Lacework adds multiple extensions to its multicloud security platform

Cloud security services provider Lacework has added a suite of new capabilities and support for its multicloud offerings to help customers secure cloud workloads and improve operational efficiency.

The new enhancements on the platform include extended support on various enterprise-grade offerings including cloud security posture management (CSPM), attack path analysis (APA), and risk management ticketing system.

“These optimizations and integrations are useful to drive efficiency and better collaboration across teams,” said Melinda Marks, senior analyst at ESG. “Gaining full visibility, ensuring you have coverage with comprehensive monitoring to catch issues, and then streamlining operations is difficult due to the complexity of cloud-native environments and the relationships between assets and resources, so it is important to continue these incremental enhancements.”

Lacework adds support for OCI

The platform has expanded its cloud security posture management offering to include support for Oracle Cloud Infrastructure (OCI), promising teams’ visibility into their OCI resources and their associated risks. Lacework’s CSPM currently supports Amazon Web Services, Google Cloud, and Azure, and the inclusion of OCI is expected to further centralize enterprise security control.

“My research study on CSPM earlier this year showed that supporting multiple public cloud services is a top challenge and need, as 40% of organizations use 4 or more CSPs,” Marks said. “Also, Oracle is increasing its initiatives with OCI security and developer platform, so it is helpful to provide flexibility supporting customers cloud adoption.”

Additionally, Lacework has expanded its “attack path analysis” feature to support Google Cloud and Microsoft Azure. The feature offers an attacker’s view to identify how a threat can be exploited to breach a cloud environment.

“Lacework and other cloud security platforms pull data and alerts from multiple sources, but having the context from attack path analysis helps security teams prioritize needed action items to prevent incidents or respond quickly to a threat or incident,” Marks added.

Boosting risk management with Jira and ServiceNow integrations

Lacework has onboarded capabilities to help improve the vulnerability risk management process by streamlining response efforts between teams. To this end, the company is integrating its cloud security platform with Jira and ServiceNow ticketing systems, enabling security teams to manage incidents and response on their familiar channels.

“Lacework’s integration with ServiceNow Vulnerability Response offerings for infrastructure and container applications is currently available in the ServiceNow marketplace,” Lacework said in a press statement. “Lacework’s integration to Security in Jira is in private preview.” In addition to the new capabilities, Lacework has also upgraded its existing workload scanning engine to allow checking customer workloads every five minutes for new instances.

Lacework’s ticketing system integrations follow within its efforts to allow teams to operate with the platform via their known environments. They are an addition to Lacework’s existing development and CI integrations.

“We have a number of integrations into several different tech stacks such as developer tools (e.g. GitHub, GitLab, Bitbucket, and other code repos), CI tools (e.g. Jenkins, GitHub Actions, GitLab Pipelines, etc.) so they can fix things in the pipeline, and of course deep integration with major cloud providers ecosystems like AWS, Google Cloud, and Azure,” said Tim Chase, field chief information security officer at Lacework.