Lacework Blog

  • Home
  • Lacework Blog

AWS re:Invent Recap: Is This the end of the Enterprise Security Market?

 

I just returned from AWS re:Invent in Las Vegas and thought I would share my thoughts on the conference and, as you will see, and much to my excitement, security was a main topic in many ways.

Read More

The Breach: You Can’t Secure What You Can’t See

As I am sure you have read in the news, an AWS account was allegedly used as a means to access and exfiltrate data. Although I am not sure we will find out the real details, it looks like a relatively straightforward breach.

On the surface it appears as though there was no malware installed, firewalls attacked, or social engineering. The attackers acquired cloud account credentials and...

Read More

Why I joined Lacework: the opportunity to define a better approach to Securing the Cloud

Over the last two years I have spent a tremendous amount of time talking to top security executives, operators, and responders about their top concerns and projects they are looking to tackle. What I heard consistently is that securing the public cloud infrastructure was high, if not number one, on their list.

Read More

One employee gets the blame at Equifax. Fair?

In late August, Richard Smith, former CEO of Equifax, gave a speech that included this line: “There’s those companies that have been breached and know it, and there are those companies that have been breached and don’t know it.” (As Fortune notes, at the time of the speech Equifax was breached and they knew it).

Read More

AWS account Security: a great example to compare and contrast Lacework with CASB solutions

Lacework is a cloud security company, and we recently launched Lacework for AWS CloudTrail, a new solution focused on AWS account security. Securing a “cloud account” sounds a bit like a cloud access security broker (CASB) - but we’re not a CASB. To clear up any confusion, let me outline how the new Lacework solution works and clarify the problem we’re solving. I’ll do that by answering 3...

Read More

Build the Foundation for Faster cloud compliance with cloud Visibility

2017 has been a tough year for data breaches and privacy violations. Government regulations (HIPAA for healthcare, NERC-CIP for energy, EU GDPR, etc) and industry standards (PCI) have tried to reverse this alarming trend, with more restrictive mandates and financial penalties that can no longer be classified as “the cost of doing business”.

Read More

Another Multi-Billion Dollar Cybersecurity Catastrophe at Equifax

Last week Equifax reported what is possibly the most significant cyber security breach in history - and they are now paying for it. According to MarketWatch, the company’s value plunged more than $3.5B in just 2 trading sessions. Equifax out of pocket costs may exceed $300M. Farhad Manjoo at The New York Times wrote a blistering piece titled “Seriously Equifax? This Is a Breach No One Should...

Read More

Forrester's Insights into Cloud Workload Security: Automate, Automate, Automate

Earlier this week, Forrester released its Vendor Landscape report for cloud workload security solutions (CWS), authored by Andras Cser, Vice President and principal analyst at Forrester. According to the report, 52% of North American infrastructure decision makers believe public cloud implementations are a critical business priority. There’s no question the future belongs to the cloud. The...

Read More

More Machine Learning Models != Better Results

Earlier this week, Techspective published “Three Critical Machine Learning Questions for Cybersecurity Pros.” That article highlights how ML is changing cybersecurity workflows and it’ll give you some things to consider as you evaluate alternatives. Have a look and let me know what you think!

Read More

One of the Harshest Cybersecurity Regulations: Will NY DFS Part 500 of Title 23 Impact You?

DarkReading called it “one of the harshest cybersecurity regulations to hit companies in the US,” and the grace period for compliance expired last Monday. It’s called the Cybersecurity Requirements for Financial Services Companies (23 NYCRR Part 500), and it’s a New York state regulation with global reach.

Read More

 

 

 

 

Subscribe to the Lacework Blog