Product Updates

Several new features launched at Lacework this past month that drive unique value for enterprise-grade customers. With a focus on saving time and resources for security professionals, the features better visualize the relationship among risks risks, provide new visual dashboards, add new context to alerts, and expand our Composite Alert capabilities. Let’s take a look.Lacework Explorer Lacework Explorer combines a security graph (i.e., a graphical visualization of cloud assets) and resource explorer to show the complex relationships and associations among all of the resources and services in your cloud environment. With simple, interactive visuals, Lacework Explorer helps users quickly understand and prioritize the potential risk associated with each entity or resource. New DashboardsNew Lacework DashboardsLacework Security Dashboards provide security leaders immediate insights into how their security program is tracking against its overall goals and gives them the granular visibility to assess progress at the individual business, team, or functional levels within their organizations.  Context PanelsLacework Context Panels give you the details you need to quickly triage alerts, enabling you to view related entities and content without losing sight of the alert’s context.  Kubernetes Composite AlertsLacework Composite Alerts detect hard-to-uncover malicious activity by automatically tying together multiple indicators of suspicious activity into a single, reliable alert. Our new Kubernetes Composite Alerts help detect early signs of potential Kubernetes user and service account credential compromise that would likely go unnoticed, by automatically combining and analyzing signals from multiple sources like threat intelligence information and raw Kubernetes audit logs. Read more about these new features over on the Lacework blog.

In February 2024, Lacework rolled out several platform enhancements and new features:- Additional configuration options for Kubernetes Compliance integrations.- General availability of the Lacework Security in Jira integration for all geographic locations.- Active Package Detection (Code Aware Agent) is now generally available.- Introduction of identity management features for cloud permissions.- Support for transit gateway in attack path analysis.- New alert for potentially compromised Kubernetes users.- Detection of active and inactive Rust packages on hosts and containers.For detailed information on these updates, please visit the Docs page.

In January 2024, Lacework launched updates to enhance its security platform, including:- Crowdsourced risk analysis for improved alert insights.- Public preview features like exceptions for OCI compliance policies, a new composite alert for potentially compromised Kubernetes users, and Lacework AI Assist for chat-based alert guidance and remediation.- Enhanced support for detecting vulnerabilities on Microsoft Windows Servers, including detailed guidance and support for various Windows Server OS and applications.For a detailed overview of all these updates, visit the Docs page.

In December 2023, Lacework introduced updates aimed at broadening security capabilities and enhancing user experience. These updates include:- New data sources for Amazon EC2 and ElastiCache.- Improvements to the Cloud Compliance dashboard.- Introduction of view management features.- Extended attack path analysis for Azure assets.- Support for Oracle Cloud Infrastructure (OCI) in public preview.- Enhancements to resource groups.- Ability to create custom compliance and violation policies.For a comprehensive overview of all the updates, visit the Docs page.

In November 2023, Lacework unveiled significant updates to its platform, focusing on enhancing user experience and expanding security features. Key updates include:- Introduction of auto polling for JFrog registry integrations to streamline container scanning processes.- Enhancement of alert titles and descriptions for better clarity and actionability.- Implementation of tabbed views for Host and Container vulnerability pages to simplify navigation and analysis.- Launch of view management capabilities for creating, updating, and sharing customized views more efficiently.- Extension of attack path analysis to include Azure assets, providing comprehensive security insights across cloud environments.- Activation of active package detection for containers, improving visibility into container security.For more details on these updates, visit the Docs page.

In October 2023, Lacework introduced several enhancements to its platform, focusing on broadening its security capabilities. These updates aim to help users better identify and manage vulnerabilities and threats within their environments. Key highlights include:- Integration of CVEs for Java and NPM vulnerabilities via GitHub Security Advisory.- Enhanced container vulnerability scanning with support for Red Hat UBI 9 and Minimal Images.- Updated Google Cloud service account validation for improved permission checks.- Refined Agentless Workload Scanning documentation, including detailed IAM permissions.For a comprehensive overview of all the updates, visit the Docs page.

Lacework AI Assist, an assistive generative AI technology developed internally at Lacework, is a powerful new tool designed to help teams better understand cloud environments, gain insights faster and level up cybersecurity skills.Launched today, Lacework assistive technology that provides customers with the capability to ask questions in clear language such as:Why should I look at this alert?  What Lacework tools can I use to further investigate this?  How do I fix this misconfiguration using the AWS CLI? Does this violation affect my SOC2 compliance?Output from the tool is delivered in a simple, concise format designed to be both understood by the entry-level security analyst and with the technical depth to be actionable. Here’s what this conversation would look like with Lacework AI Assist: “Why does this alert matter?” “This alert is important because it involves enabling Role Based Access Control (RBAC) for Azure Key Vault, which is a crucial aspect of managing access permissions to your key vaults and the secrets stored within them. RBAC allows you to delegate specific permissions to Azure Active Directory user accounts or system-managed identities. This way you can define what data and what actions are permissible by users, groups, or applications.When RBAC is not enabled for your Azure Key Vaults, it may result in unauthorized access or manipulation of your secrets, keys, and certificates. This can pose serious threats to your Azure resources, including data breaches and unwanted changes. Therefore, ensuring RBAC is enabled for Azure Key Vault is essential to maintain strong access control security. This alert signifies that RBAC for the Azure Key vault is currently not enabled, which poses a security risk.” “How can I remediate this using cloud security provider CLI?”“Since this alert involves enabling Role Based Access Control for Azure Key Vault, you will need to use Azure command-line interface (CLI) for remediation:First, you need to login to your Azure account using the Azure CLI. Run the following command and follow the instruction: az login Once logged in, you can view all your subscriptions with: az account list - output table If you have multiple subscriptions, set the relevant subscription where your Key Vault resides az account set - subscription ‘your-subscription-id’ ETC… More on how Lacework AI Assist works including in depth examples is available in this launch blog or in the below demo video. 

Lacework static application security testing (SAST) empowers teams to rapidly scale their static code analysis, reduce noise, prioritize what matters most, and uncover hidden security defects. Developers gain fast and accurate results that minimize security obstacles as they write code. Lacework provides differential analysis each time code is updated to highlight new vulnerabilities and allow developers to focus on risks they’ve introduced.With Lacework, application security teams gain deep insights into critical risks within their most exposed applications. Lacework provides an in-depth model of each application’s control and data flows to uncover complex and hard to find vulnerabilities.Read more about the new SAST capabilities from Lacework here.

A key to code security is knowing what’s in your codebase. But, because of the neverending web of indirect and transient third-party dependencies, it’s not easy to keep track of your code’s components.Launched this week, software composition analysis (SCA) from Lacework gives customers continuous visibility into their third-party and open-source software packages, indirect dependencies, and any associated vulnerability and license risks. The unique approach taken by Lacework goes far beyond basic SCA functionality. Lacework provides teams continuous visibility into exactly where and how vulnerable packages are used, how often each is referenced, who owns the code and was responsible for bringing it in, and how to rapidly remediate vulnerabilities.Better tracking of software supply chains through an always-up-to-date software bill of materials (SBOM) for each application is also now available thanks to the new SCA functionality. With this new capability, Lacework eliminates the risks associated with stale or outdated SBOMs by dynamically generating them each time a merge or pull request is committed. For existing SBOMs, the tools identify what is new or has changed and continuously append that data to the previous version. The software also makes it easier for customers to share sensitive supply chain information with their customers and partners by giving them the means to programmatically control access to SBOMs.Finally, Lacework SCA helps assess risk and compliance with open-source software licenses by identifying if the package use violates a particular license. The platform can identify different types of license restrictions and any imposed obligations such as attribution, source code disclosure, and copyleft requirements to ensure teams avoid packaging software that may create any downstream IP or financial risks.More on the new SCA and SBOM capabilities from Lacework is available in the video below and on this dedicated landing page while more on Lacework’s new Code Security capabilities is available here.  

Lacework has extended its cloud security posture management (CSPM) capabilities to Oracle Cloud Infrastructure (OCI). The new offering provides OCI users with a new, premium cybersecurity solution in line with the Lacework products already deployed for Amazon, Google or Microsoft clouds. The new capability continuously ingests OCI cloud asset and configuration data to build a complete Oracle Cloud asset inventory across projects and services, and their associated risks.While OCI capabilities from Lacework can operate independently, this new offering also allows enterprise customers with multiple instances across multiple cloud service providers to have comprehensive CSPM support across the full spectrum of environments.Learn more about the new Oracle Cloud capabilities from Lacework here.

Lacework now supports two ServiceNow Vulnerability Response offerings for infrastructure and container applications. The integration, which is currently available in the ServiceNow marketplace (Container Vulnerability Response Integration and Infrastructure Vulnerability Response Integration), enables the ServiceNow Vulnerability Response application to import and automatically group vulnerable items according to group rules, which allows customers to better track, prioritize and remediate vulnerabilities. Our launch blog goes into further detail on this powerful integration. With our launch of this ServiceNow integration, Lacework has further expanded its capabilities with workflow integration tools. In April, Lacework expanded its relationship with Atlassian, the parent company of Jira, to join its Security-in-Jira program in addition to the Infrastructure as Code integration already in place.Learn more about the ServiceNow and Lacework integration below. 

Attack path analysis has long been central to Lacework, and new Azure functionality now brings the capability into the Microsoft cloud. For Azure users, Lacework can now correlate multiple attack vectors including internet exposure, critical vulnerabilities, exposed secrets, misconfigurations, and associated IAM roles to help accelerate response times by pinpointing exactly which assets are most vulnerable to attack.Attack path capabilities offered by Lacework are covered in depth in this video feature overview.The below video shows how attack path analysis works with the Exposure Polygraph tools from Lacework. 

In September 2023, Lacework introduced a number of threat detection capabilities into the platform. These updates allow users to find and remediate threats within their environments faster. They include:Broad expansion of threat intelligence tools to better identify, analyze, and manage potential or existing threats Low latency alerts that deliver advanced warning of potential threats based on intelligence and threat analysis Tagging and filtering by MITRE ATT&CK tactics and techniques, based on real-world attack scenarios  Continuous file integrity monitoring (FIM) Simplified agent configuration More...Visit this Docs page to see a roundup of all the month’s product releases.

In September, Lacework launched a suite of upgrades to its threat detection capabilities including improvements to reporting times, better context into specific threats, and upgrades to its composite alerting capabilities. Full context into the launch is over on the Lacework Blog.Among the launched enhancements, the composite alert upgrades earn special focus as Lacework uniquely differentiates in its ability to provide these updates. Launched in February, composite alerts allow Lacework users to find big threats in small signals by correlating multiple low severity security events into a meaningful notification. Composite alerts allow Lacework users to more easily identify past and present attacks such as cloud ransomware, cryptomining, and compromised credentials. September’s composite alert updates:Improve the alert UX to include a detailed events view with MITRE ATT&CK tagging, and a more comprehensive supporting evidence summary Expand the technology’s capabilities to detect potentially compromised Google identities.For more on how composite alerts work at Lacework, check out the guided tour here.

Lacework agentless workload scanning just got a major upgrade. As of August 2023, Lacework customers can now use this feature to gain more visibility over their cloud estate. Agentless workload scanning can now:Support scanning of container images managed by Containerd runtime Be integrated with Google Cloud Scan multiple/secondary volumes on hosts Scan stopped instancesLacework is also rolling out advanced threat detection capabilities. Now, in public preview, customers can reduce the time between alert detection and alert generation for high-confidence events with the platform’s new Near Real-Time Alerting Solution. Visit this Docs page to see a roundup of all the month’s product releases.

Starting in July, customers with Amazon Linux environments can expect more around vulnerability management. The platform can now track Amazon Linux vulnerabilities by CVE IDs, rather than ALAS. Amazon Linux 2023 is also now supported for vulnerability scanning.Customers can benefit from loads of enhancements, now available in Public Preview. These include:MITRE ATT&CK tagging: Now in Lacework alerts, users can see MITRE ATT&CK tags that correspond with the potential threat. Amazon GuardDuty + composite alerts: Users can now enrich the platform’s composite alerts with Amazon GuardDuty data.’ Lacework + Security in Jira integration: Lacework now supports Security in Jira integrations, where you can view, prioritize, and track remediation of vulnerabilities from your active image repositories.  Visit this Docs page to see a roundup of all the month’s product releases.

In June, Lacework took steps to make risk management even easier for users.The Lacework Remediate CLI can help users swiftly resolve a wide range of compliance issues within their AWS infrastructures using a set of pre-build remediation templates. These templates assess each alert and provide command-line remediation guidance specific to that feature. Active filters now influence the Open vulnerabilities chart for hosts and containers, and all active filters on the Host and Container Vulnerability pages now propagate to CSV reports.Visit this Docs page to see a roundup of all the month’s product releases.

May 2023 saw a host of enhancements added to the Lacework platform, specifically around risk and compliance. Attack path analysis features like the “Top work items” and Path investigation” pages are now live, along with the ability to enrich attack path analysis with Kubernetes data. The platform gained a couple of enhancements around Kubernetes compliance and custom policies.This month’s release also included some enhancements around rules subcategories and routing, composite alerts, and active vulnerability detection. Visit this Docs page to see a roundup of all the month’s product releases.