Identify and analyze anomalies in cloud and container environments
Public clouds enable enterprises to implement infrastructure-as-code and allows them to rapidly develop, test, and deploy services at scale. In this environment, network, storage and compute resources are in constant flux to adapt to business needs. While this agility and flexibility provide many business and technological benefits, the cloud is also more susceptible to new forms of threats and cyber attacks. Unfortunately, legacy security solutions are unequipped to handle these and leave organizations vulnerable.
Big Data and Anomaly Detection to Secure The Cloud
Traditional security solutions rely on signatures or rule-based approaches. The advantage of these solutions is that the rules are readily understandable. However, the drawbacks are that these rules are manually entered and catch known attack profiles. These rules do not catch new attack profiles and require constant manual maintenance. In addition, to reduce false positive rates, the rules are typically written for very well defined threat scenarios, limiting their effectiveness in actual production environments.
Lacework takes a completely different approach. Our approach is to collect high fidelity process, network, file, and user data to form a base model of normal infrastructure behavior. We then use sophisticated analytics and machine learning techniques to detect anomalies which are indicators of threats.
The Lacework system is adaptive as your environment changes. In addition, because these baselines are generated automatically (not manually created), our system can be fined tuned to reduce false positives at the same time, return high yield alerts to our customers.