Lacework Blog

  • Home
  • Lacework Blog

Going to RSA? Here’s your pre-show checklist (for AWS Security)!

RSA is just around the corner. If you’re one of the thousands of security professionals attending this year, I’ve created a handy AWS-centric checklist that’ll help you make the most of your time. 

Read More

What are the new attack vectors in AWS?

By 2021, Cisco expects 94 percent of workloads and compute instances to be processed by cloud data centers. Attackers are already starting to focus and targeting cloud accounts, moving away from traditional data centers.

Read More

Why Use a Host-Based IDS in AWS  

Does this image look familiar to you? 

You've probably seen the AWS Shared Security Responsibility model over and over in conferences, tech talks, white papers, and AWS Summits, making it clear that Amazon only protects the infrastructure layer. Your data running in the application layer is your responsibility to secure. This sounds easy to implement but in the noisy security market, how do...

Read More

Driving Towards Least Privilege in AWS: A Baker's Dozen 

I have learned a lot in the past few years about running and securing public cloud infrastructure and thought I would share some areas that I believe are important. This S lideShare presentation is meant to be a self-read narrative of 13 things to think about AWS security and the move towards least privileged systems. Enjoy, and please comment with your opinions and suggestions. I have also...

Read More

Survey Highlights Top Four Trends in Cloud Security Adoption

Lacework worked with Hurwitz and Associates to survey the market and learn about the current state of cloud security, challenges and learnings from early adopters of the cloud. The results (and Hurwitz’s expert analysis) paint a picture of an industry that’s rapidly moving beyond its initial growing pains - even if there are still a few thorns among the roses.

Read More

Context is King: Building Bridges Between DevOps and Security, Part IV

This is part 4 of 4 in a blog series on key trends in securing the public cloud.

Read More

Visibility: A Technical Chauffeur of Data, Part III

This is part 3 of 4 in a blog series on key trends in securing the public cloud.

Read More

Building Bridges from Security to Development, Part II

This is part 2 of 4 in a blog series on key trends in securing the public cloud.

Read More

5 Steps to Eliminate AWS Misconfigurations and Open S3 Buckets

I’m an ardent consumer of security news. Sure, it’s part of my job, but reading these stories can still be a real eye-opener. Take, for example, the on-going news about S3 bucket misconfigurations. Cyber criminals have taken notice that buckets configured to allow “All Authorized AWS Users” would, well, allow all authorized AWS users. Not just your organization’s AWS users. All of them. Around...

Read More

Bridging the Gap Between Security and DevOps, Part I

As we head into the New Year I'd like to share some trends I am noticing in the market around securing public clouds and decided to start a four-part series around it. Here in the Bay Area, we have several bridges that connect us. From the more well-known Golden Gate and Bay bridges to the lesser known Dumbarton and San Mateo bridges, it's estimated that more than 1 million cars cross the...

Read More





Subscribe to the Lacework Blog