Lacework expands capabilities for fixing Log4j flaw

Lacework today announced updates to its cloud security platform aimed at helping customers to prioritize remaining fixes for the vulnerability in Apache Log4j — including through spotting any exploits of the widespread flaw.

The company offers the Polygraph Data Platform, which collects and correlates data in cloud environments, detects potential security issues, and prioritizes the biggest threats for response. Anomaly detection powered by machine learning is one of the key capabilities offered by the platform.

With today’s launch, the platform now correlates major vulnerabilities, such as the Log4j flaw, with exploit activity. The platform does this by connecting vulnerability data with Lacework’s anomaly detection technology, according to the company.

The result is that customers can now improve their prioritization of remediation efforts for the Log4j vulnerability, including by actively watching for any exploits in their environment that are targeting the flaw, the company said.

The Polygraph platform can now tell customers, “not only do you have this vulnerability in your environment, but there’s unique or potentially malicious behavior that’s occurring on that workload,” said James Brown, senior director of product at Lacework, in an interview. “So, that’s a strong signal that this is something you need to look at.”

Widespread vulnerability

While the remote code execution vulnerability in Log4j was disclosed in December, the pervasiveness of the logging software — and the fact that it’s often leveraged indirectly via Java frameworks — has made the issue difficult to fully address for many organizations.

Even prior to today’s updates, Lacework’s technology has already stood out with its ability to assist customers in responding to the Log4j flaw, Brown said. Polygraph detected anomalous behavior on workloads containing Log4j prior to the public disclosure of the vulnerability, he said.

This was possible because Lacework’s threat detection doesn’t just look for known issues, but is “finding the unknown bad things” in customer environments, Brown said.

“Anything that’s unique within a customer’s environment, we’re alerting them on it,” he said. “Come to find out that we had cases where we were spotting behavior from workloads that had Log4j present on it, before anyone knew [about the vulnerability].”

Multicloud security

Today, Lacework also announced that its anomaly detection capabilities are now fully available on Google Cloud, and are now being offered in “limited availability” for Microsoft Azure. The capabilities have already been available for Amazon Web Services (AWS) and Kubernetes (via the Amazon Elastic Kubernetes Service, or EKS).

“Increasingly we’re seeing organizations shift to a multicloud structure,” Brown said. “These capabilities are deepening our story as the multi-cloud security platform that can help customers address those challenges.”

Lacework has also extended its asset discovery and configuration monitoring capabilities into Google Cloud, joining AWS and EKS.

Additionally, the Polygraph Data Platform will be available “soon” in the Google Cloud Marketplace, the company announced.

Meanwhile, the Polygraph platform has also expanded anomaly detection to include Kubernetes audit logs, Lacework said.

The platform has previously offered anomaly detection for container behavior, which monitors what Kubernetes is communicating with and spots unusual behavior. With today’s launch, the platform is bringing in audit log analysis for Kubernetes, which provides visibility into issues such as permissions that have been elevated, Brown said.

Data-driven approach

Along with anomaly detection, Polygraph provides deep visibility across cloud and container workloads, according to Lacework. The platform ultimately reduces alerts to an average of 1.4 per day and false positives by 95%, the company says.

Lacework is built atop the Snowflake data platform and excels at collecting, processing, and normalizing data — and then deriving insights for customers, according to Lacework.

Founded in 2015, Lacework ranks among the best-funded and highest-valued privately held cybersecurity vendors, with the company raising a $1.3 billion funding round in November that brought a post-money valuation of $8.3 billion. Today, the company announced receiving an investment from GV, Alphabet’s venture arm. The amount of the investment was not disclosed.

While Lacework isn’t sharing specific metrics for its growth, the company “has been growing at 3.5 times, year-over-year, on most [key] metrics,” Lacework’s co-CEO Jay Parikh said in a recent interview.

Last fall, Lacework hired Arash Nikkar, Facebook’s vice president of engineering, to join the company in the same role.