Shining a new light on security in the cloud era - Lacework

Shining a new light on security in the cloud era

Vikram Kapoor - Founder, Chief Technical Officer

February 2, 2022

Cloud computing is fundamentally transforming the way people interact with the world and how companies get business done. And while the cloud has allowed businesses of all sizes to move with agility, quickly scaling up-and-down based on computing and data needs, this rapid adoption has also created challenges in leveraging data safely and effectively.

Today, Lacework is shining a new light on these challenges and what they mean for securing the future of business. With new innovations and partnership, as well as a refreshed visual and verbal brand, we’re ensuring customers are prepared to meet the scale, complexity, and speed of the cloud era with confidence.

Shining a Light Today, and for What’s Next
As many security leaders learned from the recent Log4j exploit, most cloud security tools were not built for the scale, complexity, and speed of a single cloud environment — let alone multi or hybrid cloud. This discovery also shined a light on how crucial it is to be prepared for new and evolving risks. Businesses need to know where all their assets are, as well as what’s running, so they can determine if they’re vulnerable — and continually monitor activity for active signs of compromise.

Take for example Nylas, a provider of communications APIs for business productivity automation. With the help of Lacework, in less than an hour the Nylas team were able to scan their entire cloud infrastructure, including thousands of servers, to assess the company’s exposure to Log4j and ensure they — and their customers — were secure.

Nylas is one of many examples of a company investing in, and seeing the real-world value of, our modern cloud security platform. In a Total Economic Impact study Forrester Consulting conducted on behalf of Lacework, customers report an 86% reduction in alerts, which enables security and developer teams to more easily identify and address risks to their organizations, including threats and vulnerabilities like Log4j. The study also found Lacework helped customers drive down the overall cost of security, while increasing the time-to-value and efficacy of their security posture. Through decision-maker interviews and financial analysis, the study determined a composite organization sees benefits of $2.31M over three years versus costs of $522K, totaling a net present value of $1.79M and an ROI of 342%. Customers also reported it took mere days, or even hours, to deploy the platform across their entire environment.

Across the industry, companies also are expected to expand their overall cloud security spending — and teams across most organizations (from executive to security to development) are looking for ways to ensure security is a key part of strategic business planning. According to the inaugural 2022 Cloud Security Outlook, for example, 88% of companies believe cloud security will become more important over the next year, most notably because of the growth of new threats and shortage of skilled security talent. The research conducted by ClearPath Strategies, in partnership with Lacework, also found the majority of respondents (76%) are specifically investing in automation and machine learning to help them manage the increasing activity.

The Polygraph®Data Platform
Whether detecting cloud account takeovers or finding exploit activity tied to known or zero-day vulnerabilities, Lacework has been successfully helping customers of every size and industry detect threats across a multicloud environment. The secret behind this is our Polygraph® technology, which uses machine learning to automatically baseline what normal behavior looks like, and flag unusual activity that warrants a closer look. Not only can you remove the noise from false positives, but you also gain more context about what’s happened to make investigations faster. We first applied this technology to AWS and Google Cloud accounts and workloads, and today we’re extending it to Azure and Kubernetes EKS — giving customers more precise threat detection across more environments, while reducing alert volume 100:1.

To better reflect the growth and capability of the Lacework technology, we’re also unveiling a new name for our core platform: Polygraph® Data Platform. The Lacework focus is — and always will be — about finding the truth across your cloud, in order to address true threats and risks from build time through runtime. The new name better represents this holistic approach to modern security. In addition, the new Polygraph Data Platform will include a host of new features like:

  • Correlating major vulnerabilities with exploit activity.
    The latest Lacework agent includes application vulnerability discovery for containers, hosts, and virtual machines, and ties together Log4j vulnerability data and anomaly detection. Not only can customers better prioritize remediation efforts, they can actively watch for exploits targeting those Log4j vulnerable systems — including those stemming from commercial, off-the-shelf tools they don’t control.
  • Asset discovery expanded to Google Cloud. Customers can automatically identify and inventory all assets, plus easily track the risk, compliance, and configuration changes over time with resource management for AWS and now Google Cloud. It also provides a consolidated view of AWS and Google Cloud assets to all team members, including those who may otherwise have no access to cloud management consoles, so teams have a better understanding of their multicloud environment.
  • Enhanced compliance benchmarking. CIS Benchmarks are one of the most common ways to assess security posture in relation to industry best practices, and measure security improvements over time. Lacework now offers analysis and reports for updated CIS Benchmarks for AWS, Google Cloud, and Microsoft Azure.
  • Google Cloud Marketplace availability. Lacework is now available on the Google Cloud Marketplace, in addition to the previously-supported AWS Marketplace, so customers have more options to purchase Lacework to secure their multicloud environments.

Security at the Speed of Light
Lacework was founded seven years ago to help address the unique challenges businesses faced in the cloud. Since then, the market has grown exponentially, and our cloud security platform has grown right along with it.

In a world where data never stops, landscapes are always changing, and threats are ever evolving, we too must evolve. Which is why, in addition to our new innovations and partnership, today Lacework is also debuting a new brand look. It’s bold, bright, and modern, just like our approach to cloud security. It reflects our mission to illuminate any cloud environment, granting the complete visibility customers need. It also emphasizes the Lacework drive to keep businesses of all sizes safe by shining a light on the greatest risks.

While we’re the same company with the same mission, our new look is designed to carry us far into the future, and grow and scale alongside our customers. Because at Lacework, security isn’t just a side note anymore, it’s a core way of thinking, as well as a true enabler of business innovation.

Join the Conversation
Lacework Co-CEO David Hatfield will be joining Co-Chair of the Congressional Cybersecurity Caucus, Congressman Jim Langevin, and Director at the Center for Strategic and International Studies (CSIS) Suzanne Spaulding, for a discussion on the path forward for cybersecurity in 2022. Hosted by Axios, the event will cover the evolving nature of security threats, the impact on our daily lives, and how governments and businesses are addressing these issues. Click here to join the conversation.

Copyright 2022 Lacework Inc. All rights reserved.