Lacework, the data-driven cloud security company, is releasing high-fidelity composite alerts on the Lacework Polygraph Platform, built to reduce cost and time expenditures of cloud security processes, as well as increase its effectiveness. Focusing on helping organizations secure what they’re building in the cloud, the Lacework Polygraph Platform’s vulnerability targeting is now enhanced with correlative threat pattern alerts.
Lacework now provides a single, easy-to-consume composite alert that points to a vulnerability with supporting facts so security teams can easily and quickly mediate risk with accuracy.
The myriad of security alerts, both significant and unimportant, can cause security teams to be overwhelmed with potential risks. While some alerts may appear minor in isolation, its correlation with other signals can compound to generate a very dangerous threat—which is ultimately left to be manually identified by security teams.
“If you take these little steps that attackers are doing early on and if you can start to detect them and automatically have the technology mapping that together for you, it helps you to know that when you get an alert, it's going to be a lot faster than you would be able to find it or investigate it manually and by yourself,” said Meg Diaz, VP of platform and solutions marketing at Lacework. “It's automating that for you—it's giving you all of the context and more of a peace of mind that there's not something critical hiding in events that you can't get to in time.”
To correct the present overload of alerts and their relationships for security teams, Lacework correlates and combines an average of 7-8 events to accommodate for alert nuance and deliver a holistic understanding of the user’s security environment. The generated evidence-based composite alerts allow Lacework to do the detective work for the customers, alleviating the manual load for security teams, according to the vendor.
These context-equipped composite alerts come with decades of threat intelligence from Lacework Labs, which aggregates and analyzes petabytes of data, attack activity, and daily signals from the Lacework customer base. Lacework is then able to identify critical indicators of threat risk, paired with patented behavioral analytics and anomaly detection for security context.
“With composite alerts, what we've done is we've combined human intelligence about prevalent attack methods from our Lacework Labs team, who have taken time to look into some of the key attack types that are leveraging compromised credentials, or crypto mining, or cloud ransomware, and they've uncovered patterns that we see and activity that you typically see in those types of attacks,” explained Diaz. “So, we've taken that human intelligence and the technology that can actually help us automatically correlate disparate alerts and event data together, allowing us to detect critical risks faster and more accurately.”
“We are the first CNAPP (cloud-native application protection platform) vendor to offer this, and it’s what we are really focused on for our customers—how can we just make things easier for them? And I think this is just another example of how we're trying to automate things and make it easier for them to piece the right information together, and be able to respond and protect their business,” concluded Diaz.
For more information about Lacework’s cloud security solution, please visit https://www.lacework.com/.