What are the differences between Lacework and GCP's Cloud Asset Inventory?

  • 28 March 2024
  • 1 reply

Userlevel 2

If this is you:

I’ve recently come across one of Google Cloud’s offerings, Cloud Asset Inventory, and I’m curious what the difference is between that and what Lacework has to offer?

Then check out the answer below!







Using Lacework/Operationalizing



1 reply

Userlevel 2

Looking at the GCP Cloud Asset Inventory documentation, found here, let’s do a direct comparison between GCP and Lacework:

GCP Cloud Asset Inventory Offering Lacework Solution
1. Search asset metadata by using a custom query language.

1. You can query resources and their metadata using Lacework LQL and the API. Or, you can utilize the Resource Explorer to filter and list out your resources in the UI.

2. Export all asset metadata at a certain timestamp or export event change history during a specific timeframe.

2. In addition to what's mentioned above, you can also specify time ranges in the LQL or API (note: by default, Lacework only holds 90 days worth of your data, which is longer than the 35 days you get with the Cloud Asset Inventory).

3. Monitor asset changes by subscribing to real-time notifications.

3. Lacework doesn't necessarily have a "subscribe to changes" function, but there might be a way to create custom policies using LQL to fire an Alert anytime some resource change happens (within the realm of what is being monitored in the metadata of course).

4. Analyze IAM policy to find out who has access to what.

4. Lacework has our newly released CIEM capabilities that monitor your cloud identities and who has access and to what (CIEM Documentation).