News

Lacework Adds AWS CloudTrail Support to Polygraph

• By Gladys Rama
• 08/16/2017

Cloud security firm Lacework is giving Amazon Web Services (AWS) administrators some help with monitoring their accounts.

CloudTrail lets AWS administrators monitor and record activity throughout their accounts, including user log-ins and any changes to accessibility levels and resource usage.

The service is particularly helpful for maintaining compliance and detecting behaviors that could lead to security breaches, but, as Lacework notes, its scope also means users typically have to parse millions of events before they can get actionable information out of their CloudTrail logs.

Lacework for AWS CloudTrail promises to simplify the work of analyzing CloudTrail data by using Lacework's so-called "zero-touch security approach." This approach relies on machine learning to reduce the amount of overhead needed to sift through event logs to dig out relevant information.

"Our proprietary machine learning techniques aggregate and organize CloudTrail data into intuitive maps and dashboards," said Lacework CTO and Co-Founder Vikram Kapoor in a prepared statement. "Alerts are automatically triggered when usage of an organization's AWS account by users deviates from the baseline of normal behavior."

Broadly, Lacework says its offering is primed to detect three categories of anomalous behavior in AWS:

• Unauthorized activity on AWS resources, in regions or accounts; activation of new services or changes to AWS S3 buckets.
• Suspicious changes to users, roles, or access; changes in security groups, bypass of two-factor authentication.
• Changes to AWS infrastructure services: tampering with access master keys, modifications to route table, or network interfaces and services.

Lacework for AWS CloudTrail is now available in the AWS Marketplace, including a 14-day free trial. More information is available on this datasheet.