Five Advantages of Cloud-Based SIEM for Security Intelligence and Operations REGISTER >
Lacework, a technology startup from Mountain View, Calif., today emerged from stealth with its Polygraph cloud workload security platform. To date, the company attracted $8 million in venture capital from Palo Alto private equity firm, Sutter Hill Ventures.
The cloud-based product acts as "polygraph for data center," Jack Kudale, president and CEO of Lacework, told eSecurity Planet, explaining how the breach detection technology earned its branding. Two-thirds of breaches go undetected, he added. And when they are finally discovered, they are typically found weeks if not months after the damage has been done.
Lacework Polygraph provides near-instant detection of potentially dangerous activities.
Its machine-learning algorithms sets a behavioral baseline of normal operations for cloud workloads, whether in they reside in public, hybrid or multi-cloud environments. These baselines are set based on six key factors, including running processes, application launches, communications, privilege changes, insider behaviors and server attributes. The solution requires that a lightweight (4MB), non-kernel-intrusive agent be placed on each host, said Kudale.
In a blog post, Kudale offered a glimpse into how the technology works and how the company got its name.
"Polygraph's Deep Temporal Baseline tells the story of every breach — when it happened, how it worked, and what was hit — so you can stop it, fix it, and move on. By spotting deviations from normal operations, we deliver immediate insights into the cyber kill chain so you can understand and remediate cyber attacks and insider threats," he wrote. "Once installed, Polygraph automatically sets to work. Customers start seeing results within hours — the time to value is truly unprecedented and our new GUI invites exploration and discovery."
According to the company, these capabilities earn Polygraph the distinction of being the first "zero-touch" cloud workload security platform that can detect breaches and offer IT security teams improved, near-real-time visibility into the security posture of their cloud environment's overall security. It accomplishes this without analyzing system logs and endlessly tinkering with policies to spot hacking attempts and other suspicious behavior while attempting to weed out false positives.
Not all threats are external, however. Sometimes the enemy lies within.
To spot insider threats, the platform tracks a number of behaviors, including the use of alternate login credentials and user-initiated software processes. It can also keep a lookout for changes in a user's privilege level or login locations that fall outside the norm.
Lacework Polygraph is available now for $250 per instance per year. It is also available in the AWS (Amazon Web Services) Marketplace with hourly subscription pricing.