Lacework announced the acquisition of Soluble, a scalable cloud infrastructure management company.
The Infrastructure as Code (IaC) remediation capabilities Soluble provides, in addition to several new updates to the Lacework platform announced, combine to help organizations integrate security practices into their software delivery workflows, further extending the value of the platform to customers.
The Lacework platform delivers end-to-end visibility across multi-cloud environments, including detecting unknown and known threats, vulnerabilities, misconfigurations, and unusual activities.
Powered by the patented Polygraph self-learning engine, the Lacework platform automatically learns how cloud environments run, and identifies behavioral anomalies — delivering the handful of highly accurate alerts that matter, coupled with the context needed to take fast action. Now, with the addition of Soluble, Lacework expands coverage to include Infrastructure as Code in addition to AWS, GCP, Azure, private and hybrid cloud, Kubernetes, containers, and workloads, and interlaces security at the earliest point in the DevOps cycle.
The use of IaC increases velocity and consistency for developers and can enable security teams to get ahead of potential errors before production. As companies scale, this becomes a requirement. Until now, many organizations have been challenged with integrating security practices directly into current developer workflows and tools.
The Lacework platform democratizes access to security data across developers, DevOps, cloud operations, IT, and security teams so that organizations can effortlessly develop secure environments and products. Lacework empowers businesses and developers to focus on delivering code quickly and securely, the top priority for organizations operating in a digital-first world.
Lacework builds bridge between developers and security pros with Soluble
Soluble helps customers quickly detect and fix misconfigurations and policy violations in their IaC via Terraform, CloudFormation, and Kubernetes. Through static analysis of code, plus inspection of risk, impact, cost, and policy, Soluble uncovers issues and enables remediation of IaC.
Due to the internal structure of most organizations, security and development teams are often at odds with one another, making it more difficult to identify and quickly fix vulnerabilities or misconfigurations before they make it into production. Together, Lacework and Soluble put security practices in the hands of developers and tie it into their existing workflows.
By extending the Lacework platform capabilities to first inform and then automate fixes at the source, customers can build proactive practices in continuous integration/continuous delivery (CI/CD) pipelines to reduce risk and build faster.
“Developers play an integral role in solving cloud security problems. With Soluble and the new developer-focused features of our platform, we’re helping our customers remove the friction between security and development teams. Fixing security issues earlier coupled with making cloud security insights more accessible across the organization allows developers to ship faster and safer,” said Jay Parikh, Co-CEO at Lacework.
“Joining Lacework is an exceptional next step for both Soluble and our customers,” said Rob Schoening, CEO, Soluble. “By combining our remediation capabilities at the source code level with the power of Lacework’s platform at build and runtime, technologists, for the first time, can truly interlace security throughout the development lifecycle.”
Remediating container vulnerabilities earlier, based on true risk
Lacework also announced new features that enable customers to detect and remediate vulnerabilities sooner in the development process. By empowering developers to address vulnerabilities before code is deployed in production, customers can secure their environments and thus decrease the risk of successful attacks, while saving time and money.
For example, an online lending marketplace’s security bill was cut in half, and the ability to effectively identify unknown threats reduced their annual risk by an estimated $1,200,000.
- Prevent vulnerabilities at build time: With the new inline vulnerability scanner, the Lacework platform empowers developers to identify vulnerable container images and update them before they are ever deployed — without involvement from the security team. Developers can now perform fast, low latency, on-demand scans directly within their CI pipeline through integrations with developer-focused tools like Jenkins.
- Block vulnerable containers before runtime: The new Lacework admission controller for Kubernetes helps security teams ensure every container image meets security standards before being deployed. Organizations can now automatically block container images that fail to meet standards from deploying in production.
- Prioritize fixes in runtime with actionable risk scoring: The new risk-based scoring leverages a combination of insights across build time and runtime to understand the true risk of a vulnerability in any customer’s unique environment. This allows developers to better prioritize remediation tasks and quickly make the most impact to improve their security posture sooner.
- Support for Extended Berkeley Packet Filter (eBPF): Enables Lacework customers to gain complete visibility into their container processes with virtually zero overhead and exceptionally simple deployment, including no need for additional configuration.