Lacework has announced new CIEM functionality to address the complex and growing challenges in managing identity threats and unnecessary risk within public cloud environments by unifying entitlements management and threat detection for simplified cloud security.
With over 35,000 granular permissions across hyperscale cloud providers, organisations can struggle to maintain an overview and to manage access and identities securely. Most cloud users and instances are granted far more permissions than they require, exposing unnecessary vulnerabilities to cloud breach, account takeover, and data exfiltration. This issue is then intensified by machine identities in the cloud, which typically outnumber humans by an order of magnitude.
Lacework’s new CIEM capabilities extend the company’s broad identity security offerings with powerful new automation that calculates risks and prioritises action for security teams. It delivers real time monitoring of all cloud identities across complex multi-cloud environments. This has now been combined with its sophisticated system and behavioural analysis to identify exposed secrets, IAM misconfiguration and over-provisioning of permissions, and to prioritise any necessary action according to risk.
These new capabilities augment Lacework’s existing anomaly detection technology that actively monitors human and non-human activity to detect behaviour that may be a sign of an attack in progress. Unifying these capabilities at scale bridges the gap between IAM and SecOps teams to simplify cloud identity security.
“Our customers need to know what entities are actually doing in their cloud and whether it’s malicious or inappropriate, and it can’t get in the way of their ability to move fast,” says Adam Leftik, Vice President, Product, Lacework. “Now Lacework customers can address both sides of the identity security issue with a single platform that prevents identity risk exposure and detects identity threats at scale, with the context to quickly investigate, prioritise, and respond to identity alerts. It’s the latest step in our mission to give enterprises the confidence to rapidly innovate in the cloud and drive their business forward.”
Preventing cloud identity risk with new entitlement management technology
Lacework dynamically discovers all cloud user, resource, group and role identities and their net-effective permissions, and automatically correlates granted versus used permissions to determine identities with excessive privileges. The platform calculates a risk score for each identity, determines the riskiest identities based on attack path analysis, and auto-generates high-confidence recommendations for right-sizing permissions based on historical observations.
Combined with it’s ability to prioritise risks from an attack path context, as well as detect user and entity behaviour anomalies, customers are able to:
- Continuously comply with IAM security and regulatory compliance requirements.
- Identify all cloud user, application and service identities, know exactly what actions each can take, and prioritise the identities that pose the greatest risk.
- Limit the blast radius of compromised cloud accounts, achieve least privilege, and establish trust with engineering teams.
- Continuously discover risky behaviour, including lateral movement and privilege escalation, without writing rules or stitching together disparate alerts.
- Rapidly detect insider threats associated with malicious or accidental abuse of permissions.
“Enforcing least privilege and having visibility of identities and entitlements is a top cloud security challenge for IDC clients. With this innovation from Lacework, security teams can automatically see which identities are overly-permissive, and zero in on the ones that pose the greatest risk,” says Philip Bues, Research Manager for Cloud Security, at IDC. “Beyond prioritising risks, this will also allow teams to confidently suggest policy changes and reduce their overall attack surface risk.”