Visibility and Analysis for Cloud and Container Workloads
Lacework’s workload security provides visibility to all processes and applications within an organization’s cloud and container environments. The breadth and depth of visibility helps detect vulnerabilities, and then uses Lacework’s machine learning analysis to identify anomalous behavior that poses threats.
Traditional security solutions rely on network logs and the firewall rules to identify potential risks, but those approaches required a manual effort, and could not keep pace with the speed of modern cloud deployment methodologies. Lacework was built specifically to deliver contextual data about cloud events; every update, configuration change, access point, and a million other activities that might represent potential threats. We track all machine/process communications , the users associated with those processes, and the amount of data that was transferred between processes during a given time. This deep level of detail allows teams to save time on their investigations because all the relevant information are on one platform.
Automated Workload Intrusion Detection
Lacework’s workload protection is fully automated, no rule writing required. Using sophisticated machine learning, Lacework learns what constitutes normal behavior versus those that indicate potentially malicious activity. Examples of such anomalous activities are when a user launches a new unknown application, when an application connects to a suspicious endpoint, or when privileges are unexpectedly escalated. When Lacework identifies a potential threat, a contextual alert is generated with relevant data to allow users to investigate and triage the issue.
Lacework’s automated approach provides the following benefits:
- No Missed Events: Lacework will always alert you on new activity, so that you are given a chance to investigate any behavior within your environment that could potentially be malicious.
- Low Alert Noise: Lacework will only alert you on what is new or anomalous, preventing alert fatigue within your organization.
- Simple Operations & Maintenance: Automated workload detection means no writing and maintaining error prone rules. With Lacework you will not need to constantly maintain rules, allowing you to focus on securing your environment.