Lacework announced new features added to the Polygraph Data Platform which provide enhanced visibility and protection in Kubernetes environments.
Through Kubernetes audit log monitoring, integration with the Kubernetes admission controller, and Infrastructure as Code (IaC) security, Lacework customers can now further minimize risks in build time and automate discovery of unusual behavior that could signify cloud account or container compromise.
With these new features, Lacework is the only company which can offer automated anomaly detection that provides consistent visibility, context, and security across the entirety of a customer’s multi-cloud environment from a single security platform.
According to Gartner, “by 2026, more than 90% of global organizations will be running containerized applications in production, which is a significant increase from less than 40% today.”
As more organizations leverage container-based application deployment to scale their businesses, they are rapidly adopting Kubernetes to manage containerized workloads. While easier to manage overall, the complexity and sheer size of Kubernetes environments makes it difficult for companies to detect threats, ensure compliance, and efficiently capture relevant security events. Existing security tools and manual procedures aren’t built to secure the Kubernetes attack surface, which slows down agile development and defeats the purpose of using containers.
This forces customers to employ additional Kubernetes-specific tools, further slowing down understaffed security teams with additional tool sprawl and alert fatigue. In fact, Red Hat found in its 2021 State of Kubernetes Security Report that more than half of respondents delayed deploying Kubernetes applications into production due to security concerns. Developers need more automated practices to quickly resolve issues and focus on delivering revenue-driving initiatives.
Lacework eliminates this challenge by integrating container security into the Polygraph Data Platform, providing end-to-end, integrated monitoring that enables customers to secure their cloud and Kubernetes environments from build to runtime. By consolidating disparate tools into a single platform, Lacework provides a highly automated solution that empowers organizations to seamlessly integrate security into developer workflows. The new features provide comprehensive visibility, threat detection and alerts, configuration and compliance checks, and vulnerability scans:
- Kubernetes audit logs monitoring: A typical Kubernetes environment could include thousands of pods and containers with components constantly being created, shut down, or moved, and generating millions of events daily. This feature enables customers to monitor Kubernetes audit logs and all user and system actions to detect unknown and known threats.
- Kubernetes admission controller: Through this integration, the Polygraph Data Platform can scan containers for misconfigurations or vulnerabilities prior to deployment on Kubernetes. Customers can use pre-built or customer policies to define the criteria, threshold, and response for a violation.
- IaC security: Using capabilities available following the acquisition of Soluble, Lacework customers can now review Infrastructure as Code prior to deployment to identify and optionally block insecure Kubernetes-related configurations.
Containerized workloads are already difficult for many security solutions to keep up with because of their ephemeral and constantly changing nature. At scale, it’s impossible for often understaffed security teams to effectively secure these environments,” said Frank Dickson, Group Vice President, Security & Trust research practice, IDC. “Any benefit organizations get from deploying Kubernetes environments is negated by security approaches which don’t provide security teams with the same automation Kubernetes provides to developers.”
“We chose Lacework because it provides a fully integrated platform for cloud security. Before Lacework, we lacked the granularity and depth we needed to assess vulnerabilities due to numerous disparate tools,” said Michael Lyborg, Senior Vice President, Global Information Security & Enterprise IT at Swimlane. “By integrating Lacework and the Swimlane low-code automation platform we automated our container image scans. This has resulted in time savings, better prioritization of work, faster iteration and validation of builds. The integration gave us the ability to retroactively and continuously scan published images so we have a continuous real-time view of risk across our dynamic cloud environment.”
“While so much innovation has focused on helping developers work more efficiently to create revenue-driving initiatives, very little has been applied to the security tools that keep businesses safe, reducing the gains of development teams and ultimately putting organizations at risk,” said Adam Leftik, VP of Product, Lacework. “Security teams are as important as developers in driving revenue for businesses, and these Kubernetes features for the Polygraph Data Platform ensure they can help teams across the business innovate securely and with confidence.”
The Lacework Polygraph Data Platform is the only solution that extends automated anomaly detection across AWS, Google Cloud and now Microsoft Azure and Kubernetes EKS environments. Using accurate, machine learning-based threat detection at scale, the Polygraph Data Platform empowers customers to innovate with confidence.
Kubernetes audit logs monitoring is now available to Lacework customers on AWS EKS in limited availability. The Kubernetes admission controller integration is generally available. Integration with IaC security is available to all Lacework customers.