Cloud security company Lacework Inc. today announced new capabilities that enable organizations to uncover more critical threats to their infrastructure.
Designed to empower teams to collaborate more efficiently in alert investigation and response, the new automated time-series modeling has been added to the existing anomaly detection capabilities of Lacework’s Polygraph Data Platform.
The new functions use automated learning and behavioral analytics to build a baseline of the volume and frequency of activity within a customer’s environment. The technology actively monitors for spikes that deviate from a unique baseline to accurately detect potential threats such as cryptomining attacks and compromised accounts.
Organizations can use the new capabilities to proactively discover increased cloud usage from misconfigurations to understand their environment better and help control costs. The service does so without the need for constant tuning of thresholds, significantly reducing both manual work and false positive alerts.
Lacework has upgraded its alerting experience to empower teams to collaborate more efficiently in alert investigation and response. The company argues that the amount of activity in the cloud and the adoption of new technology makes it difficult to monitor risks, investigate alerts efficiently and take action, especially when teams are siloed into different workstreams and tools.
Lacework’s cloud behavioral analytics engine Polygraph uses dozens of models to build a baseline of expected behaviors in the cloud. The model introduces a new dimension of analysis by tracking changes in activity frequency and volume over time in a cloud environment, working with existing models to uncover more anomalies with fewer alerts.
The service also automatically adjusts the severity of alerts based on continuous learning and understanding how observed behaviors deviate from the predicted baseline for improved accuracy.
Lacework has also revamped the alerting experience in its platform to help collaborative teams prioritize, investigate and track the status of all alerts. This includes context-rich insights that give a complete picture of what has happened to help organizations understand where to focus and make better decisions. Configurable bidirectional sync in the platform updates alert statuses automatically across the Lacework user interface and third-party backend workflow tools such as Jira.
With the service, organizations can also give feedback on Lacework alert severity levels, helping the Polygraph Data Platform learn and optimize modeling to improve the alerting experience further. Easier-to-manage alert lifecycles allows teams to easily organize alerts, view tags, filter to see a set of specific alerts, change the state of an alert to indicate whether it needs to be investigated or has been resolved and add comments to classify and better collaborate with teams.
“The Polygraph Data Platform is the only cloud security solution to combine automated time series analysis with sophisticated cloud behavioral analytics to build baselines that are tailored to a company’s unique environment,” Arash Nikkar, vice president of engineering at Lacework, said in a statement. “Combined with our enhanced alerting capabilities, we’re making it easier for teams to identify relevant risks and prioritize threats, even as their organization scales, the attack surface grows bigger, and security incidents increase exponentially.”