Lacework Adds AWS CloudTrail Support to Polygraph

Cloud security firm Lacework is giving Amazon Web Services (AWS) administrators some help with monitoring their accounts.

The company this week said it is extending Polygraph, its flagship security platform, to support CloudTrail, AWS' service for tracking and logging events across an organization's AWS environment. The integrated offering is called Lacework for AWS CloudTrail.

CloudTrail lets AWS administrators monitor and record activity throughout their accounts, including user log-ins and any changes to accessibility levels and resource usage.

The service is particularly helpful for maintaining compliance and detecting behaviors that could lead to security breaches, but, as Lacework notes, its scope also means users typically have to parse millions of events before they can get actionable information out of their CloudTrail logs.

Lacework for AWS CloudTrail promises to simplify the work of analyzing CloudTrail data by using Lacework's so-called "zero-touch security approach." This approach relies on machine learning to reduce the amount of overhead needed to sift through event logs to dig out relevant information.

"Our proprietary machine learning techniques aggregate and organize CloudTrail data into intuitive maps and dashboards," said Lacework CTO and Co-Founder Vikram Kapoor in a prepared statement. "Alerts are automatically triggered when usage of an organization's AWS account by users deviates from the baseline of normal behavior."

[Click on image for larger view.] Polygraph leverages CloudTrail to give AWS administrators visual insight into user activity across their entire environment.

Broadly, Lacework says its offering is primed to detect three categories of anomalous behavior in AWS:

  • Unauthorized activity on AWS resources, in regions or accounts; activation of new services or changes to AWS S3 buckets.
  • Suspicious changes to users, roles, or access; changes in security groups, bypass of two-factor authentication.
  • Changes to AWS infrastructure services: tampering with access master keys, modifications to route table, or network interfaces and services.

Lacework for AWS CloudTrail is now available in the AWS Marketplace, including a 14-day free trial. More information is available on this datasheet.

About the Author

Gladys Rama (@GladysRama3) is the editorial director of Converge360.


Subscribe on YouTube