Latest on critical Apache Log4j vulnerability   Read More >

Lacework Cloud Care

Whether you’re a Lacework customer or not, we’re here to help with our free Cloud Care, a Log4j rescue program. Get access to:

Level up your cloud security for all gaming environments

Cloud Security and Compliance for the Gaming Industry

Lacework protects Cloud Gaming Infrastructure

Like a warrior on a quest to max out their EXP, cybercriminals are relentless in attacking all aspects of the gaming industry. As a result, disruptions from cyber attacks can delay game development and distribution and result in a poor experience for players encountering account takeovers, and denial of service.

Gaming Industry Challenges

The gaming industry is a favorite target of cyber attackers, and motivation for attacks ranges from illegally manipulating in-game currency to the simple notoriety of successfully hacking their favorite title. Gaming security faces some unique challenges, given the nature of the industry:

  • Complexity: In some respects, the gaming industry is an easy target. An unnoticed vulnerability in the latest update could leave the castle gates wide open. Companies often use a central platform for all their games, creating an attractive target that can wreak havoc across many franchises with a single successful exploit. Games may have custom protocols that aren’t built to distinguish legitimate traffic from an attack.
  • Always-On: Gamers are online literally 24×7, leaving little to no downtime for patches or cold fixes that could strengthen defenses. Attackers are always on as well, using server farms and hijacking users’ machines to flood data against overwhelmed infrastructure.
  • Valuable: Gaming is a multibillion-dollar industry and growing, surpassing many other forms of traditional media and entertainment. Given the potential for profit, even small successes can embolden attackers to go after bigger targets. Many large companies have been targeted for ransom demands; gaming faces the same potential vulnerability, leading to large payouts.

Compliance Made Easy

While gaming may not have the same regulatory compliance requirements as some industries, managing the logistical and physical security of the IT infrastructure is critical. Like all businesses that accept payment information, gaming companies are responsible for safeguarding customers’ personally identifiable information (PII), including payment details. There may also be national regulations regarding data security where compliance must be demonstrated.

Hosting and scaling dedicated game servers for online, multiplayer games require IT security protocols that contain effective cloud security solutions. Lacework streamlines compliance by continuously tracking configuration changes and providing daily audits to maintain compliance and protection.

Lacework monitors user accounts for abnormal activity, even when that activity is technically authorized. We empower IT security and compliance teams with customizable alerts when items change from compliant to non-compliant.

  • Lacework checks across the industry-accepted CIS Benchmark for secure configurations of cloud accounts and workloads.
  • Lacework includes supplemental checks for common compliance frameworks like PCI DSS and SOC 2.
  • Lacework empowers compliance and security teams with continuous analysis and historical reporting to demonstrate what is being checked, where problems exist, an analysis of each problem encountered, and the steps needed to remediate misconfigurations.
  • Lacework’s configuration compliance solution detects behavioral anomalies, so even if configurations meet required standards, unauthorized use or abnormal activity is detected and alerted on. This ensures that organizations are aware of issues that might go undetected by solutions that rely on manually written compliance rules. Lacework delivers native container and Kubernetes security support, reducing the attack surface and detecting threats in containerized environments.
  • Lacework integrates multi-cloud checks into a single dashboard by continuously monitoring configuration changes and API activity for containers across common platforms.

Innovation at the Speed of DevOps

Leading companies innovate, go to market, and scale quickly with limited resources. These companies ship products at light speed with security at every touchpoint. At Lacework, we empower customers to do this with our cloud security platform. Lacework enables customers with visibility to secure data, networks, and DevOps teams that involve the entire organization and communicates vulnerabilities as soon as they are detected.

Lacework Polygraph® exceeds security and compliance requirements by empowering IT security teams with security content that drives visibility into host workload, container, and Kubernetes platforms as well.

Lacework was built from the ground up for detecting and observing security threats in the cloud, including serverless, containers, and Kubernetes workloads, and streamlines security tasks for software teams building on Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP). 

Always-On Cloud IT Security

Cloud gen security monitoringOne of the most important gaps within gaming systems is robust and real-time monitoring of all activity. Lacework not only constantly monitors networks for anomalies, but our foundation, Polygraph, delivers a deep temporal baseline built from collecting high-fidelity machine/process/users interactions over a period of time.

The Polygraph is used to detect anomalies, generate appropriate alerts, and provide a tool for users to investigate and triage issues including:

  • Activity on all cloud platform resources, such as new activity in a region, activation of new services, or changes to access control lists.
  • Changes to users, roles, or access policies.
  • Tampering to access or customer master keys.

By understanding the natural hierarchies of processes, containers, pods, and machines, Polygraph is able to dynamically develop a behavioral and communication model of your services and infrastructure that aggregates all data points to develop behavioral models.

MEHR ERFAHREN

When it comes to development and security, you’re not playing games. Neither is Lacework. We automate and continuously monitor your compliance and security, from build to runtime. Consolidate tools, optimize your SIEM, secure your containers. Run faster, jump further, and expand your empire.

Demo ansehen

 

FAQs zu Laceworks Lösung für die Konfigurations-Compliance

Lacework verwendet Best-Practice-Prüfungen einschließlich CIS-Benchmarks, um sicherheitsrelevante Konfigurationen in Amazon AWS, Google GCP und Microsoft Azure zu bewerten.

Lacework bietet Mappings zu PCI, HIPAA, SOC 2 und NIST 800-54 Rev 4.

Lacework unterstützt die fortlaufende Überwachung Ihrer Konfigurationen in Ihren Cloud-Konten. Wenn Konfigurationen von den Best Practices abweichen, wird dies erkannt und eine entsprechende Warnmeldungen ausgegeben. Diese Meldungen können so konfiguriert werden, dass sie an viele der gängigen Benachrichtigungstools wie Slack, Splunk, Pagerduty usw. gesendet werden.

Lacework bietet Prüfungen für AWS, Azure und GCP. Lacework stellt eine zentrale Plattform bereit, die Compliance-Bemühungen unterstützen kann, ohne dass mehrere Tools für jeden Cloud-Anbieter bereitgestellt werden müssen.

Lacework nimmt Konfigurationsprüfungen auf der Grundlage branchenweit anerkannter Best Practices (z. B. CIS) vor. Anschließend erstellt Lacework Berichte, in denen alle Ressourcen aufgeführt sind, die gegen die Vorschriften verstoßen, und unterstützt so die Abhilfemaßnahmen. Diese Berichte können dann Prüfern als Nachweis für die Erfüllung der Compliance-Anforderungen vorgelegt werden.