Blog

Enforce Security Through Policy-as-Code

Enforce Security Through Policy-as-Code

Automation is key for so many reasons; it can help to speed up the security workflow, from alerting, to ticketing, to task assignment and remediation, it can help to combat threats in real-time and even enable you to impose policy as code. Companies that embrace the DevOps movement invest a lot in automation, and for […]

Read More…

Securing Innovation in the Public Cloud

Securing Innovation in the Public Cloud

Photo by Clayton Holmes on Unsplash I recently attended the Colorado CSA Fall Summit and wanted to share some insights and themes from the conference. The CSA summit included presentations on all things cloud security. On the technical side, there were talks on DevSecOps, cloud pen testing, AWS encryption, cryptocurrency, and container security. One of […]

Read More…

Refocus on What Matters: Risks vs Threats

After visiting the RSA Conference (yes I walked the infamous show floor) I decided to zoom out on what I saw and think about where we are spending our time, resources, and investments as an industry. The one thing that came to me is that we certainly spend a lot of time talking about threats. […]

Read More…

Host-Based IDS

Why Use a Host-Based IDS in AWS  

Does this image look familiar to you?  You’ve probably seen the AWS Shared Security Responsibility model over and over in conferences, tech talks, white papers, and AWS Summits, making it clear that Amazon only protects the infrastructure layer. Your data running in the application layer is your responsibility to secure. This sounds easy to implement […]

Read More…

Driving Towards Least Privilege in AWS: A Baker’s Dozen 

I have learned a lot in the past few years about running and securing public cloud infrastructure and thought I would share some areas that I believe are important. This SlideShare presentation is meant to be a self-read narrative of 13 things to think about AWS security and the move towards least privileged systems. Enjoy, […]

Read More…

Survey Highlights Top Four Trends in Cloud Security Adoption

  Lacework worked with Hurwitz and Associates to survey the market and learn about the current state of cloud security, challenges and learnings from early adopters of the cloud. The results (and Hurwitz’s expert analysis) paint a picture of an industry that’s rapidly moving beyond its initial growing pains – even if there are still […]

Read More…

Visibility: A Technical Chauffeur of Data, Part III

This is part 3 of 4 in a blog series on key trends in securing the public cloud. Gaining visibility into the operational data you need is often underestimated when organizations deploy to the public cloud. It’s not like you can simply deploy a layer 2 span port and see all traffic in a single […]

Read More…

Together We Create

Bridging the Gap Between Security and DevOps, Part I

As we head into the New Year I’d like to share some trends I am noticing in the market around securing public clouds and decided to start a four-part series around it. Here in the Bay Area, we have several bridges that connect us. From the more well-known Golden Gate and Bay bridges to the lesser […]

Read More…

Lacework Polygraph

No Policies. No Rules. No Logs.

 It’s the brass ring of security professionals everywhere: spot every breach in less than one day. Can it be done? On average, how many days does it take to detect a security breach in a modern hybrid cloud environment? 205 days? 146 days? 99 days? The truth is, it doesn’t matter. Any security breach that’s not […]

Read More…