A year back, DevSecOps vendor Lacework was a single among the several emerging cybersecurity providers, but due to the fact then, it can be produced a meteoric rise, capped with a substantial Series D funding spherical to start off 2021.
The privately-held corporation, launched in 2015, explained it saw 300% earnings advancement in 2020 as the COVID-19 pandemic accelerated company digital transformations and cloud migrations. This month, the corporation shut a $525 million funding spherical led by Sutter Hill Ventures and Altimeter Money.
Lacework’s SaaS-based mostly cloud security system collects a broad swath of data from AWS, Azure and GCP cloud infrastructures, alongside with application configurations, into a petabyte-scale back finish based mostly on the Snowflake cloud data warehouse. Lacework’s device mastering algorithms then determine adjustments in that data on an hourly basis, alerting IT operators to anomalous behaviors that suggest security hazard and suggesting remediations.
Similar options can be observed among the container and Kubernetes-targeted security instruments that have also emerged about the past various a long time. But Lacework’s item has a broader emphasis that spans multiple IT security disciplines, which includes id and obtain management, cloud security posture management, threat detection and reaction and regulatory compliance management, for container-based mostly and non-container workloads alike. The system also integrates into DevSecOps workflows with its API hooks into CI/CD pipelines, infrastructure as code and ChatOps instruments.
Lacework CEO Dan Hubbard served as Chief Stability Architect and Chief Products Officer at the corporation prior to becoming named main govt in June 2019. Before Lacework, Hubbard was CTO at OpenDNS, now owned by Cisco, and prior to that, CTO at Websense, now owned by Raytheon under the title Forcepoint. SearchITOperations caught up with Hubbard this 7 days to master additional about what produced Lacework stand out to buyers and where he ideas to steer the corporation in 2021.
What accounts for the scale and velocity of the Lacework system, which appear to be its principal differentiation?
Dan Hubbard: There are actually 3 principal vital differentiators. The 1st a single is breadth — we just do a large amount of things across several diverse classes, all the way from compliance by to advancement, security, construct time, runtime, containers and Kubernetes. That potential customers to a large amount of ingestion, across several diverse data resources — petabytes of data.
Just one way to believe about the item is basically as a substantial ingestion motor, which can consider all of your audit trails from GCP, Azure, AWS and Kubernetes, and all of your configurations. We pull all that data in to seem for vulnerabilities, configuration challenges, developer problems and mysterious behaviors.
The second differentiation is the depth of our data classification and the efficacy of that motor. On average, a buyer sends us a little about a billion log entries per working day. We switch it into, on average, 1.twenty five substantial-finish vital gatherings or alerts that they must triage.
The 3rd differentiation is that we suit very perfectly into a DevOps lifecycle, or triage approach, or a security approach. We can plug into your Jira ticket, we can plug into an API, we could plug right into your checking system, like Datadog or New Relic Main, or we can plug right into your security workflow.
Is the integration with DevSecOps and CI/CD pipelines mostly for that checking output? Or do you also keep an eye on the pipeline alone and workloads as they go by it?
Dan HubbardCEO, Lacework
Hubbard: We can seem in and poll container repos, seem at your containers for vulnerabilities and configurations. And then we have an API and a command line interface, which makes it possible for you to integrate into things like Chef, Puppet, Ansible and Terraform and automate a large amount of the CI/CD approach as aspect of the drive.
If you’re working a pipeline, we can help you if you want to quit a construct, or send out a reaction, like, ‘Build X unsuccessful due to the fact of Y, send out to this team.’ Or generate a ticket in Jira that goes to another group. And then in Terraform, we have an integration that would say, ‘read template’ to drive a template, or [detect that] there is certainly a issue with this template in some way.
The resource can offer you solutions for remediation — can it automate remediation if a user would like it?
Hubbard: Our shoppers in no way want their cloud supplier to have that level of privilege inside their system. That is just very perilous for a variety of security good reasons. However, we both give them steerage, or we give them code, like a Lambda function for AWS, that makes it possible for you to close an S3 bucket if you want, or that makes it possible for you to switch on multifactor authentication if it can be turned off. We are functioning on the capacity to do further things inside Kubernetes, like [help generate] pod security procedures and network security procedures.
Our belief is, in the long run, the platforms them selves will very own the real enforcement. We do not see Lacework becoming the system that kills packets or quarantines hosts and things like that — it can be both heading to be built into Kubernetes, or your AWS VPCs, or integrate right with a CI/CD resource. And by the way, it can be really very, very exceptional, that shoppers are experienced plenty of to get into that kind of automation. The most preferred factor right now is detect and answer, it’s possible generate a ticket and keep track of that ticket. Then the next level is what we get in touch with Driver Aid — it’s possible they integrate our item into Slack, and it states something like, ‘There’s a issue here, simply click this button to remediate it.’ And then the genuine experienced types are like, ‘Okay, operate a serverless function that does, or a security policy that does XYZ.’
Even that signifies an growth of users’ trust in AI and device mastering, right?
Hubbard: Have confidence in is built with constructive benefits about time, and we have been fortuitous that we haven’t had any important challenges where some sellers have had what I get in touch with toxic untrue positives, blue screens of loss of life, terrible Linux kernel panics and things like that. But we function at a larger level – we are not a kernel filter. We operate in userspace.
We have 3 methods that you can do detection — the device mastering stuff, commonly based mostly off of your infrastructure, and figuring out your infrastructure. That is actually fantastic for the ‘unknown bad’. Then there is certainly the ‘known terrible,’ acknowledged terrible indicators of compromise like terrible domains and terrible IP addresses, and terrible hashes, [which] is world. And [3rd,] there is certainly customized principles that the buyer generates.
Most security persons are relaxed with the middle a single, [vulnerability detection], and what they are really actually not comfortable with are principles. This is a massive aspect of our automation story — while they could believe they want the flexibility of principles, and actually like principles, for a single, it can be just time-consuming. Then, the issue that commonly takes place is that they both create the principles very, very slim, and they skip all varieties of stuff. Or they create them very, very broad, and they catch way way too considerably.
Shoppers are having additional made use of to the device mastering, and the output of that. And a single of the good reasons why we visualize that and characterize it [graphically] — our graphs are what generate the gatherings and alerts, but they also generate stories and pics. In some cases the pics actually discuss volumes, vs . just an notify that states, ‘bad stuff going on.’
So, you’ve just gotten this enormous chunk of funding, and you’ve explained you system to double the amount of employees this year. What will that indicate, in conditions of your item?
Hubbard: We believe about the industry kind of in two classes: There is the web-new stuff, cloud workload safety, Kubernetes security, container security, compliance for the cloud. And ChatOps also, the capacity to do triage by Slack or other mechanisms — it’s possible routing of tickets. Now, you have the capacity to answer and send out data, but ChatOps can get really deep, really speedily. We have a complete new suite of APIs that we are releasing this quarter, which will permit us and our shoppers to program the system improved.
There are things we get asked for that we do not want to do [from a deployment standpoint], like ship an appliance or do layered program, or solitary-tenant SaaS — we are sticking to our strengths in multi-tenant SaaS. We are constructing a European data center and constructing out a European existence.
Then there is a established of present and present systems that are growing into or coming in direction of our strengths, for instance, security analytics, security triage, SIEM and vulnerability management, as persons go their main assets to the public cloud. Shoppers just started off inquiring us, ‘Hey, can you help minimize my SIEM spend? How can I use you as my SIEM?’ We did not actually style and design this that way — the capacity to ingest other data resources, I believe, is heading to grow to be really critical about the next year there.
Beth Pariseau, senior news writer at TechTarget, is an award-winning 15-year veteran of IT journalism. She can be attained at [email protected] or on Twitter @PariseauTT.