Product Updates

New updates to Lacework’s platform this week help create better continuous visibility for customers: Continuous Threat Exposure Management (CTEM)The Lacework platform’s CTEM functionality offers continuous visibility into cloud resources, delivering event-driven architecture. This cutting-edge technology allows security teams to detect and manage risks in real time, reducing the mean time to remediate and enhancing overall security posture. Lacework’s code security features have also been improved:Smart Fix: Integrated with the Software Composition Analysis (SCA) tools from Lacework, Smart Fix for third-party software streamlines remediation by automatically determining the optimal upgrade path for vulnerable dependencies at the package level. This dramatically reduces the workload for developers and enhances the security of cloud applications.Secrets detection + static application security testing (SAST): Beyond SCA, new tools from Lacework now offer powerful detection capabilities that safeguard against potential breaches and leaks. SAST provides longer, more detailed code analysis by scanning compiled code for targeted application weakness exploitability as well as tracing the full path of untrusted data across call chains and control paths. From there, SAST customizes rules to meet specific codebase needs. Secrets detection, another new feature from Lacework, scans all text files (i.e. source code) in repositories to identify known patterns for dozens of different secrets types. Meet up with the team at AWS re:Inforce or check in with your account team to learn more about the new capabilities.

Lacework Edge, an innovative solution for data-driven security service edge (SSE), launches this week to provide secure, optimal connectivity from any user or device to the internet at large. Edge users will benefit from:Secure access to private applications: Zero-trust access to all internal and SaaS applications, replacing VPNs for legacy apps and optimizing for the cloud to offer improved performance, cost savings, and streamlined management. Web security: Secure web gateway capabilities with DNS reputation and malware detection, reducing cyber-attack risks and increasing productivity by enforcing web filtering policies. Data security: Monitors documents within ecosystems like Microsoft Office365, Google Workspace, and Dropbox, ensuring the protection of sensitive information, regulatory compliance, and efficient workflows.More on this new capability from Lacework is available in the Lacework newsroom or on the Lacework blog. Reach out to your account team for a demo.

Incident responders are constantly sifting through alerts from multiple security tools these to determine the priority and authenticity of potential threats. Recognizing this challenge, Lacework has introduced several enhancements aimed at saving time for security teams.Lacework's recent automation of Composite Alerts for Kubernetes (K8s) is designed to detect early signs of user and service account credential compromises — common vulnerabilities in the widely exposed K8s clusters. Moreover, the addition of Context Panels simplifies the alert review process by providing crucial details in a single, consolidated view, streamlining investigations and decision-making.Beyond the typical response to security vulnerabilities, Lacework is taking proactive measures to address risks before they escalate. Their approach focuses on anomaly detection, which plays a crucial role during the critical window before vulnerabilities like xz-utils are publicly known. This preemptive strategy ensures that security professionals can identify and mitigate threats early, leveraging Composite Alerts that highlight unusual activities indicative of a breach. Such capabilities underscore the importance of advanced threat detection systems that can adapt and respond to dynamic security landscapes.Lacework's innovation has also extended to differentiating real threats from penetration tests in cloud environments. The introduction of the Potential Penetration Test Composite Alert tool empowers teams to quickly discern between drills and actual cyberattacks, enhancing operational efficiency. This functionality, combined with strategic insights and real-time data access, equips security teams with the tools necessary to defend their systems effectively without the previously inevitable delays. Collectively, these updates from Lacework not only fortify security protocols but also significantly reduce the time incident responders spend analyzing and responding to alerts, optimizing their ability to protect their organization better and faster. More is available in respective blog posts: Swift insights, smarter decisions with Lacework Context Panels Anomaly detection and the xzutils zero day - a Composite Alert demonstration story Pentest or real threat? How automated investigations help you respond in record time How to stop k8s attacks earlier with less work Pod Squared - the ultimate guide to catching Kubernetes kulprits How Lacework composite alerts caught a Windows incident - a detailed walkthrough 

Smart Fix, a new feature from Lacework, allows developers to focus on what they do best: building and innovating. Smart Fix combines the unparalleled speed and accuracy of Lacework code security with automatic remediation for third-party code vulnerabilities, making it easier than ever to deliver secure code fast. Check out the Smart Fix blog post and press release to learn more.

Several new features launched at Lacework this past month that drive unique value for enterprise-grade customers. With a focus on saving time and resources for security professionals, the features better visualize the relationship among risks risks, provide new visual dashboards, add new context to alerts, and expand our Composite Alert capabilities. Let’s take a look.Lacework Explorer Lacework Explorer combines a security graph (i.e., a graphical visualization of cloud assets) and resource explorer to show the complex relationships and associations among all of the resources and services in your cloud environment. With simple, interactive visuals, Lacework Explorer helps users quickly understand and prioritize the potential risk associated with each entity or resource. New DashboardsNew Lacework DashboardsLacework Security Dashboards provide security leaders immediate insights into how their security program is tracking against its overall goals and gives them the granular visibility to assess progress at the individual business, team, or functional levels within their organizations.  Context PanelsLacework Context Panels give you the details you need to quickly triage alerts, enabling you to view related entities and content without losing sight of the alert’s context.  Kubernetes Composite AlertsLacework Composite Alerts detect hard-to-uncover malicious activity by automatically tying together multiple indicators of suspicious activity into a single, reliable alert. Our new Kubernetes Composite Alerts help detect early signs of potential Kubernetes user and service account credential compromise that would likely go unnoticed, by automatically combining and analyzing signals from multiple sources like threat intelligence information and raw Kubernetes audit logs. Read more about these new features over on the Lacework blog.

In February 2024, Lacework rolled out several platform enhancements and new features:- Additional configuration options for Kubernetes Compliance integrations.- General availability of the Lacework Security in Jira integration for all geographic locations.- Active Package Detection (Code Aware Agent) is now generally available.- Introduction of identity management features for cloud permissions.- Support for transit gateway in attack path analysis.- New alert for potentially compromised Kubernetes users.- Detection of active and inactive Rust packages on hosts and containers.For detailed information on these updates, please visit the Docs page.

In January 2024, Lacework launched updates to enhance its security platform, including:- Crowdsourced risk analysis for improved alert insights.- Public preview features like exceptions for OCI compliance policies, a new composite alert for potentially compromised Kubernetes users, and Lacework AI Assist for chat-based alert guidance and remediation.- Enhanced support for detecting vulnerabilities on Microsoft Windows Servers, including detailed guidance and support for various Windows Server OS and applications.For a detailed overview of all these updates, visit the Docs page.

In December 2023, Lacework introduced updates aimed at broadening security capabilities and enhancing user experience. These updates include:- New data sources for Amazon EC2 and ElastiCache.- Improvements to the Cloud Compliance dashboard.- Introduction of view management features.- Extended attack path analysis for Azure assets.- Support for Oracle Cloud Infrastructure (OCI) in public preview.- Enhancements to resource groups.- Ability to create custom compliance and violation policies.For a comprehensive overview of all the updates, visit the Docs page.

In November 2023, Lacework unveiled significant updates to its platform, focusing on enhancing user experience and expanding security features. Key updates include:- Introduction of auto polling for JFrog registry integrations to streamline container scanning processes.- Enhancement of alert titles and descriptions for better clarity and actionability.- Implementation of tabbed views for Host and Container vulnerability pages to simplify navigation and analysis.- Launch of view management capabilities for creating, updating, and sharing customized views more efficiently.- Extension of attack path analysis to include Azure assets, providing comprehensive security insights across cloud environments.- Activation of active package detection for containers, improving visibility into container security.For more details on these updates, visit the Docs page.

In October 2023, Lacework introduced several enhancements to its platform, focusing on broadening its security capabilities. These updates aim to help users better identify and manage vulnerabilities and threats within their environments. Key highlights include:- Integration of CVEs for Java and NPM vulnerabilities via GitHub Security Advisory.- Enhanced container vulnerability scanning with support for Red Hat UBI 9 and Minimal Images.- Updated Google Cloud service account validation for improved permission checks.- Refined Agentless Workload Scanning documentation, including detailed IAM permissions.For a comprehensive overview of all the updates, visit the Docs page.

Lacework AI Assist, an assistive generative AI technology developed internally at Lacework, is a powerful new tool designed to help teams better understand cloud environments, gain insights faster and level up cybersecurity skills.Launched today, Lacework assistive technology that provides customers with the capability to ask questions in clear language such as:Why should I look at this alert?  What Lacework tools can I use to further investigate this?  How do I fix this misconfiguration using the AWS CLI? Does this violation affect my SOC2 compliance?Output from the tool is delivered in a simple, concise format designed to be both understood by the entry-level security analyst and with the technical depth to be actionable. Here’s what this conversation would look like with Lacework AI Assist: “Why does this alert matter?” “This alert is important because it involves enabling Role Based Access Control (RBAC) for Azure Key Vault, which is a crucial aspect of managing access permissions to your key vaults and the secrets stored within them. RBAC allows you to delegate specific permissions to Azure Active Directory user accounts or system-managed identities. This way you can define what data and what actions are permissible by users, groups, or applications.When RBAC is not enabled for your Azure Key Vaults, it may result in unauthorized access or manipulation of your secrets, keys, and certificates. This can pose serious threats to your Azure resources, including data breaches and unwanted changes. Therefore, ensuring RBAC is enabled for Azure Key Vault is essential to maintain strong access control security. This alert signifies that RBAC for the Azure Key vault is currently not enabled, which poses a security risk.” “How can I remediate this using cloud security provider CLI?”“Since this alert involves enabling Role Based Access Control for Azure Key Vault, you will need to use Azure command-line interface (CLI) for remediation:First, you need to login to your Azure account using the Azure CLI. Run the following command and follow the instruction: az login Once logged in, you can view all your subscriptions with: az account list - output table If you have multiple subscriptions, set the relevant subscription where your Key Vault resides az account set - subscription ‘your-subscription-id’ ETC… More on how Lacework AI Assist works including in depth examples is available in this launch blog or in the below demo video. 

Lacework static application security testing (SAST) empowers teams to rapidly scale their static code analysis, reduce noise, prioritize what matters most, and uncover hidden security defects. Developers gain fast and accurate results that minimize security obstacles as they write code. Lacework provides differential analysis each time code is updated to highlight new vulnerabilities and allow developers to focus on risks they’ve introduced.With Lacework, application security teams gain deep insights into critical risks within their most exposed applications. Lacework provides an in-depth model of each application’s control and data flows to uncover complex and hard to find vulnerabilities.Read more about the new SAST capabilities from Lacework here.

A key to code security is knowing what’s in your codebase. But, because of the neverending web of indirect and transient third-party dependencies, it’s not easy to keep track of your code’s components.Launched this week, software composition analysis (SCA) from Lacework gives customers continuous visibility into their third-party and open-source software packages, indirect dependencies, and any associated vulnerability and license risks. The unique approach taken by Lacework goes far beyond basic SCA functionality. Lacework provides teams continuous visibility into exactly where and how vulnerable packages are used, how often each is referenced, who owns the code and was responsible for bringing it in, and how to rapidly remediate vulnerabilities.Better tracking of software supply chains through an always-up-to-date software bill of materials (SBOM) for each application is also now available thanks to the new SCA functionality. With this new capability, Lacework eliminates the risks associated with stale or outdated SBOMs by dynamically generating them each time a merge or pull request is committed. For existing SBOMs, the tools identify what is new or has changed and continuously append that data to the previous version. The software also makes it easier for customers to share sensitive supply chain information with their customers and partners by giving them the means to programmatically control access to SBOMs.Finally, Lacework SCA helps assess risk and compliance with open-source software licenses by identifying if the package use violates a particular license. The platform can identify different types of license restrictions and any imposed obligations such as attribution, source code disclosure, and copyleft requirements to ensure teams avoid packaging software that may create any downstream IP or financial risks.More on the new SCA and SBOM capabilities from Lacework is available in the video below and on this dedicated landing page while more on Lacework’s new Code Security capabilities is available here.  

Lacework has extended its cloud security posture management (CSPM) capabilities to Oracle Cloud Infrastructure (OCI). The new offering provides OCI users with a new, premium cybersecurity solution in line with the Lacework products already deployed for Amazon, Google or Microsoft clouds. The new capability continuously ingests OCI cloud asset and configuration data to build a complete Oracle Cloud asset inventory across projects and services, and their associated risks.While OCI capabilities from Lacework can operate independently, this new offering also allows enterprise customers with multiple instances across multiple cloud service providers to have comprehensive CSPM support across the full spectrum of environments.Learn more about the new Oracle Cloud capabilities from Lacework here.

Lacework now supports two ServiceNow Vulnerability Response offerings for infrastructure and container applications. The integration, which is currently available in the ServiceNow marketplace (Container Vulnerability Response Integration and Infrastructure Vulnerability Response Integration), enables the ServiceNow Vulnerability Response application to import and automatically group vulnerable items according to group rules, which allows customers to better track, prioritize and remediate vulnerabilities. Our launch blog goes into further detail on this powerful integration. With our launch of this ServiceNow integration, Lacework has further expanded its capabilities with workflow integration tools. In April, Lacework expanded its relationship with Atlassian, the parent company of Jira, to join its Security-in-Jira program in addition to the Infrastructure as Code integration already in place.Learn more about the ServiceNow and Lacework integration below. 

Attack path analysis has long been central to Lacework, and new Azure functionality now brings the capability into the Microsoft cloud. For Azure users, Lacework can now correlate multiple attack vectors including internet exposure, critical vulnerabilities, exposed secrets, misconfigurations, and associated IAM roles to help accelerate response times by pinpointing exactly which assets are most vulnerable to attack.Attack path capabilities offered by Lacework are covered in depth in this video feature overview.The below video shows how attack path analysis works with the Exposure Polygraph tools from Lacework. 

In September 2023, Lacework introduced a number of threat detection capabilities into the platform. These updates allow users to find and remediate threats within their environments faster. They include:Broad expansion of threat intelligence tools to better identify, analyze, and manage potential or existing threats Low latency alerts that deliver advanced warning of potential threats based on intelligence and threat analysis Tagging and filtering by MITRE ATT&CK tactics and techniques, based on real-world attack scenarios  Continuous file integrity monitoring (FIM) Simplified agent configuration More...Visit this Docs page to see a roundup of all the month’s product releases.

In September, Lacework launched a suite of upgrades to its threat detection capabilities including improvements to reporting times, better context into specific threats, and upgrades to its composite alerting capabilities. Full context into the launch is over on the Lacework Blog.Among the launched enhancements, the composite alert upgrades earn special focus as Lacework uniquely differentiates in its ability to provide these updates. Launched in February, composite alerts allow Lacework users to find big threats in small signals by correlating multiple low severity security events into a meaningful notification. Composite alerts allow Lacework users to more easily identify past and present attacks such as cloud ransomware, cryptomining, and compromised credentials. September’s composite alert updates:Improve the alert UX to include a detailed events view with MITRE ATT&CK tagging, and a more comprehensive supporting evidence summary Expand the technology’s capabilities to detect potentially compromised Google identities.For more on how composite alerts work at Lacework, check out the guided tour here.

Lacework agentless workload scanning just got a major upgrade. As of August 2023, Lacework customers can now use this feature to gain more visibility over their cloud estate. Agentless workload scanning can now:Support scanning of container images managed by Containerd runtime Be integrated with Google Cloud Scan multiple/secondary volumes on hosts Scan stopped instancesLacework is also rolling out advanced threat detection capabilities. Now, in public preview, customers can reduce the time between alert detection and alert generation for high-confidence events with the platform’s new Near Real-Time Alerting Solution. Visit this Docs page to see a roundup of all the month’s product releases.

Starting in July, customers with Amazon Linux environments can expect more around vulnerability management. The platform can now track Amazon Linux vulnerabilities by CVE IDs, rather than ALAS. Amazon Linux 2023 is also now supported for vulnerability scanning.Customers can benefit from loads of enhancements, now available in Public Preview. These include:MITRE ATT&CK tagging: Now in Lacework alerts, users can see MITRE ATT&CK tags that correspond with the potential threat. Amazon GuardDuty + composite alerts: Users can now enrich the platform’s composite alerts with Amazon GuardDuty data.’ Lacework + Security in Jira integration: Lacework now supports Security in Jira integrations, where you can view, prioritize, and track remediation of vulnerabilities from your active image repositories.  Visit this Docs page to see a roundup of all the month’s product releases.

In June, Lacework took steps to make risk management even easier for users.The Lacework Remediate CLI can help users swiftly resolve a wide range of compliance issues within their AWS infrastructures using a set of pre-build remediation templates. These templates assess each alert and provide command-line remediation guidance specific to that feature. Active filters now influence the Open vulnerabilities chart for hosts and containers, and all active filters on the Host and Container Vulnerability pages now propagate to CSV reports.Visit this Docs page to see a roundup of all the month’s product releases.

May 2023 saw a host of enhancements added to the Lacework platform, specifically around risk and compliance. Attack path analysis features like the “Top work items” and Path investigation” pages are now live, along with the ability to enrich attack path analysis with Kubernetes data. The platform gained a couple of enhancements around Kubernetes compliance and custom policies.This month’s release also included some enhancements around rules subcategories and routing, composite alerts, and active vulnerability detection. Visit this Docs page to see a roundup of all the month’s product releases.