Amazon Web Services (AWS) today announced that it is making its CloudTrail cloud audit and and log service freely available to users. While having CloudTrail logs freely available helps to improve security, Lacework Co-Founder and CTO, Vikram Kapoor's view is that organizations need additional threat and anomaly analysis capabilities to supplement CloudTrail which is why Lacework today announced its Polygraph for AWS CloudTrail service, providing security visibility and alerting for Amazon public cloud usage.
"Any move from AWS to help with security, which makes it easier and more accessible, is a positive one for the security community as a whole," Kapoor told eWEEK. "It also does not change anything about Lacework's position in that AWS CloudTrail provides logs."
Kapoor said that AWS CloudTrail customers still need to analyze log data in order to get value from the data. He added that one option to get value from CloudTrail logs is by using a SIEM (Security Information and Event Management) technology and have analysts perform labor intensive analysis. The other option that Kapoor's firm now provides is the ability to deploy Lacework for AWS CloudTrail and have anomalies automatically surfaced by Lacework Polygraph.
Lacework is a security startup co-founded by Kapoor in 2015 and has raised $8 million in funding to date. Lacework's primary product, Polygraph provides security visibility into potential misconfigurations, threats and breaches inside of application infrastructure residing in a data center or cloud.
"We are focusing on the data center and the users are developers and administrators that log into applications in the data center," Kapoor said.
The Polygraph platform includes an agent that collects data that is then used to create normal usage baselines to help with anomaly detection. The Lacework Polygraph system makes use of AWS services including Amazon Kinesis for streaming the data input. Kapoor said that Lacework uses its own custom developed techniques to process and analyze the data to find anomalies.
Kapoor explained that for CloudTrail, Lacework now will create a polygraph of the data to help reveal threats.
"By polygraph what I mean is we create a structure about who is accessing what resources in a given region and what is being used," Kapoor said.
The polygraph system tracks usage and access, establishing the baseline of normal AWS usage for an organization. Anything that deviates from the normal behavior or usage patterns on AWS can then be identified by Lacework. The Lacework system also provides a visual representation of data, to make it easy for organization to understand the data that is shown.
"So if you lose your AWS credentials, and someone comes along and starts an instance in Singapore and that's not typically what you do, that will be easily spotted in polygraph," Kapoor said.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.