Lacework Enables AWS Customers to Rapidly Implement Security Best Practices and Proactively Identify S3 Buckets at Risk

November 15, 2017 Off By David
Object Storage
Grazed from Lacework

Lacework, the industry’s first solution to bring automation, speed and scale to cloud security, today announced new features that enable Amazon Web Services (AWS) customers to easily and continuously maintain an AWS cloud configuration that is compliant with proven security best practices. Lacework now automatically reports on the configuration’s adherence to the Center for Internet Security (CIS) Benchmark for AWS.

Lacework has also introduced security controls targeted at AWS S3 buckets, enabling AWS customers to rapidly identify S3 buckets at risk or compromised due to misconfiguration. Through a targeted auditing of S3 configuration, Lacework ensures that all buckets are configured with best practices for logging, encryption and versioning, then provides continuous monitoring with AWS CloudTrail events and workload activity analysis.

"Deploying new initiatives to the public cloud brings a spectrum of new security challenges that many organizations are not yet familiar with," said Dan Hubbard, Chief Security Architect, Lacework. "Starting with the daily validation of the AWS configuration (AWS accounts and AWS resources such as S3 buckets), to the continuous monitoring of workloads deployed on AWS, the Lacework cloud security platform enables organizations to safely migrate data to AWS and deploy applications in AWS."

The new features from Lacework include:

  • An interactive report assessing compliance to the 52 controls specified in the CIS Benchmark for AWS. Controls cover Identity and Access Management, Monitoring, Logging and Networking, and range from the validation that Multi-Factor Authentication is enforced for all users who attempt to delete buckets, to the validation that CloudTrail is enabled
  • The ability to click on each control with a violation to access details on the scope of the violation, the list of impacted AWS resources, and recommendations on how to fix the violation
  • An interactive report showings adherence to a set of recommended S3 bucket configuration ensuring that access rights are not provided too broadly, exposing data to outside internet users

Changes to any of the above controls towards non-compliance will generate an alert with context to take immediate action and remediate the violation.

The Lacework cloud security platform delivers security and compliance capabilities specifically designed for the cloud, bringing speed, scale and automation to security processes that have traditionally be labor-intensive.  Lacework will demonstrate the above AWS configuration auditing capabilities at AWS re:Invent 2017 which takes place November 27 to December 1 in Las Vegas.Attendees are invited to stop by the Lacework booth (#1606) to get a personalized live demo from one of our cloud security experts. Interested AWS customers can evaluate the new features today using the Lacework 14-day free trial.