Lacework Blog

  • Home
  • Lacework Blog

Building Bridges from Security to Development, Part II

This is part 2 of 4 in a blog series on key trends in securing the public cloud.

Read More

5 Steps to Eliminate AWS Misconfigurations and Open S3 Buckets

I’m an ardent consumer of security news. Sure, it’s part of my job, but reading these stories can still be a real eye-opener. Take, for example, the on-going news about S3 bucket misconfigurations. Cyber criminals have taken notice that buckets configured to allow “All Authorized AWS Users” would, well, allow all authorized AWS users. Not just your organization’s AWS users. All of them. Around...

Read More

Bridging the Gap Between Security and DevOps, Part I

As we head into the New Year I'd like to share some trends I am noticing in the market around securing public clouds and decided to start a four-part series around it. Here in the Bay Area, we have several bridges that connect us. From the more well-known Golden Gate and Bay bridges to the lesser known Dumbarton and San Mateo bridges, it's estimated that more than 1 million cars cross the...

Read More

AWS re:Invent Recap: Is This the end of the Enterprise Security Market?

 

I just returned from AWS re:Invent in Las Vegas and thought I would share my thoughts on the conference and, as you will see, and much to my excitement, security was a main topic in many ways.

Read More

The Breach: You Can’t Secure What You Can’t See

As I am sure you have read in the news, an AWS account was allegedly used as a means to access and exfiltrate data. Although I am not sure we will find out the real details, it looks like a relatively straightforward breach.

On the surface it appears as though there was no malware installed, firewalls attacked, or social engineering. The attackers acquired cloud account credentials and...

Read More

Why I joined Lacework: the opportunity to define a better approach to Securing the Cloud

Over the last two years I have spent a tremendous amount of time talking to top security executives, operators, and responders about their top concerns and projects they are looking to tackle. What I heard consistently is that securing the public cloud infrastructure was high, if not number one, on their list.

Read More

One employee gets the blame at Equifax. Fair?

In late August, Richard Smith, former CEO of Equifax, gave a speech that included this line: “There’s those companies that have been breached and know it, and there are those companies that have been breached and don’t know it.” (As Fortune notes, at the time of the speech Equifax was breached and they knew it).

Read More

AWS account Security: a great example to compare and contrast Lacework with CASB solutions

Lacework is a cloud security company, and we recently launched Lacework for AWS CloudTrail, a new solution focused on AWS account security. Securing a “cloud account” sounds a bit like a cloud access security broker (CASB) - but we’re not a CASB. To clear up any confusion, let me outline how the new Lacework solution works and clarify the problem we’re solving. I’ll do that by answering 3...

Read More

Build the Foundation for Faster cloud compliance with cloud Visibility

2017 has been a tough year for data breaches and privacy violations. Government regulations (HIPAA for healthcare, NERC-CIP for energy, EU GDPR, etc) and industry standards (PCI) have tried to reverse this alarming trend, with more restrictive mandates and financial penalties that can no longer be classified as “the cost of doing business”.

Read More

Another Multi-Billion Dollar Cybersecurity Catastrophe at Equifax

Last week Equifax reported what is possibly the most significant cyber security breach in history - and they are now paying for it. According to MarketWatch, the company’s value plunged more than $3.5B in just 2 trading sessions. Equifax out of pocket costs may exceed $300M. Farhad Manjoo at The New York Times wrote a blistering piece titled “Seriously Equifax? This Is a Breach No One Should...

Read More

 

 

 

 

Subscribe to the Lacework Blog