Lacework adds new capabilities to its CSPM solution

Lacework on Wednesday released new cloud security posture management (CSPM) capabilities, designed to help organizations create custom policies for AWS, Google Cloud, and Azure to secure their cloud infrastructure. 

The new CSPM solution offers three key enhancements. First, it allows organizations to customize policies and ensure configurations align with an organization’s specific needs. Second, it helps organizations build custom cross-account reports to measure hygiene. Finally, the new CSPM will now be compliant with the latest CIS benchmarks, industry standards, and other additional controls written by the Lacework Labs team. 

Addressing misconfigurations in cloud

Misconfigured clouds cost organizations an average of $4.14 million annually, according to IBM Cost of a Data Breach report 2022. Between March 2021 and March 2022, cloud misconfiguration was among the largest common initial vectors, responsible for 15% of breaches. The average time to identify and contain a breach due to misconfiguration was 244 days, according to the report. 

Misconfiguration in the cloud occurs due to a constantly changing set of interconnected services. A lot of organizations are still in the early stages of building out their cloud environments. This lack of expertise, along with the fact that applications span across multiple cloud service providers, can lead to clouds interacting in unpredictable ways, thereby making them challenging to configure safely, Lacework said in a press note.

Misconfigurations can also occur when organizations intertwine different cloud-native technologies such as containers, Kubernetes, or serverless functions.  

“For example, if you make a seemingly small, isolated change to one resource without knowing that it’s connected to another internet-accessible resource, you might expose your data to the public internet,” Lacework said. 

Custom policy creation uses LQL

The custom policy creation in the new CSPM is done using Lacework query language (LQL), which allows enterprises to validate the compliance of cloud resources against their own internal checks. 

“For example, you want to create a policy for when a storage bucket or database is publicly accessible. First, define the conditions and allowed behavior. Using LQL, you can query, set status alerts for specific cloud configurations, and receive an alert on a per-resource basis each time a resource fails against a particular policy. The alert will indicate which discrete cloud resource is non-compliant with a specific custom policy,” the company said.  

Organizations could choose to be notified when a configuration scan detects a user-defined resource configuration policy violation that could undermine or diminish the risk posture.  

Generating cross-account reports

Another new capability within the new CSPM allows organizations to generate cross-account reports. These reports can reduce the hassle of manual evidence gathering by automatically compiling findings for multiple purposes and audiences, lacework said. “They can also help organizations scale by automatically generating custom reports for the checks that are most important to your organization.”  

Other than the custom policies, Lacework features pre-built policies that customers can use to maintain cloud security posture. 

Lacework said it has updated its policies and reports with the latest benchmarks such as CIS 1.4 for AWS, CIS 1.5 for Azure, and CIS 1.3 for Google Cloud. 

“In addition, based on our expertise helping AWS customers secure their cloud, we provide over 100 additional policy checks that lend stricter controls for S3, IAM, and VPC policies, including resources on AWS GovCloud,” the company said.