New context panels and Composite Alerts for Kubernetes and potential penetration tests

Incident responders are constantly sifting through alerts from multiple security tools these to determine the priority and authenticity of potential threats. Recognizing this challenge, Lacework has introduced several enhancements aimed at saving time for security teams.Lacework's recent automation of Composite Alerts for Kubernetes (K8s) is designed to detect early signs of user and service account credential compromises — common vulnerabilities in the widely exposed K8s clusters. Moreover, the addition of Context Panels simplifies the alert review process by providing crucial details in a single, consolidated view, streamlining investigations and decision-making.Beyond the typical response to security vulnerabilities, Lacework is taking proactive measures to address risks before they escalate. Their approach focuses on anomaly detection, which plays a crucial role during the critical window before vulnerabilities like xz-utils are publicly known. This preemptive strategy ensures that security professionals can identify and mitigate threats early, leveraging Composite Alerts that highlight unusual activities indicative of a breach. Such capabilities underscore the importance of advanced threat detection systems that can adapt and respond to dynamic security landscapes.Lacework's innovation has also extended to differentiating real threats from penetration tests in cloud environments. The introduction of the Potential Penetration Test Composite Alert tool empowers teams to quickly discern between drills and actual cyberattacks, enhancing operational efficiency. This functionality, combined with strategic insights and real-time data access, equips security teams with the tools necessary to defend their systems effectively without the previously inevitable delays. Collectively, these updates from Lacework not only fortify security protocols but also significantly reduce the time incident responders spend analyzing and responding to alerts, optimizing their ability to protect their organization better and faster. More is available in respective blog posts: Swift insights, smarter decisions with Lacework Context Panels Anomaly detection and the xzutils zero day - a Composite Alert demonstration story Pentest or real threat? How automated investigations help you respond in record time How to stop k8s attacks earlier with less work Pod Squared - the ultimate guide to catching Kubernetes kulprits How Lacework composite alerts caught a Windows incident - a detailed walkthrough 

Related products:React: Better Threat Management

New enterprise-grade features: Lacework Explorer, Dashboards, Kubernetes Composite Alerts

Several new features launched at Lacework this past month that drive unique value for enterprise-grade customers. With a focus on saving time and resources for security professionals, the features better visualize the relationship among risks risks, provide new visual dashboards, add new context to alerts, and expand our Composite Alert capabilities. Let’s take a look.Lacework Explorer Lacework Explorer combines a security graph (i.e., a graphical visualization of cloud assets) and resource explorer to show the complex relationships and associations among all of the resources and services in your cloud environment. With simple, interactive visuals, Lacework Explorer helps users quickly understand and prioritize the potential risk associated with each entity or resource. New DashboardsNew Lacework DashboardsLacework Security Dashboards provide security leaders immediate insights into how their security program is tracking against its overall goals and gives them the granular visibility to assess progress at the individual business, team, or functional levels within their organizations.  Context PanelsLacework Context Panels give you the details you need to quickly triage alerts, enabling you to view related entities and content without losing sight of the alert’s context.  Kubernetes Composite AlertsLacework Composite Alerts detect hard-to-uncover malicious activity by automatically tying together multiple indicators of suspicious activity into a single, reliable alert. Our new Kubernetes Composite Alerts help detect early signs of potential Kubernetes user and service account credential compromise that would likely go unnoticed, by automatically combining and analyzing signals from multiple sources like threat intelligence information and raw Kubernetes audit logs. Read more about these new features over on the Lacework blog.

Lacework AI Assist launches to simplify cloud security and level up your team

Lacework AI Assist, an assistive generative AI technology developed internally at Lacework, is a powerful new tool designed to help teams better understand cloud environments, gain insights faster and level up cybersecurity skills.Launched today, Lacework assistive technology that provides customers with the capability to ask questions in clear language such as:Why should I look at this alert?  What Lacework tools can I use to further investigate this?  How do I fix this misconfiguration using the AWS CLI? Does this violation affect my SOC2 compliance?Output from the tool is delivered in a simple, concise format designed to be both understood by the entry-level security analyst and with the technical depth to be actionable. Here’s what this conversation would look like with Lacework AI Assist: “Why does this alert matter?” “This alert is important because it involves enabling Role Based Access Control (RBAC) for Azure Key Vault, which is a crucial aspect of managing access permissions to your key vaults and the secrets stored within them. RBAC allows you to delegate specific permissions to Azure Active Directory user accounts or system-managed identities. This way you can define what data and what actions are permissible by users, groups, or applications.When RBAC is not enabled for your Azure Key Vaults, it may result in unauthorized access or manipulation of your secrets, keys, and certificates. This can pose serious threats to your Azure resources, including data breaches and unwanted changes. Therefore, ensuring RBAC is enabled for Azure Key Vault is essential to maintain strong access control security. This alert signifies that RBAC for the Azure Key vault is currently not enabled, which poses a security risk.” “How can I remediate this using cloud security provider CLI?”“Since this alert involves enabling Role Based Access Control for Azure Key Vault, you will need to use Azure command-line interface (CLI) for remediation:First, you need to login to your Azure account using the Azure CLI. Run the following command and follow the instruction: az login Once logged in, you can view all your subscriptions with: az account list - output table If you have multiple subscriptions, set the relevant subscription where your Key Vault resides az account set - subscription ‘your-subscription-id’ ETC… More on how Lacework AI Assist works including in depth examples is available in this launch blog or in the below demo video. 

New software composition analysis (SCA) capabilities with always-up-to-date SBOMs from Lacework

A key to code security is knowing what’s in your codebase. But, because of the neverending web of indirect and transient third-party dependencies, it’s not easy to keep track of your code’s components.Launched this week, software composition analysis (SCA) from Lacework gives customers continuous visibility into their third-party and open-source software packages, indirect dependencies, and any associated vulnerability and license risks. The unique approach taken by Lacework goes far beyond basic SCA functionality. Lacework provides teams continuous visibility into exactly where and how vulnerable packages are used, how often each is referenced, who owns the code and was responsible for bringing it in, and how to rapidly remediate vulnerabilities.Better tracking of software supply chains through an always-up-to-date software bill of materials (SBOM) for each application is also now available thanks to the new SCA functionality. With this new capability, Lacework eliminates the risks associated with stale or outdated SBOMs by dynamically generating them each time a merge or pull request is committed. For existing SBOMs, the tools identify what is new or has changed and continuously append that data to the previous version. The software also makes it easier for customers to share sensitive supply chain information with their customers and partners by giving them the means to programmatically control access to SBOMs.Finally, Lacework SCA helps assess risk and compliance with open-source software licenses by identifying if the package use violates a particular license. The platform can identify different types of license restrictions and any imposed obligations such as attribution, source code disclosure, and copyleft requirements to ensure teams avoid packaging software that may create any downstream IP or financial risks.More on the new SCA and SBOM capabilities from Lacework is available in the video below and on this dedicated landing page while more on Lacework’s new Code Security capabilities is available here.