Polygraph™ delivers zero-touch operations by automating three key functions: creating the initial baseline, grouping cloud entities into analysis groups, and maintaining the baseline over time.
After installation, Polygraph starts building the deep temporal baseline. The solution observes communication patterns, resource relationships, and user behaviors to establish a comprehensive picture of these entities and how they work together.
Polygraph also automatically creates “analysis groups,” which are cloud entities that share similar characteristics and communications patterns. These groupings make it easier to visualize cloud operations while dramatically reducing redundant alerts.
Once in operation, Polygraph continuously and automatically maintains the baseline and analysis groups. Polygraph also records anomalies and generates alerts to ensure all aspects of your cloud operation are monitored in real time and available for analysis after every security event.
Deeper Insights, Effective Protection
Polygraph’s deep temporal baseline provides a powerful graphical representation of six key cloud entity types or “classes”:
- Application launches
- Application communications
- Machine servers
- Machine communications
- Applications and processes
- Privilege changes
- Insider behaviors
By establishing normal patterns of behavior for each class, Polygraph creates an interlocking web of coverage that spots anomalies with unprecedented accuracy and speed – even when systems are misconfigured or inherently vulnerable.
Rogue users and compromised accounts top the list of security concerns in today’s cloud operations. Polygraph counters these threats with features that track key insider behaviors:
- Login location
- Use of other login credentials
- Privilege modifications
- User-initiated processes
Lacework’s patent-pending insider tracking technology attributes every login to the true user, even when that user executes commands or logs in to a machine using different credentials. Information about the true user and their current location is compared to their typical behavior to spot potential trouble.
Polygraph also monitors the processes launched by users as they move through the cloud. If these processes attempt to contact new hosts or exhibit other abnormal behaviors, Polygraph highlights them as potential threats.
Lacework Polygraph is built in the cloud, for the cloud. Our cloud-native approach makes it easy for IT and security professionals to integrate Polygraph into their dynamic cloud operations. Just as modern cloud delivery solutions can instantly scale to meet demand, Polygraph can grow to keep up.
Polygraph agents run in user space on cloud virtual machines and require no kernel modifications. This is welcome news for cloud engineers plagued by OS compatibility issues and new release version coordination tasks.
Lacework Polygraph is available in the AWS Marketplace for Amazon Web Services users, with a pricing model designed to be compatible with AWS services.
No Policies. No Rules. No Logs.
Most security approaches follow a well-worn path: they attempt to predict an attacker’s strategy and then establish controls based on rules and policies. Lacework Polygraph approaches security from a radically new perspective. Instead of trying to guess an attacker’s next move, Polygraph simply establishes a baseline for normal operations and then monitors for abnormal activity.
Our approach eliminates the constant rule and policy maintenance tasks that have become the bane of many security professionals daily routine. No more rule changes to eliminate false positives or accommodate new servers, IP addresses, or users.
Breach investigations are also dramatically easier with Polygraph. Until now, uncovering the story of a breach meant endless hours poring over various system logs to correlate events and establish cause and effect. With Polygraph’s intuitive visualization interface, investigators can easily tell the story of each breach in a single pane – from the user to the technique to the impact. Investigation reports become actionable playbooks for fast, definitive remediation.