Using the Cloud to Secure the Cloud: Lacework and the New Era of Cloud Security

Today, we announced a great milestone for Lacework — the closing of a $24 million Series B round of funding from a stellar group of investors that includes Sutter Hill, Liberty Global Ventures, Spike Ventures and the Web Investment Network (WIN). This is a massive opportunity, and not just because we have the capital to continue delivering the most innovative, valuable cloud security product on the market. It’s also because this validates our vision and the hard work done every day by our employees. We’ve already built a thriving business with fanatically loyal customers, and I can’t wait to take our message of end-to-end security to every organization that runs workloads in the cloud.

We started Lacework three years ago with a group of the most insightful thinkers in cloud security. They developed a concept that cloud security solutions could be provided as an end-to-end experience with better context, more intelligence, and more sophisticated threat detection.  Our founding team had a vision for applying machine learning to the behaviors of resources, users, and all activity in the cloud, which would provide a more accurate picture of where actual threats existed. Our customers were provided with more contextual, accurate data without the barrage of meaningless alerts that accompanied other security products.

Our customers keep telling us, “You guys did the hard stuff first.” What they mean is that we focused first on building a superior solution for a complex problem and didn’t go to market until we had a workable product. We are up against a varied mix of competitors but our founders, Sanjay Kalra, and Vikram Kapoor identified something early on that has been our guiding vision from the beginning, namely, using the cloud to secure the cloud.

That stems from a vision that drove our roadmap and defines how we continue to develop Lacework. I think back to our early product strategy sessions, where team members insightfully recognized that the cloud provided its own model for how to defend attacks against it. We built Lacework with the recognition that inherent cloud attributes like scale, elasticity, speed, and automation can be used as an advantage instead of an inhibitor to manage security and compliance within cloud environments.

More and more organizations are adopting cloud-first strategies as they initiate new projects or migrate from older systems. To meet rigorous business demands, they operate with frequent code releases, increasingly make use of containers, and process and store data for compliance and cost-management. There’s a lot changing in this kind of environment, and as we see with our customers, SIEMs and firewalls aren’t equipped to provide the level of insight required, and they aren’t engineered for automation, nor to operate at scale.

The Lacework team is focused on giving customers visibility and control over their cloud operations at cloud scale to the monitoring of all activities across all cloud components – accounts, users, apps, containers, machines – in addition to the network layer. The agility and speed that the cloud promises is deployed to monitor, detect, and alert on issues. But Lacework does it all one better by analyzing all that activity against normalized behavior and then highlighting those issues to truly identify risk, not just change. Lacework’s application of machine learning-enabled patterns to understand cloud activity gives security and compliance teams a highly accurate view of what truly needs to be remediated, rather than just a dashboard of signatures and control changes.

Our internal culture mirrors our product development and organizational strengths; innovation is critical, we iterate rapidly and constantly, and we are hypervigilant about giving customers an exceptional, usable experience. Lacework has helped organizations evolve from a network-centric approach to one that is host-based, end-to-end, and scaled to analyze billions of events of cloud events at the speed of business.

This Series B round helps us rapidly expand our market and give any organization operating in the cloud an opportunity to maintain better security, compliance, and control over their cloud environments. Some might call it disruptive or game-changing, but we think of it as just using the lessons FROM the cloud to keep customers safe IN the cloud.