This is Lacework
Shift-Left DevSecOps with Atlassian, AWS & Lacework
Atlassian enterprise customers recognize the need to build security into their software supply chains as they embark on complex digital transformation journeys. Microservice architectures, multi-cloud infrastructure, containers and Kubernetes introduce new vectors for vulnerabilities.
Product Videos
Customer Testimonials
Case Studies
Nylas Case Study
In the face of the Log4j vulnerability, Nylas partnered with Lacework to monitor for suspicious activity while vendors patched their services, confirm that their own exposure was limited, and relay up-to-date information to customers. Read More...
Scurri Case Study
Learn how Lacework enabled Scurri to double their security team’s productivity and win enterprise customers by demonstrating compliance. Read More...
Molecular Health Case Study
This case study explains how Molecular Health used Lacework to meet compliance standards, cut down on alert noise, and achieve transparency. Read More...
AB Tasty Case Study
Discover how AB Tasty used Lacework to greatly improve their AWS compliance, grow business value, gain visibility into a containerized infrastructure, and prepare for SOC 2 compliance. Read More...
Hypergiant Case Study
Learn how Lacework enabled Hypergiant to cut alerts down by 70%, reduce engineer workload by 20 hours per week, and democratize access to security event data. Read More...
Reltio Case Study
This case study details how Lacework enabled Reltio to investigate alerts 4X faster than before, gain deep visibility into their environment, and consolidate technology from several security vendors. Read More...
CallTrackingMetrics Case Study
CallTrackingMetrics engaged Lacework and transitioned seamlessly to AWS Graviton running Amazon Elastic Compute Cloud (Amazon EC2) and Amazon Simple Storage Service (Amazon S3). Read More...
Snowflake Case Study
Learn how Snowflake was able to gain full visibility into their cloud environment to follow everything that was occurring, end-to-end. Read More...
Sift Case Study
Learn how Lacework enabled Sift to reduce their security budget by 50% and accelerate their security roadmap by more than six months. Read More...
Drift Case Study
See how Lacework gave Drift increased visibility in their AWS and Kubernetes deployments to support their growth and compliance goals. Read More...
Marqeta Case Study
See how Marqeta was able to deliver faster application development and improved security monitoring with no additional AWS expertise. Read More...
Fallstudie Poka – Transparenz in Bezug auf Container mit tiefgehendem Anwendungskontext
See how Lacework gave Poka full visibility into the inner workings of their containerized environments, all while drastically reducing alert fatigue. Read More...
DataVisor Case Study
DataVisor was able to extend security to expanding multicloud environments, which required a highly efficient approach to real-time monitoring & protection. Read More...
Jitterbit Case Study
With Lacework, Jitterbit was able to secure their dynamic cloud and containerized environments, along with their microservices, all at scale. Read More...
Carson Living Case Study
Carson Living was struggling with adequately securing their AWS environment. Here's how they leveraged automated rule writing to scale their security with their growth. Read More...
Cazena Case Study
With Lacework, Cazena was able to increase operational efficiency, reduce noise generated by their security stack, and identify anomalies. Read More...
Wavefront Case Study
Lacework enabled the security team at Wavefront to quickly investigate events, while improving visibility into overall security posture. Read More...
Fallstudie Guidebook
Learn how Lacework gave Guidebook a clear and complete picture of security operations across their entire cloud implementation. Read More...
eBooks
Cloud-Security-Automatisierung für Dummies®
Cloud security automation brings great value, safety, responsiveness, and productivity gains to organizations that put it to proper use. Learn how you can do this at your organization and start gaining exponential value in milliseconds. Read More...
Transform AWS Data Into Cloud Security Insight
Organizations collect security logs and have at least some alerting, but consider this simple question: what do we do with those logs? Download this guide to see a new approach to AWS data ingestion. Read More...
Solving M&A Challenges with Cloud Security
Strategic merger and acquisition (M&A) has long been an effective way to rapidly grow a business. The M&A approach often involves less risk to invested capital and delivers a faster return on the investment. Read More...
How to Accelerate Container Adoption
Developing applications with containers has become an increasingly popular way to operationalize speed, but it must be able to do so without jeopardizing security and compliance. Read More...
Cloud Security Fundamentals
Protecting a cloud environment requires a dedicated, comprehensive effort across the policies, processes, technologies, and controls that are involved in securing the data and resources that make up overall cloud infrastructure. Read More...
Der fundamentale Wandel in der Cloud-Sicherheit
The fundamental aspects of the cloud are enabling an entirely new way of conducting business. The most innovative organizations are those that recognize that for this new pace of business to be sustainable, security must keep pace with the speed and agility of the cloud. Read More...
Securing Modern Applications and Infrastructure
The maturation of cloud-native security and containerized environments creates pervasive blind spots, making securing these environments uniquely challenging. Here's how to secure these types of modern applications and infrastructure. Read More...
Umgang mit Herausforderungen im Hinblick auf Compliance und Audits in der Cloud
Cloud dependence comes with cloud complications—a critical one being compliance. Compliance audits are never easy, but now, with businesses running applications in multiple public, private and hybrid clouds, even knowing if you are compliant, let alone proving it, has become a major burden. Read More...
Buyer’s Guide to Comprehensive Cloud Security
To ensure cyber resiliency in the cloud, teams have to address several new challenges unseen in traditional IT and on-premises data centers. Here are some topics to keep top of mind as you explore a cloud security platform. Read More...
Top Ways Your Cloud Approach is Burning Cash
Through our work across hundreds of clouds and tens of thousands of containers and workloads, we've captured the top ways organizations can save time and money by embracing a cloud first approach to security. Read More...
Top Mistakes to Avoid When Using Cloud Provider Security Tools
Using cloud native apps to secure your infrastructure may seem like the path of least resistance, but there are a number of mistakes when using cloud native and open source security products that you’ll want to avoid. Read More...
Why Compliance is Not Enough When it Comes to Cloud Security
Compliance objectives generally carry three main goals: prevent misconduct, detect misconduct, and align policies with laws, rules, and regulations. We cover these goals in the context of modern cloud environments. Read More...
Gaining Complete Cloud Visibility as You Scale
To keep pace with cloud innovation, you need to see the entirety of your cloud footprint to be able to effectively secure it, which is paramount as you continue to innovate, build, and scale in the cloud. Read More...
Ein Security-Leitfaden zur Container-Orchestrierung
It's hard to argue against the benefits of containers and containerized applications running on cloud resources. However, containers create new cloud security challenges. Read More...
Compliance in der Cloud: Die Compliance-Falle für Cloud-Umgebungen vermeiden
In order to successfully meet your security requirements and compliance obligations you must define and implement appropriate technical and administrative controls. Read More...
Security-First Compliance
With cloud services increasingly emerging as a key component of IT operations, more organizations now face the compliance issues that come with that style of adoption. Read More...
CISO's Playbook to Cloud Security
To secure enterprise assets in the cloud, CISO's must address several new challenges unseen in traditional IT and on-premises data centers. Here are key strategies to secure your enterprise cloud infrastructure from cyber threats. Read More...
How to Build a DevSecOps Culture
A DevSecOps culture embeds security in your DevOps workflows to speed up delivery speed without compromising security. Here's how to build a strong DevSecOps culture in your organization: Read More...
Cloud Security Checklist
To help those responsible for their company’s security get their bearings in the cloud, we’ve put together a checklist that explains key issues and risks, and provides guidance about how you need to address them. Read More...
What are Your Public Cloud Security Risks?
The ease and speed with which organizations can deploy workloads often outweighs the security implications of doing so. Here's why you may be more at risk thank you think, and what you can do about it. Read More...
Resetting Your Security Thinking for the Public Cloud
We take a closer look at securing cloud infrastructures by asking seven experts the following question: To operate public cloud-based IT infrastructures securely, what security thinking needs to change, and why? Read More...
Automated, Comprehensive Compliance & Security: Purpose-Built for the Cloud
Learn how Lacework was built specifically to deliver contextual data about cloud events, because changes can lead to new vulnerabilities and potential threats. Read More...
Avoiding Container Vulnerabilities
To get a better understanding of potential risks associated with containers and how best to address those risks, we asked the security experts the following question: What vulnerabilities do containers create, and how do you protect against them? Read More...
VPC-Datenflussprotokolle reichen nicht aus
VPC flow logs are not enough, and modern environments require a new approach to cloud security. Here are eleven ways network-based security tools based on VPC logs fall short when transitioning to the cloud. Read More...
Webinars
The Future of Cloud Security
As we close out 2021, we want to share some of our latest research and cloud security predictions to arm you with the insights you need to get a head start on 2022. See Webinar...
Shift Left Faster: Infrastructure as Code (IaC) Security For the Win
Infrastructure as Code (IaC) is quickly becoming the primary mechanism to manage cloud infrastructure at massive scale. While this significantly increases innovation speed, it also introduces additional risk. See Webinar...
The Essentials To Scaling Your SIEM
In this 30 minute webcast, we walk you through best practices on using the essentials to smarten and scale your SIEM for optimal cloud security and cost-efficiency. We will also cover ways to save money in your AWS cloud environment, to significantly reduce your SIEM alerting and give you insight into how we automate rule writing and reduce investigation time into your AWS CloudTrail data by 90%. See Webinar...
The ABCs of Cloud Security
As more and more companies migrate to the cloud, the cloud environment has evolved into something very dynamic, complex, and almost unwieldy. How do we address the scale and complexity of today’s cloud? Simple: automation. See Webinar...
Cloud Threat Report 2021, Volume 2 Review
As the cloud risk landscape evolves, the Lacework Labs team is meeting the challenge with research on threats targeting cloud environments. The goal is to expose attacker trends and techniques, while providing actionable information for security leaders and practitioners alike. See Webinar...
Reckless to Fearless: Automating Remediation in the Cloud
Tines and Lacework have partnered to bring you insights into the latest in cloud automation. Our tools powerfully combine, helping you take action and automatically solve security alerts in real-time as they occur. See Webinar...
Behaviors of Compromised Cloud Environments
Join Chief Architect Ulfar Erlingsson and Sr. Product Manager Michael Bentley for the latest installment of the Automate to Accelerate Series - Behaviors of Compromised Cloud Environments. See Webinar...
Lacework Cloud Threat Report, 2021 Volume 1 Review
The attack surface just broadened. Are you fully updated on the emerging cloud threats now facing your organization? See Webinar...
Achieve Cloud Security Savings through SIEM Optimization
Learn strategies you can implement to start saving on cloud security through SIEM optimization. See Webinar...
How YOUR Data Can Drive Cloud Security Success at Scale
Modern organizations face a ton of cloud complexity—migrations, new applications, acquisitions, multi-cloud, microservices, and more. Change is the only constant in the cloud. See Webinar...
LendingTree Automates AWS Security for DevOps Teams and Stays Compliant with Lacework
Learn how LendingTree automates their AWS security for DevOps teams and stays compliant with Lacework. See Webinar...
How to Address the Unique Challenges of Cloud and Container Security
Experts from Lacework and ESG discuss cloud adoption research, and how to stay on top of vulnerabilities across multicloud and containerized/K8s landscapes. Read More...
Top 5 Strategies to Balance Container Advantages and Risks
Improve your container security posture at both buildtime and runtime, and how to stay on top of potential container vulnerabilities so you can continue to innovate with speed and safety. Read More...
Achieve 40% Cloud Infrastructure Savings with AWS Graviton2
Many cloud-first organizations are shifting workloads to AWS Arm-based architecture to reduce costs while ensuring optimal cloud performance. Learn how to take advantage of these cost savings while achieving next-level security. Read More...
Reduce AWS Security Investigation Time by 90%
We cover how to free yourself from the grind of manually investigating countless security incidents, all with unparalleled context to build and run secure and compliant infrastructure at cloud speed. Read More...
7 Key Considerations Before Sending AWS CloudTrail Logs to a SIEM
This webinar covers the seven most important factors to consider if your organization sends raw AWS CloudTrail logs to a SIEM tool. Read More...
Addressing Compliance and Audit Challenges in the Cloud
Traditional approaches to cloud compliance are not effective and require new cloud security tools to meet growing security demands. Learn how to overcome the challenges of public cloud compliance. Read More...
How the Cloud Breaks Traditional Security Approaches
The traditional approach of writing rules to define bad or suspect behaviors simply doesn’t work for modern organizations. Humans can’t write rules fast enough to keep up with changes in the cloud, and logs + network data force too much guessing, you must understand the entity relationships as well. Read More...
Solution Briefs
AWS Control Tower Solution Brief
Lacework's AWS Control Tower integration enables a seamless AWS account onboarding experience with the Lacework Cloud Security Platform Read More...
Snowflake Solution Brief
Joining Lacework and Snowflake brings the value of cloud security data to the rest of the business. Read More...
New Relic Solution Brief
A data-driven approach to observability and cloud security. Read More...
Cutting Through the Cloud Clutter
We cover how deep visibility and actionable insights from effective cloud-native security applications can be instrumental in mitigating security issues. Read More...
Cloud Security for Health IT
From mobile health, telehealth, or eHealth, the growing influence of cloud networks are reshaping the IT landscape. Here's how to stay secure and compliant. Read More...
Financial Services in the Cloud
The Financial Services sector is among the most targeted groups for financially motivated cyberattackers. Ensure your organization is prepared. Read More...
AWS CloudTrail
Learn how Lacework helps security professionals analyze AWS CloudTrail logs in less time with behavioral analytics and deep insight into anomalies. Read More...
Anomalie-Erkennung
Here's how we use machine learning to identify and analyze behavioral deviations from normalized behaviors in cloud and container infrastructures that result from vulnerabilities. Read More...
AWS Security
Lacework provides comprehensive, continuous end-to-end security and configuration support for workloads and accounts running in AWS and in multi cloud environments. Read More...
Azure Security
For all Azure events and configurations, Lacework monitors activities and behaviors of cloud entities beyond network traffic to detect anomalies indicative of a misconfiguration, a human error, malicious activity or a threat. Read More...
Cloud Account Security
In multicloud environments, it’s critical to monitor the activities of each account. Lacework helps organizations understand who is using what, to learn what API calls are made to various cloud resources, and identify irregularities that might indicate account risk. Read More...
Compliance von Konfigurationen
Operating on multiple cloud platforms can increase the threat vector of the overall infrastructure and add complexity to an already challenging task. Lacework delivers deep visibility for configurations across all of an enterprise’s cloud accounts and workloads so organizations can ensure compliance with industry, governmental, and institutional standards. Read More...
Container Security
Lacework is fully container-aware and monitors all container activities regardless of the container distribution you rely on (Docker and/or Kubernetes). Any malicious activity in a containerized environment will generate an anomaly at one layer or another – Lacework’s threat detection and behavioral analysis identifies anomalous activities across your cloud and containers so issues can be remediated before any damage is done. Read More...
Überwachung der Datenintegrität
Designed for high-velocity cloud implementations, Lacework’s FIM solution automates setup and eliminates labor-intensive rule development, ACL specification, and configuration. With our innovative baselining technology, Lacework keeps up with cloud changes while dramatically reducing false positives so security teams can focus on the FIM events that really matter. Read More...
GCP Security
Lacework offers an automated, end-to-end security and configuration solution that monitors threats for workloads and accounts in GCP and across multicloud and containerized environments. Lacework checks for a series of controls specific to GCP resources like Storage Buckets, ACLs and other resources, and for processes like Cross-Origin Resource Sharing (CORS), access logs, and other elements that can be targeted in the course of attacks. Read More...
Erkennung von unerlaubten Host-Zugriffen
Lacework Host-based IDS automatically identifies intrusions and raises the alarm so you can stay a step ahead of attackers. We give you the visibility and context you need to resolve intrusion events before they turn into damaging breaches. Delivered as a service, Lacework can be deployed at scale in minutes. Read More...
Kubernetes Security
Lacework provides deep visibility into your Kubernetes deployment. This includes high-level dashboards of your clusters, pods, nodes, and namespaces combined with application level communication between all of these at the application, process, and network layer. Read More...
Abwehr von Runtime-Bedrohungen
To provide comprehensive security for active threats and vulnerabilities caused by misconfigurations and other infrastructure changes, Lacework uses runtime defense to identify, analyze, and alert on anomalous behavior for applications, virtual resources, hosts, and all user activity. Read More...
Workload Security
Lacework’s lightweight agents collect and send data to Lacework’s backend in the cloud where this data is aggregated, and a baseline of the activity in the cloud environment is created. The automated method of detecting undesired activity in cloud and container workloads provides great benefits over traditional rule writing. Read More...
White Papers
11 Reasons to Level Up Against Cyber Threats
More than 3 Billion people play video games of some form, and players of games are favorite targets for cyber attacks. The stakes are high as attackers may share cheats and stolen in-game currency or hold source code for ransom. Game companies must invest in stopping cyber threats to prevent economic loss and damage to the user experience. Read More...
A guide to responding to the Log4j vulnerability
In this guide receive the four key steps you can take to better protect your organization against the Log4j vulnerability and other potential exploits. Read More...
Five Ways to Optimize Your SIEM with Lacework
Discover ways to achieve 95% fewer false positives and investigate threats 80% faster through SIEM optimization. Read More...
Defend Against Ransomware in the Cloud with Lacework
Cloud infrastructure has become a potential target for ransomware groups. With more businesses storing business-critical data in the cloud, there is no doubt the cloud will only increase as a target for hackers. Lacework helps organizations identify risks, detect potential attacks, and efficiently protect and respond to these types of threats. Read More...
Lacework Platform: Proactively Securing Cloud Environments at Scale
Learn current security and compliance challenges facing organizations today and how the Lacework Platform can provide a single tool for consistent visibility, context, and security across your cloud environment. Read More...
2021 Cloud Threat Report, Volume 2
Get the latest report from the Lacework Labs team focused on risks and threats relevant to cloud services, containers, and container orchestration systems. Read More...
Three Critical Concepts for Security in Infrastructure as Code
Infrastructure as Code can help organizations tame the complexity of the cloud, but to realize this promise users must implement basic practices to ensure a secure environment. Read More...
Achieve Cloud Security Cost Savings Through SIEM Optimization
The migration to the cloud and containerization has brought with it an astonishing rate of logs to search, store and analyze. SIEMs have held their own for many years but are beginning to show their age in the form of an exploding total cost of ownership. Read More...
Container Security Essentials: The Rise of Containers in the Cloud
Containers are a fascinating and sometimes controversial topic in the IT world. The most powerful companies rely on them implicitly in the production environment. But do containers pose a potential security risk? Read More...
Tevora: Simplify Continuous Compliance and SOC 2
Cybersecurity is top of the mind for management, boards, and regulators. And with the impact of regulatory oversight, organizations are under increasing pressure to demonstrate that they have taken appropriate measures to secure their environment. Read More...
DZone Container Trend Report
We explore the current state of container adoption, uncover common pain points of increasingly complex containerized architectures, and introduce modern solutions for building scalable, secure, stable, and performant containerized applications. Read More...
The Journey to Mature Cloud Security
Whether you’re migrating to the cloud or developing cloud-native apps, it’s essential to bolster IT security practices to meet the challenges and opportunities that stem from those environments. Read More...
2021 Cloud Threat Report, Volume 1
Get the latest report from the Lacework Labs team focused on risks and threats relevant to cloud services, containers, and container orchestration systems. Read More...
Sicherung von Container in einer Cloud-Umgebung
Containers and containerized applications running on cloud resources have brought countless benefits, but have introduced security challenges as well. To address the latter, we created a blueprint for container and orchestration best practices. Read More...
Vermeidung von Datenlecks in der Cloud mit Anomalie-Erkennung
This paper describes the five forms of data leaks in the cloud, and how an effective anomaly detection platform can be the most important ally in identifying, understanding, and combatting these breaches. Read More...
5 Schritte zur Verbesserung der Erkennung von Sicherheitsverstößen und der Reaktion auf Vorfälle in der öffentlichen Cloud
Managing the aftermath of a security breach or cyber attack is no easy task. Here's how to continuously monitor security within your cloud workloads and improve incident response processes. Read More...
Security-Tools für Multi-Cloud-Bereitstellungen
This whitepaper explains how to consolidate security across multicloud environments, and your responsibility for different cloud approaches. Read More...
Cloud- & Container-Security von der Build- bis zur Runtime
Learn how to create a complete security approach for cloud and multi-cloud environments, DevOps, and container orchestration, for all aspects of compliance, accounts, and workloads. Read More...
The Role of Kubernetes in Cloud Security
With the rapid adoption of Kubernetes for application and infrastructure orchestration, there’s a corresponding increase in the risk associated with data exposure and vulnerabilities throughout the application lifecycle. Read More...
DevOps Security for Cloud and Container Environments
Security & compliance must be woven into any new framework and this is no different with DevOps. Here's why new DevOps processes must also follow an organization's information security and secure development lifecycle policy and process. Read More...
Automatisierung von Compliance-Lücken für die Public Cloud
Automating security and compliance functions can ease management of complex multi-cloud environments. Here's how to streamline compliance in the public cloud: Read More...
Automating Container Security with AWS & Lacework
Using containers in AWS enables agile orchestration of app capabilities with less coordination and oversight than than on-premises or virtualization infrastructure. Here's how to maintain security for these new capabilities. Read More...
Identifizieren und Bewältigen von Fehlkonfigurationen in AWS, Azure und GCP
Here's why it’s critical to understand how your cloud infrastructure is set up, and what tools you'll need to rely on to protect it. Read More...
5 Steps for DevOps + Security Integration Infographic
From instituting training to creating a culture of security, here's how to build a team that can keep systems secure at the speed of DevOps Read More...
Top Ten Threats to Cloud Security Infographic
There’s an enormous amount of event activity in the cloud. A busy cloud environment can generate eight to ten billion events per month, which makes threat detection a much more challenging proposition. Read More...
Containers At-Risk: A Review of 21,000 Cloud Environments
This report describes the risks and threats that can be created by deploying workloads in public cloud without the proper security guardrails, security services, and the systematic use of security best practices. Read More...
Lacework: Avant Garde Security
Lacework redefines security by enabling configuration assessment, behavior monitoring, threat and anomaly detection, and incident investigation. Here's how we bring speed and automation to every cloud security process. Read More...