Lacework Strengthens Threat Detection To Uncover More Malicious Activity and Speed Investigation at Scale

New time series model and enhanced alerting experience make it easy for organizations to address more threats in the cloud while enabling faster investigations

August 9, 2022

SAN JOSE, Calif., August 9, 2022Lacework®, the data-driven cloud security company, today announced new capabilities that enable organizations to uncover more critical threats to their infrastructure and empower teams to collaborate more efficiently in alert investigation and response. Lacework has added fully automated time series modeling to the existing anomaly detection capabilities of the Polygraph® Data Platform. Using automated learning and behavioral analytics, the time series model builds a baseline of the volume and frequency of  activity within a customer’s environment and actively monitors for spikes that deviate from that unique baseline to detect potential threats such as cryptominer attacks and compromised accounts with accuracy. Organizations can also proactively discover increased cloud usage due to misconfigurations — gaining a better understanding of their environment to help control costs. Lacework does this without the need for constant tuning of thresholds, significantly reducing both manual work and false positive alerts. Lacework has also upgraded its alerting experience with features that empower teams to collaborate more efficiently in alert investigation and response.

The enormous amount of activity in the cloud and adoption of new technology makes it difficult to gain visibility into risks, investigate alerts efficiently, and take action, especially when teams are siloed into different workstreams and tools. Signature and rules-based approaches can’t keep pace with this dynamic environment and often overwhelm security teams with thousands of contextless alerts across a range of environments.

Polygraph, the Lacework cloud behavioral analytics engine, uses dozens of models to build a baseline of normal behaviors in the cloud. The time series model introduces a new dimension of analysis by tracking changes in activity frequency and volume over time in a cloud environment. It works with the existing models to uncover more anomalies with fewer alerts.

Lacework also automatically adjusts the severity of alerts based on continuous learning and a fine-grained understanding of how much the observed behaviors deviate from the predicted baseline for improved accuracy. According to Cybersecurity Ventures, the number of unfilled cybersecurity jobs worldwide grew by 350% between 2013 and 2021 with no sign of relief in the next five years. By consolidating alerts into only those that matter and providing security teams with more context about what is happening across their environment, Lacework allows these overburdened teams to uncover more risks and deal with them more efficiently.

“It’s critical organizations get transparency as to what is happening across their multicloud environments, but security teams face a massive challenge keeping up with the dynamic nature of cloud environments while threats like cryptomining continue to proliferate,” said Frank Dickson, IDC Group Vice President, Security and Trust. “As an industry plagued by a seemingly insurmountable skills shortage, simply layering more alerts on the SOC does not help. Context matters; context quickly forwards SOC investigations from awareness to understanding by enabling correlations across datasets. Alerts are thus replaced with context rich incidents that are quickly actionable and facilitate outcomes for customers. In the end, secure outcomes are the goal of every SOC.”

Lacework has also revamped the alerting experience to help organizations better collaborate with teams to prioritize, investigate, and track the status of all alerts. This includes:

  • Context-rich insights: Richer insights give the complete picture of what happened, associated events, timelines, and other details, helping organizations understand where to focus and make better decisions.
  • Configurable bi-directional sync: When teams update an alert on the Lacework user interface or the associated ticket in backend workflow tools like Jira, the alert status is automatically updated on both sides with bi-directional sync for accelerated resolution. Organizations can even give feedback on Lacework alert severity levels, which in turn helps the Polygraph Data Platform learn and optimize modeling to further improve alerting experience.
  • Easy to manage alert lifecycle: Teams can more easily organize alerts, view tags, filter to see a set of specific alerts, change the state of an alert to indicate whether it needs to be investigated or has been resolved, and add comments to classify and better collaborate with teams.

“Lacework relentlessly innovates to deliver features that help customers gain the visibility and controls they need to stay ahead of the evolving threat landscape,” said Arash Nikkar, VP of Engineering, Lacework. “The Polygraph Data Platform is the only cloud security solution to combine automated time series analysis with sophisticated cloud behavioral analytics to build baselines that are tailored to a company’s unique environment. Combined with our enhanced alerting capabilities, we’re making it easier for teams to identify relevant risks and prioritize threats, even as their organization scales, the attack surface grows bigger, and security incidents increase exponentially.”

Time series modeling is available now for Lacework customers in AWS environments. Configurable bi-directional sync enhancements to the Lacework alerting experience are available to select customers in beta.

Additional Resources:

About Lacework

Lacework is the data-driven security company for the cloud. The Lacework Polygraph® Data Platform automates cloud security at scale so our customers can innovate with speed and safety. Only Lacework can collect, analyze, and accurately correlate data across an organization’s AWS, Microsoft Azure, Google Cloud, and Kubernetes environments, and narrow it down to the handful of security events that matter. Customers all over the globe depend on Lacework to drive revenue, bring products to market faster and safer, and consolidate point security solutions into a single platform. Founded in 2015 and headquartered in San Jose, Calif., Lacework is backed by leading investors like Sutter Hill Ventures, Altimeter Capital, D1 Capital Partners, Tiger Global Management, Counterpoint Global (Morgan Stanley), Franklin Templeton, Durable Capital, GV, General Catalyst, XN, Coatue, Dragoneer, Liberty Global Ventures, and Snowflake Ventures, among others. Get started at