Lacework launches Polygraph, a zero-touch cloud security tool
Tue 25 Apr 2017
Lacework, Inc. has released Polygraph, a zero-touch solution for cloud workload security. Polygraph is a cloud-built system that provides a graphic interface for breach detection and threat management on public, private and hybrid cloud networks. Lacework Polygraph gives IT professionals a complete picture of a breach, so that attacks can be visualized completely and addressed quickly.
Polygraph creates zero-touch threat detection, investigation and management with a three-step process: creation of a temporal baseline, analysis grouping, and monitoring.
First, upon installation, Polygraph begins to build a deep temporal baseline using big data analytics and machine learning. The system analyzes communication patterns, relationships between entities, and user behaviors to create the baseline.
The baseline captures, correlates and organizes the users, workloads, processes and containers within the cloud network.
Polygraph also automatically groups cloud entities by characteristics and communication patterns, then uses these ‘analysis groups’ to simplify visualization of cloud operations and reduce redundant alerts.
Once the baseline is established, current operation is continually compared to the baseline, alerting IT staff immediately when a security breach is detected.
Polygraph will even detect misconfigured or unpatched entities, and can spot when a ‘privileged insider is behind the mischief.’
Rather than attempting to predict a malicious entity’s strategy and establish controls, Lacework’s security tool establishes a comprehensive baseline for normal operations and alerts IT of any abnormal activity. Because of this, Polygraph eliminates the need for constant rule and policy tasks, including the need to change rules to accommodate company changes such as new servers, IP addresses, or users. Polygraph also helps to simplify breach investigations with a graphic interface that eliminates the need for hands-on examination of security logs to establish the timeline of a security event.
Jack Kudale, CEO at Lacework, notes that Polygraph represents an entirely new approach to cloud security. He noted that his company worked for two years “creating the industry’s first zero-touch cloud workload security solution that makes cloud workload security dramatically more effective, making instant breach detection possible.”
The entire system runs on cloud virtual machines and no kernel modifications are required. Polygraph is currently available through the Lacework website and in the AWS Marketplace for Amazon Web Services users.