Visibility into all processes and applications within your cloud and container environments from a single, unified view.
Workload and Account Security for Multicloud and Container Environments
The public cloud enables enterprises to automatically scale workloads, deploy faster, and build freely. This supports their speed and scale needs, but it has made it increasingly difficult to make sense of the activity happening within their environments.Lacework’s lightweight agent provides visibility to all processes and applications within an organization’s cloud and container environments. The breadth and depth of visibility helps detect vulnerabilities, and then uses Lacework’s machine learning analysis to identify anomalous behavior that poses threats.
Learn More
The Journey to the Cloud
Lacework is the only complete cloud security platform designed to effectively accelerate and secure your journey to the cloud.
Security and Compliance for the Cloud
Configuration Compliance
Runtime
Threat
Defense
Lacework Host-based IDS (HIDS) automatically identifies intrusions and raises the alarm so you can stay a step ahead of attackers. We give you the visibility and context you need to resolve intrusion events before they turn into damaging breaches. Delivered as a service, Lacework can be deployed at scale in minutes.
The security of your workloads depends on how well your host-based intrusion detection system identifies insider attacks that otherwise wouldn’t be caught inside network traffic, and how well you can investigate an infected host or application based on the data available.
Organizations need to strengthen their cloud security with an anomaly-based host intrusion detection system that operates at the host-level. Lacework collects data at the host-level, empowering security teams to accurately and effectively detect insider attacks that otherwise would not be identified in network traffic.
Instead of just relying on the same signatures and rules that hackers are very aware of, Lacework’s host-based intrusion detection system (HIDS) to identify any activity happening across all cloud workloads and accounts. Our host-based intrusion detection overcomes the limitations of network intrusion detection systems that are traditionally used in enterprise data centers and non-cloud-based infrastructures. These legacy approaches focused on ingress and egress traffic on an enterprise’s network. In order to address the constantly changing nature of cloud and containerized environments, and far more comprehensive solution is required. A streamlined investigation process with context at your fingertips will help you quickly understand what happened to an infected host or application based on the data that has been collected.
Host-based intrusion detection overcomes the limitations of network intrusion detection systems.
Anomaly-Based Host Intrusion Detection System (HIDS)
Anomaly
Detection
Kubernetes Security
File
Integrity
Monitoring
Host-based
Intrusion
Detection
Account
Security
Account
Security
Configuration Compliance
Anomaly
Detection
Kubernetes Security
File
Integrity
Monitoring
Runtime
Threat
Defense
Host-based
Intrusion
Detection
Anomaly Intrusion Detection and Security at the Host Layer
Visualize interactions and communications between cloud entities
Review incidents at any level of detail
Integrate information from third-party threat databases
Quickly find related events anywhere they occur across your cloud
Get Actionable, Easy to Navigate Information About Every Incident
Capture data continuously and automatically
Record available telemetry from every cloud process
Support compliance efforts with comprehensive metrics
Integrate Lacework data with technology partners like DataDog, New Relic,
and Snowflake
Take Advantage of Comprehensive Data Collection
Gain visibility and context into activities and events which are organized into behaviors
Minimize alert noise while improving fidelity with aggregation, risk scoring, and customization
Quickly investigate alerts within a few clicks with relevant links and additional context
Receive Accurate Alerts with Rich Context
To provide comprehensive security for active threats and vulnerabilities caused by misconfigurations and other infrastructure changes, Lacework uses runtime defense to identify, analyze, and alert on anomalous behavior for applications, virtual resources, hosts, and all user activity.
Identify vulnerabilities across your containers and workloads prior to deployment with a host-based configuration and compliance solution.
Buildtime Threat Defense for Cloud Containers & Workloads
Lacework’s foundation is Polygraph, a deep temporal baseline, which we present to users as a set of behavioral maps or “Polygraphs.” With the complexity and volume of a modern data center, Polygraph employs a baseline, zero-touch approach without leaving any blank spaces where attackers can hide.
The Power of Polygraph
The modern cloud infrastructure allows organizations to deploy, scale, and configure their infrastructure faster than ever. The ability to automate and operate at DevOps speed poses a challenge to traditional security approaches. Lacework’s approach to runtime threat defense is to automate the detection of threats and anomalies and provide human-understandable investigative insights. Lacework supports threat defense for public clouds AWS, GCP, Azure, and supports computer hosts and containers.
Cloud Security at Scale & at the Speed of Business
Lacework’s approach uses automation and unsupervised machine learning. Security teams are able to deploy the Lacework agent across multiple cloud platforms, within application orchestration environments like Docker and Kubernetes, and even in hybrid workloads. As a SaaS service, organizations are able to review historical event data across their infrastructure to understand where vulnerabilities are present and address areas of risk.
In a rapidly changing deployment environment, traditional security rules are stale as soon as they are deployed and new attacks are missed because they require someone to write the appropriate rule. Lacework’s automated approach provides the following benefits:
No Missed Events: Lacework will always alert you on new activity so that you are given a chance to investigate any behavior within your environment that could potentially be malicious.
Low Alert Noise: Lacework will only alert you on what is new or anomalous, preventing alert fatigue within your organization.
Simple Operations & Maintenance: Automated workload detection means no writing and maintaining error-prone rules. With Lacework you will not need to constantly maintain rules, allowing you to focus on securing your environment.
Identifying Risks at Buildtime to Address Security Early in the SDLC
Lacework provides buildtime insight that empowers development teams and helps identify vulnerabilities across the entire scope of their cloud and containerized environments. This includes identifying security and compliance issues with serverless resources, applications, networks, file systems, APIs, processes, and other elements that could increase the threat vector of an organization’s infrastructure. With an emphasis on events happening at runtime, organizations can identify issues before they spread within their cloud or container environment.
Visibility and Analysis for Cloud and Container Workloads
Automated configuration, file discovery, and operations.
Scalable architecture with no added complexity or performance penalties.
Included with all Lacework Cloud Security agents.
Cloud Scale and Speed
Pinpoint exactly how a file changed: content, metadata, and whether the file was modified or simply appended.
Extended information on executables, such as files created without a package installation, command lines used at launch, currently running processes (with users and network activity), and suspect versions.
Expanded file intelligence with integrated threat feeds from ReversingLabs’ library of 5 billion files.
One-click investigation of events and activities related to FIM signals.
Cloud-wide capabilities for search, file type summaries, and detection of new files.
Integrated & Comprehensive File Integrity Monitoring
The Lacework file integrity monitoring agent automates the process of collecting and recording files. Our agent records new files as they are added — including the hashes of the files as they change — displaying the old and new for easy comparison.
Our agent streams data back to the cloud platform to ensure that the information is reliably collected and stored.
Once collected, the checksum is compared against curated threat databases to ensure that no known malicious files exist within the monitored environment.
If a known malicious file is found within the environment, Lacework triggers a critical alert where you can investigate quickly to determine what systems the file exists in, as well as any additional research on the file linking back to the VirusTotal database for threat summary.
This expedites the process of identifying files as well as the research needed to understand the impact of the malicious file.
Automation Nation with File Detection
File tampering is a critical indicator of compromise in your cloud environment. File Integrity Monitoring (FIM) is a critical requirement for an effective compliance mandate and Lacework recognizes that FIM is more than a compliance checklist item.
Designed for high-velocity cloud implementations, Lacework’s FIM solution automates the setup and eliminates the need for operations-intensive rule development and management. Our innovative baselining technology keeps-up with cloud changes while dramatically reducing false positives, so your security teams can focus on the file integrity monitoring changes that really matter.
Our file integrity monitoring solution also identifies malicious files and other anomalies within your clouds and container environments, the actors involved, and contextual alerts that empower your teams with actionable intelligence.
Collect, Identify and Report on File Changes
Designed for high-velocity cloud implementations, Lacework’s FIM solution automates the setup and eliminates labor-intensive rule development, ACL specification, and configuration. With our innovative baselining technology, Lacework keeps up with cloud changes while dramatically reducing false positives so security teams can focus on the FIM events that really matter.
Automate setup and eliminate the need for operations-intensive ruledevelopment and management in high-velocity cloud implementations.
GAME-CHANGING FILE AND INTEGRITY MONITORING
With Lacework, IT security teams can pinpoint exactly how files change down to the content, metadata, and whether the file was modified or simply appended.
We add intelligence that extends to:
Information on executables, such as files created without a package installation, command lines used at launch, currently running processes (with users and network activity), and suspect versions.
One-click investigation of events and activities related to FIM signals.
Cloud-wide capabilities for search, file type summaries, and detection of new files.
Scalable architecture with no added complexity or performance penalties
File Security Meets Scale and Compliance
Backed by the power of Lacework’s Polygraph technology, this security solution for Kubernetes includes detection of both risks and threats that may be specifically designed to breach a vulnerability within Kubernetes, a possible miss-configuration, or a threat that can affect your infrastructure by installing malicious code onto one of your containers. The Lacework Polygraph is designed to detect both known and unknown threats that affect Kubernetes environments through the detection of IOC’s and Lacework’s behavioral analysis and machine learning classification.
Risks and threats are visible within the Lacework dashboard, are ranked by risk severity, and can be delivered through the most common modern methods such as a Slack channel or a Jira ticket.
Threat Detection for Kubernetes
Lacework provides deep visibility into your Kubernetes deployment. This includes high-level dashboards of your clusters, pods, nodes, and namespaces combined with application-level communication between all of these at the application, process, and network layer.
Application Visibility
The rapid adoption of Kubernetes for application and infrastructure orchestration is leading to an increase in the risk associated with data exposure and vulnerabilities throughout the application lifecycle. Without proper detection of threats, organizations could be opening the doors to unauthorized access to Kubernetes clusters, applications, and customer data.
Lacework provides deep visibility into your Kubernetes deployment. This includes high-level dashboards of your clusters, pods, nodes and namespaces combined with application-level communication between all of these at the application, process and network layer.
Backed by the power of Lacework’s Polygraph technology, this security solution for Kubernetes includes detection of both risks and threats that may be specifically designed to breach a vulnerability within Kubernetes, a possible misconfiguration or a threat that can affect your infrastructure by installing malicious code onto one of your containers.
The Lacework Polygraph is designed to detect both known and unknown threats that affect Kubernetes environments using behavioral analysis and machine learning.
Containers at Risk: A Review of 21,000 Cloud Environments.
Lacework + Kubernetes Equals Security
As the use of containers continues to rise in popularity within test and production environments, managing and orchestrating them becomes a bigger challenge. Despite that fact, Kubernetes (K8s) is a market leader in orchestrating cloud-native environments, it’s not as good at security as it is at orchestration.
Lacework’s Kubernetes security solution provides comprehensive threat detection for dashboards, pods, management nodes, and clusters, in addition to end-to-end security for their public cloud infrastructure workloads, accounts, and containers. Our Kubernetes security platform identifies the risks and threats for Kubernetes-deployed infrastructures, including publicly exposed and unsecured API servers and management consoles.
Application Visibility, Threat Detection, and Forensics: All the Security Your Kubernetes Needs
Lacework provides deep visibility into your Kubernetes deployment. This includes high-level dashboards of your clusters, pods, nodes, and namespaces combined with application-level communication between all of these at the application, process, and network layer.
Get comprehensive threat detection for your Kubernetes dashboards, pods, management nodes, and clusters
KUBERNETES SECURITY SOLUTIONS
Whether you are triaging an alert or digging into deep details around the cause and effect of a change, Lacework’s security platform for Kubernetes has all the information. Our SaaS service allows you to go back in time and look at all related events across your Kubernetes infrastructure that may have caused a breach or exposed you to an unknown risk.
Detailed information about your containers, your applications, and your infrastructure are all available and include information related to Kubernetes such as; pods, nodes, labels, namespaces, and all network information. All this information is available both within the UI and from our API.
Lastly, Lacework’s Kubernetes security solution creates hourly Polygraphs which can demonstrate the change of relationships and events over time. This is a critical tool for understanding and triaging your events.
Forensics for Kubernetes
Automated configuration, file discovery, and operations.
Scalable architecture with no added complexity or performance penalties.
Anomaly detection included with all Lacework Cloud Security agents.
Use Cloud-Scale & Speed to See More
Pinpoint exactly how a file changed: content, metadata, and whether the file was modified or simply appended.
Extended information on executables, such as files created without a package installation, command lines used at launch, currently running processes (with users and network activity), and suspect versions.
Expanded file intelligence with integrated threat feeds from ReversingLabs’ library of 5 billion files.
One-click investigation of anomalous events and activities related to FIM signals.
Cloud-wide capabilities for search, file type summaries, and detection of new files
Get Integrated & Comprehensive Anomaly Detection
Polygraph, our security foundation, and deep temporal baseline, is built from collecting machine, process, and user interactions. It detects anomalies, generates appropriate alerts, and provides a tool for users to investigate and triage issues.
This Polygraph technology dynamically develops a behavioral model of your services and infrastructure. Our model understands natural hierarchies including processes, containers, pods, and machines. It then develops behavioral models that Polygraph monitors in search of activities that fall outside the model’s parameters.
In addition, the Polygraph continually updates its models in order to:
Pinpoint exactly how a file changes.
Investigate anomalous events and activities related to FIM signals.
Provide cloud-wide capabilities for search, file type summaries, and detection of new files.
Use Lacework’s Polygraph to Bolster Security
Traditional security solutions rely on signatures, or rule-based approaches, where rules are readily understandable – but the drawbacks are that these rules are manually entered and do not catch new attack profiles. To reduce false-positive rates, the rules are often written for very well-defined threat scenarios, limiting their effectiveness in production environments.
Lacework takes a completely different approach to anomaly detection. We collect high fidelity process, network, file, and user data to form a base model of normal infrastructure behavior. We then use sophisticated analytics and machine learning techniques to detect anomalies that may indicate threats. Our anomaly detection system is as adaptive as your environment is dynamic. In addition, because these baselines are generated automatically, we fine-tuned our solution to reduce false positives.
Employ Big Data to Do Security
Public clouds enable enterprises to implement infrastructure-as-code and allows them to rapidly develop, test, and deploy services at scale. In this environment, network resources are in constant flux, providing ample opportunities for attackers. Unfortunately, legacy security solutions are ill-equipped to handle these and leave organizations vulnerable. IT security teams need solutions that leverage anomaly detection to safeguard cloud data.
Identify and Analyze Anomalies in Cloud and Container Environments
Lacework provides comprehensive, real-time anomaly detection for all modern cloud and container environments. It uses machine learning to identify and analyze behavioral deviations from normalized behaviors in cloud and container infrastructures that result from vulnerabilities.
Focus on user and application behavior and how it changes over time.
Protect log and configuration files against tampering.
Daily re-check of all monitored files.
Pre-defined directory maps monitor critical files and directories.
Easily configurable; users can add directories to the watch list.
Detect and resolve anomalous changes in behavior across your workloads, containers, and IaaS accounts that represent a security risk or an IOC with Lacework’s comprehensive anomaly detection system for enterprise DevOps teams.
Meet Your Compliance Mandates
Lacework checks across the industry-accepted CIS Benchmark for secure configurations for cloud accounts and workloads. Additionally, Lacework includes supplemental checks for common compliance frameworks like PCI-DSS, SOC 2, HIPAA, and others. Using Lacework, compliance and security teams have continuous analysis and historical reporting available so they can understand what is being checked, where problems exist, an analysis of the problem, and the steps needed to remediate the misconfiguration. The product supplies links directly to the resources in question to reduce the time to remediate. The Lacework configuration compliance solution is built to detect behavioral anomalies, so even if configurations meet required standards, unauthorized use or abnormal activity is detected and alerted on. This ensures that organizations are aware of issues that might go undetected by solutions that only identify non-conforming compliance rules.
Lacework delivers deep visibility for configurations across all of an enterprise’s cloud accounts and workloads so organizations can ensure compliance with industry, governmental, and institutional standards. Operating on multiple cloud platforms can increase the threat vector of the overall infrastructure and add complexity to an already challenging task. Lacework operates as a comprehensive, centralized solution to identify, analyze, and alert on configuration issues.
Configuration Compliance Management
Detection and alerting of activity on all cloud platform resources, such as new activity in a region, activation of new services, or changes to access control lists.
Changes to users, roles, or access policies.
Access or customer master key tampering.
Reduce alert fatigue with customizable alerts and reports that eliminate repetitive or irrelevant results.
Ongoing Monitoring of Activity
Daily re-audit to maintain compliance and protection.
Monitor account activity for abnormal activity, even when that activity is technical authorized.
Receive customizable alerts when items change from compliant to
non-compliant.
Track Configuration Changes Continuously
Find Identity and Access Management (IAM) vulnerabilities, including root account, password requirements, and usage of MFA.
Check for logging best practices enable log files across regions, and enable that log files are validated and encrypted.
Monitor critical account activity such as unauthorized API calls and use of the management console for unauthorized purposes.
Confirm secure network configurations, including limiting access to vulnerable ports, enforcing “least access” privileges, and checking for the use of flow logging.
Identify Configuration Issues
Complexity is an enemy of security; a unified view is essential to simplify the complexity of having multiple configurations. Lacework does this across AWS, GCP, and Azure by bringing multiple clouds into one portal. This means no logging into different disparate tools to evaluate your stance. It is a single pane of glass to audit all of your cloud platform configurations. As configurations change, Lacework will monitor and alert any time a configuration goes out of compliance. This ensures that security and compliance teams immediately become aware of issues so they can be fixed before data and cloud resources are compromised.
Lacework delivers deep visibility for configurations across all of an enterprise’s cloud accounts and workloads so organizations can ensure compliance with industry, governmental, and institutional standards. Operating on multiple cloud platforms can increase the threat vector of the overall infrastructure and add complexity to an already challenging task. Lacework operates as a comprehensive, centralized solution to identify, analyze, and alert on configuration issues.
Visibility and Analysis for Compliance in Multicloud Environments
Operating on multiple cloud platforms can increase the threat vector of the overall infrastructure and add complexity to an already challenging task. Lacework delivers deep visibility for configurations across all of an enterprise’s cloud accounts and workloads so organizations can ensure compliance with industry, governmental, and institutional standards.
Audit all of your cloud platform configurations and activity in one place.
CLOUD CONFIGURATION COMPLIANCE FOR MULTICLOUD ENVIRONMENTS
Lacework’s foundation is Polygraph, a deep temporal baseline built from collecting high fidelity machine/process/users interactions over a period of time. The Polygraph is used to detect anomalies, generate appropriate alerts, and provide a tool for users to investigate and triage issues.
Fundamentally, Lacework’s Polygraph technology dynamically develops a behavioral and communication model of your services and infrastructure. The model understands natural hierarchies (processes, containers, pods, machines, etc.) and aggregates them to develop behavioral models. A behavioral model is, in some sense, the essence of how a customer’s infrastructure operates. With this model, Polygraph monitors your infrastructure for activities that fall outside the model. In addition, the Polygraph continually updates its models as your data center behavior changes.
Spot IaaS account configurations that violate compliance & security best practices the could put your company at risk with Lacework’s comprehensive configuration compliance monitoring tools for enterprise DevOps teams.
The Power of Polygraph for Configuration Compliance
Find Identity and Access Management (IAM) vulnerabilities, including root account, password requirements, and usage of MFA.
Check for logging best practices enable log files across regions, and enable that log files are validated and encrypted.
Monitor critical account activity such as unauthorized API calls and use of the management console for unauthorized purposes.
Confirm secure network configurations, including limiting access to vulnerable ports, enforcing “least access” privileges, and checking for the use of flow logging.
Track Configuration Continuously
Daily re-audit to maintain compliance and protection.
Monitor account activity for abnormal activity, even when that activity is technical authorized.
Receive customizable alerts when items change from compliant to non-compliant.
Identify Configuration Issues
Detection and alerting of activity on all cloud platform resources, such as new activity in a region, activation of new services, or changes to access control lists.
Changes to cloud account users, roles, or access policies.
Access or customer master key tampering.
Reduce alert fatigue with customizable alerts and reports that eliminate repetitive or irrelevant results.
Ongoing Monitoring of Activity
Lacework provides comprehensive cloud account security for AWS, Azure, and GCP accounts that provides insights about configuration changes that could lead to threats. At the console level of a cloud environment, an organization can inadvertently apply misconfigurations that could leak data or open up an easy attack surface to a hacker. With continuous updates and broad administrative access happening within cloud environments, account changes are normal. Yet, with increased activity comes increased vulnerability.
Through API integration between accounts, Lacework looks at all of the security-relevant configurations and identifies where the organization is passing or failing certain account security best practices for these particular configurations. These checks are run continuously, and security teams receive automated alerts about any configuration changes that violate security compliance.
Visibility and Detection of Misconfigurations and Account Vulnerabilities
In multicloud environments, it’s critical to monitor the activities of each account. Lacework helps organizations understand who is using what, to learn what API calls are made to various cloud resources, and identify irregularities that might indicate account risk.
Comprehensive cloud account security for AWS, Azure, and GCP accounts
ACCOUNT SECURITY SOLUTIONS FOR CLOUD CONTAINERS & MULTICLOUD ENVIRONMENTS
ANOMALY DETECTION AND BEHAVIORAL ANALYTICS
Watch Lacework in Action.
Complete the form to watch the 4 minute demo.