework. We announced a $24 million series B round of funding which will help us continue our momentum in building the market’s most comprehensive cloud security solution. Even in today’s funding environment, that’s a significant amount, and we already have plans to invest heavily (and wisely) in product development, […]

Read More…

Using the Cloud to Secure the Cloud: Lacework and the New Era of Cloud Security

Using the Cloud to Secure the Cloud: Lacework and the New Era of Cloud Security

Today, we announced a great milestone for Lacework — the closing of a $24 million Series B round of funding from a stellar group of investors that includes Sutter Hill, Liberty Global Ventures, Spike Ventures and the Web Investment Network (WIN). This is a massive opportunity, and not just because we have capital to continue […]

Read More…

Lacework logo

Lacework Closes $24 Million Series B Financing With Sutter Hill Ventures to Expand Go-to-Market for Game-Changing Cloud Security Solution

Mountain View, Calif. – August 28, 2018 –  Lacework®, the industry’s first solution to bring automation, speed and scale to cloud security, today announced the closing of a $24 million Series B funding round led by Sutter Hill Ventures. Lacework will leverage these funds to facilitate immediate growth in global sales and marketing capabilities and […]

Read More…

PCI Compliance for cloud environments: Tackle FIM and other requirements with a host-based approach

PCI Compliance for Cloud Environments: Tackle FIM and Other Requirements With a Host-Based Approach

Photo by Hannes Egler on Unsplash Compliance frameworks and security standards are necessary, but they can be a burden on IT and security teams. They provide structure, process, and management guidelines that enable businesses to serve customers and interoperate with other organizations, all according to accepted guidelines that facilitate a better experience for end users. […]

Read More…

We just looked at 2 billion #cloud events

I Just Looked at 2 Billion Cloud Events. Here’s What I Found.

Photo by Jase Ess on Unsplash Our relationship with Lacework customers usually starts with a 30-day trial of our solution. Going in to it, they typically acknowledge lack of necessary visibility into their cloud environment. They also, however, tend to massively discount the reality of threats and risks to which they’re exposing their users and data. It’s not […]

Read More…

Using Lacework, Brightcove Automates Security and Compliance Across Multiple AWS Accounts Covering Development, Testing, and Production

Lacework Selected by Brightcove for Automation of Security at Scale for Its AWS-Hosted Video Service

Mountain View, Calif. – July 18, 2018 –  Lacework®, the industry’s first solution to bring automation, speed and scale to cloud security, today announced that Brightcove Inc. (NASDAQ: BCOV) has selected Lacework to provide continuous security for its cloud-based online video platform hosted on Amazon Web Services (AWS). With Lacework, Brightcove automates security monitoring and […]

Read More…

Security Can’t Start Until Multi-Factor Authentication is Turned On

Passwords have long been a target for cybercriminals since they became necessary for switching between users on computers, validating a simple but important security layer. Passwords are typically weak enough to be susceptible to brute force attacks, or too complex to easily remember. Even password generators and password management tools like LastPass have not been […]

Read More…

How Ronaldo’s Hair Explains Cybersecurity

Security tools abound that promise to protect you from the looming threat of hackers everywhere. Many of them look great, but their value is dubious. They might perform some specific task like packet inspection at the perimeter or bot detection, but aren’t actually doing the complex work required to inspect the millions (and in some […]

Read More…

Timing Security Market Transitions

Timing Security Market Transitions

On the heals of the ZScaler IPO, the Phantom Cyber, and Evident.IO acquisitions, and the DUO unicorn round, I thought I would share some of my personal thoughts around market transitions in security. And, in particular how it pertains to cloud. Note: This is not a piece about why security startups fail. And, although missing a […]

Read More…

Veeva

Lacework Helps Veeva Systems Automate Security and Compliance for its AWS Cloud

Mountain View, Calif. – May 17, 2018 –  Lacework®, the industry’s first solution to bring automation, speed and scale to cloud security, today announced that Veeva Systems has chosen the Lacework Cloud Security Platform to provide advanced security and compliance capabilities atop its infrastructure hosted in Amazon Web Services (AWS). Lacework enables Veeva, a leader […]

Read More…

Refocus on What Matters: Risks vs Threats

After visiting the RSA Conference (yes I walked the infamous show floor) I decided to zoom out on what I saw and think about where we are spending our time, resources, and investments as an industry. The one thing that came to me is that we certainly spend a lot of time talking about threats. […]

Read More…

Lacework Named a Gartner Cool Vendor in Cloud Security for 2018

Mountain View, Calif. – May 15, 2018 –  Lacework®, the industry’s first solution to bring automation, speed and scale to cloud security, has been named a Cool Vendor in the May 2018 report, Cool Vendors in Cloud Security,1 by Gartner, Inc. This report, authored by analysts Jay Heiser, Neil MacDonald, Lawrence Orans, and Steve Riley, examined […]

Read More…

Containers in the Cloud: From Top Hazards to First-Class Cloud Security Citizen

Originally published in TechSpective on April 24, 2018. Microservices have been touted as a revolutionary way of building applications in the cloud which in turn is fueling the demand for containers. This symbiotic relationship between application portability and containers for delivering a single function makes for an ideal platform. At scale, this distribution of discrete jobs, when […]

Read More…

Avoiding Holes in Your AWS Buckets

Originally published in InfoSec Island on April 12, 2018.  Enterprises are moving to the cloud at a breathtaking pace, and they’re taking valuable data with them. Hackers are right behind them, hot on the trail of as much data as they can steal. The cloud upends traditional notions of networks and hosts, and it topples […]

Read More…

AWS Security

New Cloud Operating Model Fuels Adoption of Lacework Automated Security and Compliance Solution

Mountain View, Calif. – March 28, 2018 – Lacework®, the industry’s first solution to bring automation, speed and scale to cloud security, today announced a landmark year for the company, with amplified customer satisfaction, enhancements to its cloud security platform and noteworthy industry recognition. Within a two-month period, Lacework saved its customers the need to […]

Read More…

Lacework logo

David Hatfield Joins Lacework’s Board of Directors

Mountain View, Calif. – March 28, 2018 – Lacework®, the industry’s first solution to bring automation, speed and scale to cloud security, today announced the appointment of David Hatfield to join its board of directors. Hatfield is currently President at Pure Storage and has more than 25 years of experience building high performance teams at […]

Read More…

Survey Highlights Top Four Trends in Cloud Security Adoption

  Lacework worked with Hurwitz and Associates to survey the market and learn about the current state of cloud security, challenges and learnings from early adopters of the cloud. The results (and Hurwitz’s expert analysis) paint a picture of an industry that’s rapidly moving beyond its initial growing pains – even if there are still […]

Read More…

Together We Create

Bridging the Gap Between Security and DevOps, Part I

As we head into the New Year I’d like to share some trends I am noticing in the market around securing public clouds and decided to start a four-part series around it. Here in the Bay Area, we have several bridges that connect us. From the more well-known Golden Gate and Bay bridges to the lesser […]

Read More…

The Breach: You Can’t Secure What You Can’t See

As I am sure you have read in the news, an AWS account was allegedly used as a means to access and exfiltrate data. Although I am not sure we will find out the real details, it looks like a relatively straightforward breach. On the surface it appears as though there was no malware installed, […]

Read More…

Lacework logo

Lacework Names Stefan Dyckerhoff Chief Executive Officer

Mountain View, Calif. – November 7, 2017 – Lacework™, the industry’s first solution to bring automation, speed and scale to cloud security, today announced the appointment of Stefan Dyckerhoff to the role of Chief Executive Officer (CEO). As CEO, Dyckerhoff is responsible for the future direction of the organization and leading the company’s overall operations, […]

Read More…

File Integrity Monitoring

Lacework Adds File Integrity Monitoring to its Cloud Security Platform

Mountain View, Calif. – October 31, 2017 – Lacework™, the industry’s first solution to bring automation, speed and scale to cloud security, has added File Integrity Monitoring (FIM) to its platform, enabling FIM to be more than a compliance checkmark and making it an integral part of the threat detection process. FIM’s file integrity signals […]

Read More…

Windows Server logo

Lacework Expands Cloud Security Footprint with Support for Microsoft Windows Server

Mountain View, Calif. – September 27, 2017 – Lacework™, one of the industry’s first zero-touch cloud security solutions, today announced that the company has expanded its security footprint with support for Microsoft Windows Server. By bringing its zero-touch cloud security solution to Microsoft Windows Server, Lacework’s support for multi-cloud strategy now spans both Windows Server […]

Read More…

Machine Learning Models

More Machine Learning Models != Better Results

Earlier this week, Techspective published “Three Critical Machine Learning Questions for Cybersecurity Pros.” That article highlights how ML is changing cybersecurity workflows and it’ll give you some things to consider as you evaluate alternatives. Have a look and let me know what you think! […]

Read More…

Real-World AWS Account Compromises and How Lacework Stops Them

I’m excited and proud to announce that Lacework’s Polygraph technology is now available to protect your AWS account. If you’re an AWS customer, you already know you’re on the hook to secure your own data. Under Amazon’s shared security model, you’re also responsible for the security of your AWS account. Think of it this way: […]

Read More…

Amazon Web Services

Lacework Brings Zero-Touch Anomaly Detection to AWS Accounts

Mountain View, Calif. – August 14, 2017 – Lacework™, the industry’s first zero-touch cloud security solution, today announced that Lacework Polygraph is now integrated with Amazon Web Services (AWS) CloudTrail, extending the company’s zero-touch security approach to protect AWS accounts. Using Lacework for AWS CloudTrail, cloud teams can make sense of CloudTrail data, deepen visibility […]

Read More…