3. whoami
⢠James Condon, Director of Research @ Lacework
⢠Former USAF OSI, Mandiant, and ProtectWise
⢠Network Forensics, Incident Response, Threat Intelligence, Cloud Security
@laceworklabs
@jameswcondon
4. ENTERPRISE VS CLOUD THREATSCAPE
Enterprise Landscape
⢠Mostly human users
⢠Laptops, workstations, mobile, on-
prem servers
⢠Windows, MacOS, Linux, iOS, Andriod,
etc.
⢠Organizations owns network and
network devices
⢠Email & Webrowsing
⢠Traditional security model
Cloud Landscape
⢠Ops users and automated users
⢠Ephemeral workloads
⢠Linux & Windows servers
⢠Virtual network
⢠Mostly API network traffic
⢠Shared Security Model
⢠DevSecOps & AppSec
5. ENTERPRISE THREAT DETECTION APPLIED TO CLOUD
Enterprise
⢠Network: IDS, IPS, NetFlow
⢠Endpoint: EDR, AV, HIDS
⢠Logging / SIEM
⢠Threat Intelligence / Hunting
⢠Behavior Modeling
Cloud
⢠Network: TLS API traffic, how to tap or
span? VPC flow logs, container &
orchestrator traffic
⢠Endpoint: EDR and endpoint for
servers and ephemeral workloads
⢠Containers & Orchestrators
⢠Log size and retention
⢠Threat Intel applied to the Cloud
⢠Applications & Users vs IPs & Hosts
10. CRYPTOJACKING
⢠Using someone else's compute and
resources to mine cryptocurrencies.
⢠Started taking off in 2017
⢠Coinhive started wave of new
techniques to scale
⢠Could be packaged with or without
malware
⢠Used in public cloud, browsers, PCs,
IoT, phones, and even Industrial OT
⢠Monero currently most popular coin
to mine illicitly
11. CRYPTOJACKING EXAMPLE
⢠MircoK8s Honeypot
⢠Open APIs & Dashboards
⢠Attacker scans API
⢠Adds ReplicaController
⢠5 replicas of CentOS w/ curl
commands to DL XMRig & config
12.
13. CRYPTOJACKING MITIGATIONS
⢠Billing Alerts
⢠Monitor CPU Usage
⢠Monitor connections to popular pools
⢠Update & Patch Apps
⢠Host Hardening
15. DATA LEAK
⢠The exposure of confidential data
through misconfigurations or similar
modes.
⢠Typically from unsecured DBs like
MongoDB, Elasticsearch, & Redis or
open cloud provider buckets
⢠Also can include leaking information
that can be leveraged by attackers
16.
17. DATA LEAK MITIGATIONS
⢠Visibility into internet facing
configurations
⢠Audit and alert for open storage
buckets
⢠Enforce authentication for DBs
⢠Encrypt sensitive data at rest
19. SSH BRUTE FORCE ATTACKS
⢠Repeated attempts to guess secure
shell username & password
combinations in an attempt to gain
unauthorized access.
⢠Most common service to brute force
on public cloud workloads
⢠However, not the only service to
commonly brute force
⢠Popular infection vector and
propagation method for Linux
malware
⢠Old tactic, still effective
20. EXAMPLE â BREAD & BUTTER ATTACKS
⢠Recent Malware campaign
⢠Begins with brute force SSH
⢠Add user âbutterâ
⢠Downloads RAT
⢠RAT communicates with CNC
⢠RAT downloads XMR miner
⢠Reported by Gaurdicore
21. SSH BRUTE FORCE ATTACKS - MITIGATIONS
⢠Use key-based authentication vs
password-based authentication
⢠Restrict access to port 22 (or
whichever port you use) to trusted
clients
⢠Consider SSH jump boxes to simplify
monitoring, etc
⢠Alert on successful SSH auth after
series of failed attempts
23. DATA EXFILTRATION
⢠The act of stealing confidential
information from a network.
⢠Leaks occur from misconfigurations
and accidental exposer, data exfil
occurs after gaining unauthorized
⢠Most common end objective in the
cyber kill chain
⢠Typically associated with APT activity,
espionage, and financial gain
24. DATA EXFILTRATION
⢠Just reported in March 2019, details still sparse
⢠Breach came from unauthorized access
⢠Affected Toyota Tokyo Sales Holding Inc. and possibly three other independent dealers
in Japan
⢠A month prior APT32 launched spear phishing against multinational car companies
⢠Vietnam reportedly trying to develop its domestic car industry
⢠No confirmation in the attribution to APT32
25. DATA EXFILTRATION - MITGATIONS
⢠One of the hardest to protect against
given a determined actor
⢠Requires fully mature security posture
⢠Business must understand where
their most valuable information is and
how to monitor and protect it.
27. MALWARE
⢠Any software designed to damage a
computer, server, client, or computer
network.
⢠RATs, trojans, backdoors,
downloaders, ransomware, etc.
⢠Recent Linux malware is modular in
nature typically containing backdoor,
propagation, and mining module
⢠Typical cloud chain of events is exploit
-> install script -> backdoor ->
additional modules
⢠Shell scripts & ELF binaries for Linux
28. EXAMPLE â BREAD & BUTTER ATTACKS
⢠Prolific malware family reported in 2018
⢠Targets Linux & Windows
⢠Attributed to Iron Group
⢠Ransomware, coinmining, propagation, and
botnet capabilities
⢠Self propagation by attacking weak password
and application vulnerabilities
⢠Ransomware is actually data-destroying (no
recovery), attacks databases in Linux
⢠Developed in Python
⢠Reported by Unit42
31. RANSOMWARE
⢠Malware that encrypts files and asked for payment to unlock said files.
⢠Was very prevalent prior to cryptojacking
⢠Some ransomware doesnât unlock files
⢠Used by criminal and APT groups
⢠Good security posture can mitigate effects, especially in the cloud
32. BRIEF HISTORY RANSOMWARE
⢠CryptoLocker â One of the most notable early ransomware families 2013-14
⢠TeslaCrypt â Targeted video game files in 2016
⢠SimpleLocker â Targeted Andriod in 2015-16
⢠WannaCry â One of the first malware families to utilize leaked NSA tools in 2017
⢠NotPetya â Piggy-backed of the WannaCry wave in 2017
⢠SamSam â Targeted ransomware-as-a-service in 2015, indictments in 2018
⢠Ryuk â Targeted ransomware with a big hit in 2018-19
33. LUCKY RANSOMWARE EXAMPLE
⢠Targets Linux and Windows
⢠Variant of Satan Ransomware
⢠Ransomware, coinmining, and propagation modules
⢠Propagation similar to Xbash
⢠Files encrypted with â.luckyâ extension
⢠Check out our blog for more details!
34. RANSOMWARE - MITIGATIONS
⢠Disaster recovery plan â backups etc
⢠Application up-to-date
⢠Strong passwords
⢠Endpoint security
⢠Network monitoring
⢠Threat Intelligence
⢠Know what you are running
36. REMOTE CODE EXECUTION
⢠A vulnerability that allows code to be
executed from a remote attacker.
⢠A frequent occurrence with so many
technology stacks, new CVEs every
week
⢠Years old vulnerabilities still a major
issue
⢠Very common infection vector in the
public cloud
37. REDIS EXPLOIT EXAMPLE
⢠Honeypot running Redis 2.8.4 on
Ubuntu 14.04
⢠Redis exposed to open internet (TCP
port 6379)
⢠Redis quickly exploited by LUA
vulnerability CVE-2015-4335
⢠Exploit contains payload to download
install script
⢠Install script downloads backdoor, miner,
kills competitive miners, and set ups
persistence
38. RCE - MITIGATIONS
⢠Patch early and often
⢠Control network access to services
⢠Have incident response plans in place
for 0-days (there will always be new
exploits)
⢠Reduce size of attack surface
⢠Minimal code base and OS
40. CONTAINER ESCAPE VULNERABILITY
⢠A vulnerability that allows escape
from a sandbox or container can
mean access to the host operating
system or hypervisor.
⢠Biggest concern since popularization
of containers
⢠Containerized applications share host
resources, escape can lead to attacks
on other containers
⢠Containers less of a sandbox than
VMs
41. RUNC CONTAINER ESCAPE VULNERABILITY
⢠CVE-2019-5736: Execution of malicious
containers allows for container escape
and access to host filesystem
⢠First major container escape of its kind
⢠Root user in container or specially
crafted container could overwrite runc
binary with new binary of their
choosing
⢠Runc used in most container platforms,
most notably Docker
42. CONTAINER ESCAPE - MITIGATIONS
⢠0-days are very rare and difficult to
detect
⢠Prepare for rapid response to
updating container platforms and
operating system is vulnerability is
announced
⢠Follow container best practices to
minimize chance of successful escape
⢠Privileged container policy
⢠Read-only root filesystem
44. CLOUD SERVER COMPROMISE
⢠A server instance from a cloud service
provider that becomes compromised,
for instance, by a malware infection or
unauthorized access.
⢠An attacker gains access to some or all
of the resources on a given server
⢠The source of the compromise can
come from insider threats,
exploits/malware, misconfigurations,
and cloud service provider account
compromise
48. ⢠IT employee terminated after 4 weeks
⢠Used former colleges credentials to
access company AWS account
⢠Terminated 23 servers
⢠Estimated $700,000 is loses to the
business
⢠Deleted data was unable to be
recovered
49. INSIDER THREAT - MITIGATIONS
⢠Internal training & awareness
⢠Practice least privileges
⢠2FA to minimize chances of stolen
accounts
⢠Plan for when employees leave
⢠Physical access
⢠Account access
⢠Disaster recovery plan
50. FINAL THOUGHTS
⢠Cloud security is still in its infancy
⢠Visibility is difficult
⢠Shared Responsibility Model
⢠Is cloud security the wild west?
(think M$ in the early days)
⢠Moving towards more or less secure
model?
⢠Sec more Dev savvy or opposite?
51. Resources
1. Bread & Butter - https://www.guardicore.com/2018/11/butter-brute-force-ssh-attack-tool-evolution/
2. Xbash - https://unit42.paloaltonetworks.com/unit42-xbash-combines-botnet-ransomware-coinmining-worm-
targets-linux-windows/
3. Top Ransomware Families - https://www.csoonline.com/article/3212260/the-5-biggest-ransomware-attacks-of-
the-last-5-years.html
4. Lucky Ransomware - https://www.lacework.com/elf-of-the-month-new-lucky-ransomware-sample/
5. Anatomy of a Redis Exploit - https://www.lacework.com/anatomy-of-a-redis-exploit/
6. Toyota Data Breach - https://www.cyberscoop.com/toyota-data-breach-japan-vietnam/
7. Runc CVE - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5736
8. Sacked IT guy annihilates 23 of his ex-employerâs AWS servers -
https://nakedsecurity.sophos.com/2019/03/22/sacked-it-guy-annihilates-23-of-his-ex-employers-aws-servers/
Automated secuity for multicloud
Lacework completely automates security monitoring intrusion detection and configuration compliance.
Purpose built for servers, containers, & K8s
Agent-based solution for threat monitoring and IDS across cloud servers, containers, & Kubernetes orchestration.
High fidelity detection and alerting
Utilizes machine learning to eliminate false positives to drive only actionable and accurate security alerts.
Engineered for massive scale
Designed to support very large customer deployments consisting of thousands of hosts and hundreds of cloud accounts.
Unified multicloud security
Provides a single security platform for workloads and containers, intrusion detection, and compliance for AWS, Azure, & GCP.
Automated secuity for multicloud
Lacework completely automates security monitoring intrusion detection and configuration compliance.
Purpose built for servers, containers, & K8s
Agent-based solution for threat monitoring and IDS across cloud servers, containers, & Kubernetes orchestration.
High fidelity detection and alerting
Utilizes machine learning to eliminate false positives to drive only actionable and accurate security alerts.
Engineered for massive scale
Designed to support very large customer deployments consisting of thousands of hosts and hundreds of cloud accounts.
Unified multicloud security
Provides a single security platform for workloads and containers, intrusion detection, and compliance for AWS, Azure, & GCP.
Automated secuity for multicloud
Lacework completely automates security monitoring intrusion detection and configuration compliance.
Purpose built for servers, containers, & K8s
Agent-based solution for threat monitoring and IDS across cloud servers, containers, & Kubernetes orchestration.
High fidelity detection and alerting
Utilizes machine learning to eliminate false positives to drive only actionable and accurate security alerts.
Engineered for massive scale
Designed to support very large customer deployments consisting of thousands of hosts and hundreds of cloud accounts.
Unified multicloud security
Provides a single security platform for workloads and containers, intrusion detection, and compliance for AWS, Azure, & GCP.
Automated secuity for multicloud
Lacework completely automates security monitoring intrusion detection and configuration compliance.
Purpose built for servers, containers, & K8s
Agent-based solution for threat monitoring and IDS across cloud servers, containers, & Kubernetes orchestration.
High fidelity detection and alerting
Utilizes machine learning to eliminate false positives to drive only actionable and accurate security alerts.
Engineered for massive scale
Designed to support very large customer deployments consisting of thousands of hosts and hundreds of cloud accounts.
Unified multicloud security
Provides a single security platform for workloads and containers, intrusion detection, and compliance for AWS, Azure, & GCP.
Automated secuity for multicloud
Lacework completely automates security monitoring intrusion detection and configuration compliance.
Purpose built for servers, containers, & K8s
Agent-based solution for threat monitoring and IDS across cloud servers, containers, & Kubernetes orchestration.
High fidelity detection and alerting
Utilizes machine learning to eliminate false positives to drive only actionable and accurate security alerts.
Engineered for massive scale
Designed to support very large customer deployments consisting of thousands of hosts and hundreds of cloud accounts.
Unified multicloud security
Provides a single security platform for workloads and containers, intrusion detection, and compliance for AWS, Azure, & GCP.
Automated secuity for multicloud
Lacework completely automates security monitoring intrusion detection and configuration compliance.
Purpose built for servers, containers, & K8s
Agent-based solution for threat monitoring and IDS across cloud servers, containers, & Kubernetes orchestration.
High fidelity detection and alerting
Utilizes machine learning to eliminate false positives to drive only actionable and accurate security alerts.
Engineered for massive scale
Designed to support very large customer deployments consisting of thousands of hosts and hundreds of cloud accounts.
Unified multicloud security
Provides a single security platform for workloads and containers, intrusion detection, and compliance for AWS, Azure, & GCP.
Automated secuity for multicloud
Lacework completely automates security monitoring intrusion detection and configuration compliance.
Purpose built for servers, containers, & K8s
Agent-based solution for threat monitoring and IDS across cloud servers, containers, & Kubernetes orchestration.
High fidelity detection and alerting
Utilizes machine learning to eliminate false positives to drive only actionable and accurate security alerts.
Engineered for massive scale
Designed to support very large customer deployments consisting of thousands of hosts and hundreds of cloud accounts.
Unified multicloud security
Provides a single security platform for workloads and containers, intrusion detection, and compliance for AWS, Azure, & GCP.
Automated secuity for multicloud
Lacework completely automates security monitoring intrusion detection and configuration compliance.
Purpose built for servers, containers, & K8s
Agent-based solution for threat monitoring and IDS across cloud servers, containers, & Kubernetes orchestration.
High fidelity detection and alerting
Utilizes machine learning to eliminate false positives to drive only actionable and accurate security alerts.
Engineered for massive scale
Designed to support very large customer deployments consisting of thousands of hosts and hundreds of cloud accounts.
Unified multicloud security
Provides a single security platform for workloads and containers, intrusion detection, and compliance for AWS, Azure, & GCP.
Automated secuity for multicloud
Lacework completely automates security monitoring intrusion detection and configuration compliance.
Purpose built for servers, containers, & K8s
Agent-based solution for threat monitoring and IDS across cloud servers, containers, & Kubernetes orchestration.
High fidelity detection and alerting
Utilizes machine learning to eliminate false positives to drive only actionable and accurate security alerts.
Engineered for massive scale
Designed to support very large customer deployments consisting of thousands of hosts and hundreds of cloud accounts.
Unified multicloud security
Provides a single security platform for workloads and containers, intrusion detection, and compliance for AWS, Azure, & GCP.
Automated secuity for multicloud
Lacework completely automates security monitoring intrusion detection and configuration compliance.
Purpose built for servers, containers, & K8s
Agent-based solution for threat monitoring and IDS across cloud servers, containers, & Kubernetes orchestration.
High fidelity detection and alerting
Utilizes machine learning to eliminate false positives to drive only actionable and accurate security alerts.
Engineered for massive scale
Designed to support very large customer deployments consisting of thousands of hosts and hundreds of cloud accounts.
Unified multicloud security
Provides a single security platform for workloads and containers, intrusion detection, and compliance for AWS, Azure, & GCP.
Automated secuity for multicloud
Lacework completely automates security monitoring intrusion detection and configuration compliance.
Purpose built for servers, containers, & K8s
Agent-based solution for threat monitoring and IDS across cloud servers, containers, & Kubernetes orchestration.
High fidelity detection and alerting
Utilizes machine learning to eliminate false positives to drive only actionable and accurate security alerts.
Engineered for massive scale
Designed to support very large customer deployments consisting of thousands of hosts and hundreds of cloud accounts.
Unified multicloud security
Provides a single security platform for workloads and containers, intrusion detection, and compliance for AWS, Azure, & GCP.
Automated secuity for multicloud
Lacework completely automates security monitoring intrusion detection and configuration compliance.
Purpose built for servers, containers, & K8s
Agent-based solution for threat monitoring and IDS across cloud servers, containers, & Kubernetes orchestration.
High fidelity detection and alerting
Utilizes machine learning to eliminate false positives to drive only actionable and accurate security alerts.
Engineered for massive scale
Designed to support very large customer deployments consisting of thousands of hosts and hundreds of cloud accounts.
Unified multicloud security
Provides a single security platform for workloads and containers, intrusion detection, and compliance for AWS, Azure, & GCP.
Automated secuity for multicloud
Lacework completely automates security monitoring intrusion detection and configuration compliance.
Purpose built for servers, containers, & K8s
Agent-based solution for threat monitoring and IDS across cloud servers, containers, & Kubernetes orchestration.
High fidelity detection and alerting
Utilizes machine learning to eliminate false positives to drive only actionable and accurate security alerts.
Engineered for massive scale
Designed to support very large customer deployments consisting of thousands of hosts and hundreds of cloud accounts.
Unified multicloud security
Provides a single security platform for workloads and containers, intrusion detection, and compliance for AWS, Azure, & GCP.
Automated secuity for multicloud
Lacework completely automates security monitoring intrusion detection and configuration compliance.
Purpose built for servers, containers, & K8s
Agent-based solution for threat monitoring and IDS across cloud servers, containers, & Kubernetes orchestration.
High fidelity detection and alerting
Utilizes machine learning to eliminate false positives to drive only actionable and accurate security alerts.
Engineered for massive scale
Designed to support very large customer deployments consisting of thousands of hosts and hundreds of cloud accounts.
Unified multicloud security
Provides a single security platform for workloads and containers, intrusion detection, and compliance for AWS, Azure, & GCP.
Automated secuity for multicloud
Lacework completely automates security monitoring intrusion detection and configuration compliance.
Purpose built for servers, containers, & K8s
Agent-based solution for threat monitoring and IDS across cloud servers, containers, & Kubernetes orchestration.
High fidelity detection and alerting
Utilizes machine learning to eliminate false positives to drive only actionable and accurate security alerts.
Engineered for massive scale
Designed to support very large customer deployments consisting of thousands of hosts and hundreds of cloud accounts.
Unified multicloud security
Provides a single security platform for workloads and containers, intrusion detection, and compliance for AWS, Azure, & GCP.
Automated secuity for multicloud
Lacework completely automates security monitoring intrusion detection and configuration compliance.
Purpose built for servers, containers, & K8s
Agent-based solution for threat monitoring and IDS across cloud servers, containers, & Kubernetes orchestration.
High fidelity detection and alerting
Utilizes machine learning to eliminate false positives to drive only actionable and accurate security alerts.
Engineered for massive scale
Designed to support very large customer deployments consisting of thousands of hosts and hundreds of cloud accounts.
Unified multicloud security
Provides a single security platform for workloads and containers, intrusion detection, and compliance for AWS, Azure, & GCP.
Automated secuity for multicloud
Lacework completely automates security monitoring intrusion detection and configuration compliance.
Purpose built for servers, containers, & K8s
Agent-based solution for threat monitoring and IDS across cloud servers, containers, & Kubernetes orchestration.
High fidelity detection and alerting
Utilizes machine learning to eliminate false positives to drive only actionable and accurate security alerts.
Engineered for massive scale
Designed to support very large customer deployments consisting of thousands of hosts and hundreds of cloud accounts.
Unified multicloud security
Provides a single security platform for workloads and containers, intrusion detection, and compliance for AWS, Azure, & GCP.
Automated secuity for multicloud
Lacework completely automates security monitoring intrusion detection and configuration compliance.
Purpose built for servers, containers, & K8s
Agent-based solution for threat monitoring and IDS across cloud servers, containers, & Kubernetes orchestration.
High fidelity detection and alerting
Utilizes machine learning to eliminate false positives to drive only actionable and accurate security alerts.
Engineered for massive scale
Designed to support very large customer deployments consisting of thousands of hosts and hundreds of cloud accounts.
Unified multicloud security
Provides a single security platform for workloads and containers, intrusion detection, and compliance for AWS, Azure, & GCP.
Automated secuity for multicloud
Lacework completely automates security monitoring intrusion detection and configuration compliance.
Purpose built for servers, containers, & K8s
Agent-based solution for threat monitoring and IDS across cloud servers, containers, & Kubernetes orchestration.
High fidelity detection and alerting
Utilizes machine learning to eliminate false positives to drive only actionable and accurate security alerts.
Engineered for massive scale
Designed to support very large customer deployments consisting of thousands of hosts and hundreds of cloud accounts.
Unified multicloud security
Provides a single security platform for workloads and containers, intrusion detection, and compliance for AWS, Azure, & GCP.
Automated secuity for multicloud
Lacework completely automates security monitoring intrusion detection and configuration compliance.
Purpose built for servers, containers, & K8s
Agent-based solution for threat monitoring and IDS across cloud servers, containers, & Kubernetes orchestration.
High fidelity detection and alerting
Utilizes machine learning to eliminate false positives to drive only actionable and accurate security alerts.
Engineered for massive scale
Designed to support very large customer deployments consisting of thousands of hosts and hundreds of cloud accounts.
Unified multicloud security
Provides a single security platform for workloads and containers, intrusion detection, and compliance for AWS, Azure, & GCP.
Automated secuity for multicloud
Lacework completely automates security monitoring intrusion detection and configuration compliance.
Purpose built for servers, containers, & K8s
Agent-based solution for threat monitoring and IDS across cloud servers, containers, & Kubernetes orchestration.
High fidelity detection and alerting
Utilizes machine learning to eliminate false positives to drive only actionable and accurate security alerts.
Engineered for massive scale
Designed to support very large customer deployments consisting of thousands of hosts and hundreds of cloud accounts.
Unified multicloud security
Provides a single security platform for workloads and containers, intrusion detection, and compliance for AWS, Azure, & GCP.
Automated secuity for multicloud
Lacework completely automates security monitoring intrusion detection and configuration compliance.
Purpose built for servers, containers, & K8s
Agent-based solution for threat monitoring and IDS across cloud servers, containers, & Kubernetes orchestration.
High fidelity detection and alerting
Utilizes machine learning to eliminate false positives to drive only actionable and accurate security alerts.
Engineered for massive scale
Designed to support very large customer deployments consisting of thousands of hosts and hundreds of cloud accounts.
Unified multicloud security
Provides a single security platform for workloads and containers, intrusion detection, and compliance for AWS, Azure, & GCP.
Automated secuity for multicloud
Lacework completely automates security monitoring intrusion detection and configuration compliance.
Purpose built for servers, containers, & K8s
Agent-based solution for threat monitoring and IDS across cloud servers, containers, & Kubernetes orchestration.
High fidelity detection and alerting
Utilizes machine learning to eliminate false positives to drive only actionable and accurate security alerts.
Engineered for massive scale
Designed to support very large customer deployments consisting of thousands of hosts and hundreds of cloud accounts.
Unified multicloud security
Provides a single security platform for workloads and containers, intrusion detection, and compliance for AWS, Azure, & GCP.
Automated secuity for multicloud
Lacework completely automates security monitoring intrusion detection and configuration compliance.
Purpose built for servers, containers, & K8s
Agent-based solution for threat monitoring and IDS across cloud servers, containers, & Kubernetes orchestration.
High fidelity detection and alerting
Utilizes machine learning to eliminate false positives to drive only actionable and accurate security alerts.
Engineered for massive scale
Designed to support very large customer deployments consisting of thousands of hosts and hundreds of cloud accounts.
Unified multicloud security
Provides a single security platform for workloads and containers, intrusion detection, and compliance for AWS, Azure, & GCP.
Automated secuity for multicloud
Lacework completely automates security monitoring intrusion detection and configuration compliance.
Purpose built for servers, containers, & K8s
Agent-based solution for threat monitoring and IDS across cloud servers, containers, & Kubernetes orchestration.
High fidelity detection and alerting
Utilizes machine learning to eliminate false positives to drive only actionable and accurate security alerts.
Engineered for massive scale
Designed to support very large customer deployments consisting of thousands of hosts and hundreds of cloud accounts.
Unified multicloud security
Provides a single security platform for workloads and containers, intrusion detection, and compliance for AWS, Azure, & GCP.