Lacework adds AWS CloudTrail support to Polygraph Cloud security firm Lacework will help Amazon Web Services (AWS), administrators monitor their accounts. This week, the company announced that it will be extending Polygraph, its security platform, in order to support CloudTrail (AWS’ service for tracking and logging events within an organization’s AWS environment). The integrated offering is called Lacework for AWS CloudTrail.CloudTrail lets AWS administrators monitor and record activity throughout their accounts, including user log-ins and any changes to accessibility levels and resource usage. This service is especially useful for maintaining compliance and detecting security breaches. However, users will need to process millions of events before they can extract actionable information from their CloudTrail logs. Lacework for AWS CloudTrail promises a simplified way to analyze CloudTrail data using Lacework’s “zero touch security approach.” This approach uses machine learning to reduce the overhead required to sort through event logs to find relevant information. In a prepared statement, Vikram Kapoor, Lacework’s CTO and Co-Founder, stated that “our proprietary machine learning techniques aggregate CloudTrail data and organize it into intuitive maps and dashboards.” “Alerts are automatically activated when an organization’s AWS account usage by users is not in line with the baseline of normal behaviour.” [Click on the image to see a larger view.] CloudTrail is used by Polygraph to provide AWS administrators with visual insight into user activity across the entire environment. Lacework claims that its offering is designed to detect three types of anomalous behavior within AWS.

• Unauthorized activity on AWS resources in regions or accounts; activation or modification to AWS S3 buckets.
• Suspected changes in users, roles, access, or security groups; bypassing two-factor authentication.
• Modifications to AWS infrastructure services include tampering or modifications to route tables, access master keys, and network interfaces and services.

AWS Marketplace now offers Lacework for AWS CloudTrail, which includes a 14-day free trial. This datasheet contains more information.