Lacework Blog

  • Home
  • Lacework Blog

Forrester's Insights into Cloud Workload Security: Automate, Automate, Automate

Earlier this week, Forrester released its Vendor Landscape report for cloud workload security solutions (CWS), authored by Andras Cser, Vice President and principal analyst at Forrester. According to the report, 52% of North American infrastructure decision makers believe public cloud implementations are a critical business priority. There’s no question the future belongs to the cloud. The...

Read More

More Machine Learning Models != Better Results

Earlier this week, Techspective published “Three Critical Machine Learning Questions for Cybersecurity Pros.” That article highlights how ML is changing cybersecurity workflows and it’ll give you some things to consider as you evaluate alternatives. Have a look and let me know what you think!

Read More

One of the Harshest Cybersecurity Regulations: Will NY DFS Part 500 of Title 23 Impact You?

DarkReading called it “one of the harshest cybersecurity regulations to hit companies in the US,” and the grace period for compliance expired last Monday. It’s called the Cybersecurity Requirements for Financial Services Companies (23 NYCRR Part 500), and it’s a New York state regulation with global reach.

Read More

Real-World AWS Account Compromises and How Lacework Stops Them

I’m excited and proud to announce that Lacework’s Polygraph technology is now available to protect your AWS account. If you’re an AWS customer, you already know you’re on the hook to secure your own data. Under Amazon’s shared security model, you’re also responsible for the security of your AWS account. Think of it this way: your data, applications, and workloads are your “data plane” and your...

Read More

A Security Mindset Reset: Five Reasons Network Security Just Doesn't Work in the Cloud

Making the leap to the cloud is not for the faint of heart. If you’ve done it, you know: the things you want most from the cloud - elasticity, velocity, flexibility - are the very things that break many of the practices we’ve used in data centers for decades. You can’t just lift and shift your IT shop to the cloud. This is especially true for security, and I’m going to take a look at why in...

Read More

Polygraphs: behavior baselining to reveal the elephant

You are probably familiar with the parable of the blind men describing an elephant. Because they experience only what they can touch, each of them has a very different concept of what the animal is. One touches the trunk and concludes it’s a snake. Another explores a leg and concludes it’s a tree. They are, of course, all wrong: an elephant can only be understood if you can see all of it.

Read More

Introduction to Polygraphs

In my last blog, I talked about how we developed requirements for a Cloud Workload Protection Platform (CWPP) for modern data centers. In this blog, I’m going to dive into the heart of the matter: how Lacework builds the baseline we use for everything from breach detection to incident investigations. But first, let me recap two of the fundamental characteristics any CWPP should have:

Read More

Smitten with containers? What about security?

Developers are smitten with containers. It’s no mystery why — they’re perfect partners for agile development and fast-paced DevOps environments. Containers start up in seconds and use a fraction of the resources of traditional VMs, making them ideal for microservices architectures and scalable apps. Convenience is a big part of the allure too: third party images make adding functionality as...

Read More

Whack-a-Mole - Wanna Cry!!

WannaCry was bad news. It crippled hundreds of thousands of hosts. Patients and hospitals couldn’t retrieve records. Automobile manufacturers stopped production. Even now, the criminals continue to collect cash via Bitcoin accounts. WannaCry just might be the wake up call the industry needs. But will it really change anything? Or are we just playing Whack-a-Mole with every new disaster?

Read More

Lacework Coming Out Of Stealth!

An incredible milestone in a journey that started two years ago with a simple question: Why does it take enterprises 6+ months to find intruders in their data centers?

Read More

 

 

 

 

Subscribe to the Lacework Blog