Lacework, the data-driven security platform, has announced new CIEM functionality to address the complex and growing challenges in managing identity threats and unnecessary risks within public cloud environments.
With over 35,000 granular permissions across hyperscale cloud providers, organisations can struggle to maintain an overview and manage access and identities securely.
Most cloud users and instances are granted far more permissions than they require, exposing unnecessary vulnerabilities to cloud breaches, account takeover, and data exfiltration. This issue is then intensified by machine identities in the cloud, which typically outnumber humans by an order of magnitude.
New CIEM capabilities
Lacework delivers real-time monitoring of all cloud identities across complex multi-cloud environments
Lacework’s new CIEM capabilities extend the company’s broad identity security offerings with powerful new automation that calculates risks and prioritises action for security teams. Lacework delivers real-time monitoring of all cloud identities across complex multi-cloud environments.
This has been combined with its sophisticated system and behavioural analysis to identify exposed secrets, IAM misconfiguration, and over-provisioning of permissions, and to prioritise any necessary action according to risk.
Simplifying cloud identity security
These new capabilities augment Lacework’s existing anomaly detection technology that actively monitors human and non-human activity to detect behaviour that may be a sign of an attack in progress.
Unifying these capabilities at scale bridges the gap between IAM and SecOps teams to simplify cloud identity security.
“Our customers need to know what entities are doing in their cloud and whether it’s malicious or inappropriate, and it can’t get in the way of their ability to move fast,” said Adam Leftik, Vice President, of Product, Lacework.
Identifying risk via a single platform
Customers can address both sides of the identity security issue with the context to investigate, prioritise, and respond
Adam Leftik adds, “Now Lacework customers can address both sides of the identity security issue with a single platform that prevents identity risk exposure and detects identity threats at scale, with the context to quickly investigate, prioritise, and respond to identity alerts."
He continues, "It’s the latest step in our mission to give enterprises the confidence to rapidly innovate in the cloud and drive their business forward.”
New entitlement management technology
Lacework dynamically discovers all cloud user, resource, group, and role identities and their net-effective permissions, and automatically correlates granted versus used permissions to determine identities with excessive privileges.
The platform calculates a risk score for each identity, determines the riskiest identities based on attack path analysis, and auto-generates high-confidence recommendations for right-sizing permissions based on historical observations.
Customer benefits
Combined with Lacework’s ability to prioritise risks from an attack path context, as well as detect user and entity behaviour anomalies, customers can:
- Continuously comply with IAM security and regulatory compliance requirements.
- Identify all cloud user, application, and service identities, know exactly what actions each can take, and prioritise the identities that pose the greatest risk.
- Limit the blast radius of compromised cloud accounts, achieve the least privilege, and establish trust with engineering teams.
- Continuously discover risky behaviour, including lateral movement and privilege escalation, without writing rules or stitching together disparate alerts.
- Rapidly detect insider threats associated with malicious or accidental abuse of permissions.
Easy risk detection
“Enforcing least privilege and having visibility of identities and entitlements is a top cloud security challenge for IDC clients. With this innovation from Lacework, security teams can automatically see which identities are overly-permissive, and zero in on the ones that pose the greatest risk,” said Philip Bues, Research Manager for Cloud Security, at IDC.
He adds, “Beyond prioritising risks, this will also allow teams to confidently suggest policy changes and reduce their overall attack surface risk.”