Lacework Releases Cloud Hunter to Help Customers Gain Better Visibility to Reduce Response Times for Incident Investigations

Lacework, the data-driven cloud security company, is launching a new, open-source tool for cloud hunting and security efficacy testing after unveiling its recent Cloud Threat Report.

The new tool, known as Cloud Hunter, will help customers keep pace with ever-improving adversarial tradecraft through advanced environmental analysis and improved incident response time.

Developed in response to new types of sophisticated threat models uncovered through Lacework Labs’ research, Cloud Hunter utilizes the Lacework Query Language (LQL) to permit hunting across data within the Lacework platform by way of dynamically-created LQL queries, according to the vendor.

Customers can quickly and easily find data and develop queries for ongoing monitoring as they scale detections along with their organization's cloud security program. Data is automatically analyzed while Cloud Hunter extracts information, further streamlining the capabilities and response times for incident investigations.

The Lacework Labs Cloud Threat Report examined the cloud security threat landscape over the past three months and unveiled the new techniques and avenues cybercriminals are exploiting for profit at the expense of businesses.

“Creating an open-source tool not only extends our capabilities as a research team and company but also gives us a way to fully give back to and empower the developer community based on what we’re seeing from our threat research,” said James Condon, director of threat research at Lacework. “As our research shows an increasingly more sophisticated attack landscape, this tool provides a more detailed analysis of an organization’s unique environment based on the new techniques being leveraged by attackers. Cloud Hunter is the first tool from Lacework to generate queries that can be directly converted into custom policies within a customer’s environment.”

The Lacework Labs team also examined issues around how “rogue accounts” are utilized by attackers for the reconnaissance and probing of S3 buckets as well as the growing popularity of cryptojacking and steganography.

For more information about this news, visit