Lacework - Experts & Thought Leaders

Lacework, the data-driven security platform, has announced new CIEM functionality to address the complex and growing challenges in managing identity threats and unnecessary risks within public cloud environments.  With over 35,000 granular permissions across hyperscale cloud providers, organisations can struggle to maintain an overview and manage access and identities securely. Most cloud users and instances are granted far more permissions than they require, exposing unnecessary vulnerabilities to cloud breaches, account takeover, and data exfiltration. This issue is then intensified by machine identities in the cloud, which typically outnumber humans by an order of magnitude. New CIEM capabilities Lacework delivers real-time monitoring of all cloud identities across complex multi-cloud environments Lacework’s new CIEM capabilities extend the company’s broad identity security offerings with powerful new automation that calculates risks and prioritises action for security teams. Lacework delivers real-time monitoring of all cloud identities across complex multi-cloud environments. This has been combined with its sophisticated system and behavioural analysis to identify exposed secrets, IAM misconfiguration, and over-provisioning of permissions, and to prioritise any necessary action according to risk. Simplifying cloud identity security These new capabilities augment Lacework’s existing anomaly detection technology that actively monitors human and non-human activity to detect behaviour that may be a sign of an attack in progress. Unifying these capabilities at scale bridges the gap between IAM and SecOps teams to simplify cloud identity security. “Our customers need to know what entities are doing in their cloud and whether it’s malicious or inappropriate, and it can’t get in the way of their ability to move fast,” said Adam Leftik, Vice President, of Product, Lacework.  Identifying risk via a single platform Customers can address both sides of the identity security issue with the context to investigate, prioritise, and respond  Adam Leftik adds, “Now Lacework customers can address both sides of the identity security issue with a single platform that prevents identity risk exposure and detects identity threats at scale, with the context to quickly investigate, prioritise, and respond to identity alerts." He continues, "It’s the latest step in our mission to give enterprises the confidence to rapidly innovate in the cloud and drive their business forward.” New entitlement management technology Lacework dynamically discovers all cloud user, resource, group, and role identities and their net-effective permissions, and automatically correlates granted versus used permissions to determine identities with excessive privileges. The platform calculates a risk score for each identity, determines the riskiest identities based on attack path analysis, and auto-generates high-confidence recommendations for right-sizing permissions based on historical observations. Customer benefits  Combined with Lacework’s ability to prioritise risks from an attack path context, as well as detect user and entity behaviour anomalies, customers can: Continuously comply with IAM security and regulatory compliance requirements. Identify all cloud user, application, and service identities, know exactly what actions each can take, and prioritise the identities that pose the greatest risk. Limit the blast radius of compromised cloud accounts, achieve the least privilege, and establish trust with engineering teams. Continuously discover risky behaviour, including lateral movement and privilege escalation, without writing rules or stitching together disparate alerts. Rapidly detect insider threats associated with malicious or accidental abuse of permissions. Easy risk detection “Enforcing least privilege and having visibility of identities and entitlements is a top cloud security challenge for IDC clients. With this innovation from Lacework, security teams can automatically see which identities are overly-permissive, and zero in on the ones that pose the greatest risk,” said Philip Bues, Research Manager for Cloud Security, at IDC. He adds, “Beyond prioritising risks, this will also allow teams to confidently suggest policy changes and reduce their overall attack surface risk.”

Lacework, the data-driven cloud security company, announced the appointment of Lea Kissner as its new Chief Information Security Officer (CISO). As CISO, Kissner will be responsible for pioneering the development and implementation of Lacework’s overall security strategy and programmes. 20 years of experience Kissner brings over 20 years of experience pioneering security, privacy, and anti-abuse efforts at global organisations to Lacework. Their experience includes serving as CISO at Twitter, Chief Privacy Officer at Humu, and Global Lead of Privacy Technology at Google. In the spring of 2020, when Zoom experienced security concerns after a massive increase in usage due to the COVID-19 pandemic, Kissner served as a Security and Privacy consultant for the company to improve the security, privacy and anti-abuse features of Zoom’s products and systems.  Board member of the USENIX Kissner currently serves as a board member of the USENIX Association Kissner currently serves as a board member of the USENIX Association, a nonprofit organisation dedicated to supporting the advanced computing systems communities and furthering the reach of innovative research. “I am thrilled to join the team at Lacework and our mission to secure the cloud at a time when enterprises are increasingly expanding their cloud environments,” said Lea Kissner, adding “My whole career I’ve been passionate about helping people build respectful, secure products that just work for their users. Lacework’s unique, data-driven approach to cloud security allows customers to do just that while taking advantage of all the inherent benefits of the cloud.” Cloud security market Kissner’s appointment comes as Lacework continues to expand its presence in the cloud security market, as well as its leadership team. In November of 2022, the company announced Andrew Casey as CFO and Meagen Eisenberg as CMO. “Lea brings a deep understanding of both the challenges facing modern CISOs, as well as the tremendous value CISOs bring to their organisations and customers when given the chance to implement security best practices,” said Jay Parikh, CEO, Lacework. Jay Parikh adds, “Every enterprise needs to be investing in security leadership, both at the operator and board level, and Lea’s experience will help us better serve our customer CISOs as we continue to deliver a world-class cloud security platform to help them do their job.”

Lacework®, a data-driven cloud security company announced major enhancements to the Lacework Partner Program that will drive improved business outcomes for customers. The programme helps partners focus on the specific security needs of customers, making it easier to help organisations find the best security solution for their environment with the Lacework Polygraph® Data Platform. Customers receive faster time to protection and insights and ongoing support for their cloud security solution. Addresses cloud security challenge  For years, Lacework has been building and continuously expanding its partner programme to address the never-ending challenge of cloud security and reward its partners with industry-leading discounts, incentives, and enablement to facilitate customer conversation. With increasing customer demand for cloud security solutions, partners are essential to meeting the needs of these cloud businesses and are involved in 85% of all new deals.  Features  Lacework is expanding the programme, which recently received a 5-star rating in the 2023 CRN Partner Program Guide, to include new features and capabilities, such as: Capture the Flag: A hands-on game and enablement tool that exposes teams to how the Lacework cloud-native application protection platform (CNAPP) is used to solve complex cloud security problems with mock incidents in a fun and competitive way. A Capture the Flag (CTF) session is designed for partners and/or prospective customers to experience a test drive of Lacework and the breadth of use cases without having to deploy it into their environment.  Cloud Service Assessments (CSA): Complimentary 1-week access to Lacework to complete a rapid risk assessment in a customer’s environment to uncover and report risks within an organisation’s cloud posture. From installation to report generation, the CSA automatically generates a bespoke report in less than one hour. The CSA is available to customers in the AWS Marketplace, a digital catalogue with thousands of software listings from independent software vendors that make it easy to find, test, buy, and deploy software that runs on Amazon Web Services (AWS) and is implemented through a certified AWS Partner. Enhanced post-sale services: New certifications for partners to deliver post-sales services to customers, helping to support the Lacework platform, integrate existing tools, and optimise cloud environments. These enhancements also make it possible for partners to provide managed services for ongoing support to customers. Comprehensive understanding  We provided customers with an understanding of the security market to make the right decision"  “Lacework’s value to the AWS customer is crystal clear and differentiated,” said Chris Grusz, Director of Business Development, AWS Marketplace, Service Catalog, and Control Tower at AWS. Chris Grusz adds, “By co-selling, co-marketing, and co-building alongside us, we’re helping provide customers with a more comprehensive understanding of the security market so they can make the right decision for their environments over the long term.”  Managed Service Provider (MSP) Program Furthering its commitment to customers, Lacework created a new Managed Service Provider (MSP) Program within the Lacework Partner Program. Designed for MSPs, this new initiative is for partners who deliver security outcomes for their customers as part of a whole stack service offering. The Lacework MSP Program allows organisations without a full security team to bring Lacework to their environment without worrying about building their team. Effective and efficient implementation We focus on helping all ecosystem members cut through that noise so they can understand environmental needs"  “Emerging markets like cloud security are filled with a lot of noise from vendors and a lot of options for customers and partners to explore,” said Bob Layton, Chief Channel Officer at eSentire. Bob Layton adds, “We focus on helping all ecosystem members cut through that noise so they can understand what their environment truly needs and how to implement that effectively and efficiently. This new MSP Program from Lacework is just another signal to us and the broader market that they’re laser-focused on doing right by partners and customers.” Seamless cloud security "Cloud security is already an uphill battle, and today’s macroeconomic environment only poses further challenges as enterprises seek to protect their continuously changing environments with fewer resources," said Brian Lanigan, VP, of Worldwide Channels & Alliances, Lacework. Brian Lanigan adds, "That's why we strive to make securing the cloud as seamless as possible for organisations of all sizes. By working together with our global network of VARs, MSSPs, SIs, and CSPs, we can help customers achieve the best security outcome for their business while also benefiting the entire partner community."