The COVID-19 pandemic forced a global reset for most organizations in regards to shifting their operations over to a fully remote-working culture. This new wave of change resulted in the rapid adoption of software as a service (SaaS) applications that surpassed all industry predictions and led to a drastic increase in the consumption of cloud services.
“Organizations witnessed their cloud activity volume double overnight. But the most fascinating thing, despite the spike in the volume for our clients, is that their security alert volume remained low,” said Dan Hubbard, CEO of Lacework, a provider of security for today’s cloud generation. “Having an engine that is intelligent enough to tell the differences between normal consumption changes, risky changes and actual threats is essential to operating securely when the unexpected happens. Because scaling that manually just isn’t possible.”
Lacework was built to recognize and understand cloud changes at scale without requiring manual interventions by cybersecurity teams. It’s designed to preempt ransomware and any other security threats. At the same time, Lacework’s solutions are created to give customers the visibility, context and telemetry needed to assess cloud security postures quickly, prove compliance, secure cloud workloads and investigate anomalous activity or answer an auditor’s question, all in one place.
Polygraph: Built for Observability
During its initial days, Lacework recognized cloud security as a data problem and architected its solutions accordingly. Its platform is crafted a bit differently from that of its industry peers and is tailored to each unique environment by leveraging the power of machine learning.
“Building on cloud is the biggest shift the IT industry has ever witnessed. Constant cloud changes require a new approach to security that is critical for our customers to adapt and scale as fast as cloud innovation,” says Hubbard.
Lacework’s renowned offering for cloud security is based on behavior anomaly and rogue API detection. Polygraph is Lacework’s patented, machine learning-based efficacy engine that can capture, organize and monitor security data. Lacework’s foundation is based on this flagship offering that has played a predominant role in their customers’ business. “To build on a cloud environment, clients need to know the difference between normal and threatening changes, and Polygraph, our one-of-a-kind technology, is designed to observe and understand all of those changes over time,” says Hubbard. “The engine helps reduce false alarms, improves detection and self-tunes to monitor compliance effectively.”
“What sets us apart from other cloud security providers is that our platform helps customers consolidate up to four other tools from their current environment. Further, they can receive close to 98% fewer false positives and achieve a nearly 90% reduction in event investigation and research time,” said Hubbard.
The Lacework platform also enables customers to curb security costs while increasing visibility across their cloud and container environments. “As we work with businesses, we are aware that their security teams are responsible for defining functions that different users have in an ever- changing cloud environment. Lacework’s behavior analytics-based platform helps these teams understand and predict those needs,” said Hubbard.
The behavior analytics-based solution is useful in monitoring changes and deviations in containers, workloads and clouds to provide high-fidelity alerts with context when something significant occurs. This enables security professionals, analysts and investigators to quickly detect the users, machines and applications involved in a particular incident or account. The alerts will also help expose entities and their actions involved in incidents. The alert and risk scores related to specific incidents, as well as Polygraph views come in handy for personnel managing their overall cloud security.
In a nutshell, Lackwork’s cloud observability is the factor that helps our customers connect the dots in order to get actionable insights on their cloud data.Dan Hubbard, CEO of Lacework
Rogue API Detection for Complex Environments
“In addition to detecting the early indicators of compromise that lead to ransomware, Lacework helps recognize rogue API behavior that can cause resource throttling by a CSP, impacting performance and reliability,” says Hubbard.
For example, the Lacework team was preparing a readout of a solution for a client within a complex environment packed with a number of preexisting security tools. Upon deploying Lacework’s security solution, it was easy to see that some of the other tools and applications within that environment were sending excess API calls. This resulted in a high volume of unnecessary cloud traffic which was causing availability problems and risking service outages.
The deep visibility into application behavior provided by Lacework was something that the client hadn’t before experienced. As a result, it gave them insights on how best to modify their systems quickly to eliminate many recurring problems in their environment.
“In a nutshell, Lacework’s cloud observability is the factor that helps our customers connect the dots in order to get actionable insights on their cloud data,” said Hubbard.
A Single Glass Pane for Audit and Compliance
Lacework’s platform also renders a unified view across AWS, GCP and Azure configurations by bringing them into one portal. For the users, this would mean no more logging into disparate tools to evaluate their stance. It becomes a single pane of glass used to audit all cloud platform configurations, and as these configurations change, Lacework can send alerts for compliance. This helps proactively alert the security and compliance teams to resolve issues before any data and cloud resources are compromised.
Additionally, Lacework delivers deep visibility for configurations across our customers’ enterprise cloud accounts and workloads to make sure they comply with all relevant industry, government and institution standards.
“Operating on multiple cloud platforms can increase the threat vector of the overall infrastructure and add complexity to a preexisting challenge. Lacework operates as a comprehensive, centralized solution to identify, analyze and alert on configuration issues,” Hubbard said. “That is why Lacework functions on the philosophy of empowering customers to meet their business goals.”
Another good example where Lacework can help is in the critical field of healthcare, which is coming under increasing attacks in the form of ransomware and other threats. “In healthcare, cloud computing is an IT infrastructure standard right from clinical data sharing and consumer-facing patient portals all the way to the backend mobile application development platforms,” says Hubbard. “This shift echoes the development of electronic health records and big data analytics activities, which multi-cloud strategies make possible throughout the entire health IT infrastructure.”
But as cloud technology’s role becomes even more prominent in the healthcare space, decision-makers need to better understand compliance and security in order to implement their infrastructure. This requires knowing the potential of cloud security to ensure patient security as well as HIPAA and HITECH compliance. The value of healthcare data and the need for 100% uptime from medical devices make the healthcare vertical especially attractive to potential attackers pushing denial of service type attacks like ransomware. Lacework Polygraph can identify the earliest indicators of those attacks for customers, providing context and enabling them to take quick action before their organization or their critical data is compromised.
The Road Ahead
Recently, Lacework announced that it closed a $525 million funding round valuing the company at over $1 billion. The company is expanding its operations as well as its engineering and R&D teams across the U.S. and Europe. This funding will accelerate those efforts.
Lacework is also expanding into adjacent new spaces while keeping its focus on enabling customers to innovate in the cloud with safety and speed. The new investments will allow Lacework to deliver additional integration into the DevOps toolsets and into the security data lake initiatives for Snowflake customers.