Lacework

We used Lacework as a service that performed behavioral analysis of the AWS Infrastructure layer (Cloudtrail, AWS Config), the server host processes, and user activities within AWS and the server itself. We also used Lacework Container Security to deliver end-to-end visibility of Docker container images by providing vulnerability assessments and malware detection. Vulnerability scanning for production instances with centralized logging and event analysis is a ‘must-have’ for customers from any product in the Commercial/GxP state.

• ease of implementation
• alert handling and integration with Slack
• consistent way to setup across different AWS accounts

• Has helped give us coverage on different usage patterns
• Good with compliance - helped with credibility with auditors
• At times (a negative), Lacework has impacted our product teams by causing product issues on our production infrastructure

F5 Distributed Cloud Application Infrastructure Protection (AIP)

Checkmarx, CrowdStrike Falcon, VMware Carbon Black EDR

We utilize Lacework to monitor and alert on Security Risk and Compliance issues within our Cloud Infrastructure environments. Similar to a SIEM in functionality without the overhead in resources of a traditional solution, Lacework provides the function that our team needs to protect the systems and data our company depends on daily.

• Ease of deployment
• Ease of operation
• Relevance of reported information
• Dependability

• Being a FinTech company, financial institutions who partner with us want to know that we are appropriately maintaining a Security, Risk and Compliance program that maintains a level of comfort for their vendor management. Lacework gives us the ability to monitor and maintain a level of security for our infrastructure that puts our partners at ease, reduces the revenue cycle for new partners and opens doors to the future.

LogRhythm NextGen SIEM Platform, Sumo Logic and Splunk Enterprise Security (SIEM)

We mainly use Lacework for User and Entity Behavior Analytics. It allows us to be aware of any anomalies in our systems, be it a process, a user or a connection coming from an unusual location etc. The beauty of it is that the platform takes care of establishing a baseline of what is usual behavior in the systems, and once that is done, it becomes humanly possible to sift through the incoming alerts of what is considered out of the norm.

• Alerting and Notifications.
• Queries for the latest vulnerabilities (log4j, ksmbd...)
• UEBA

• Better security
• More visibility from a security/compliance perspective

Lacework solutions help our company improve significantly our security posture in our cloud environment. We were looking for an easy-to-use solution and covered all our cloud assets. The tool is used on a daily basis to monitor vulnerabilities, threats in our environment, our posture against CIS benchmark... Security and DevOps teams are using the solution every week.

• Cloud Compliance
• Vulnerability management
• Behavior detection

• Less operations task to maintain and deploy a vulnerability management solution
• Detection of threats in our cloud without the need to check millions of lines of logs

We are using Lacework's Intrusion Detection capabilities to monitor our cloud workloads (mostly k8s clusters) for malicious behaviour. Lacework is integrated with our ticketing system and automatically creates tickets when anomalous behaviour is detected. Because alerting is based on anomaly detection, we are able to focus our efforts on alerts that have a higher probability of being malicious, compared to other IDS solutions we used before.

• Intrusion Detection System.
• Integrations.
• Actionable alerts.

• Our previous open-source IDS resulted in thousands of alerts that weren't actionable. As Lacework only alerts when it detects anomalous behavior, the amount of alerts is lower, and the probability is higher that something malicious is happening.

Sysdig Secure DevOps Platform