Lacework acquires Soluble to strengthen its data-driven cloud security platform
Lacework announced the acquisition of Soluble, a scalable cloud infrastructure management company.
The infrastructure-as-code (IaC) remediation capabilities that Soluble provides, in addition to several new updates to the Lacework platform announced, combine to help organizations integrate security practices into their workflows. software delivery, thereby extending the value of the platform to customers.
The Lacework platform provides end-to-end visibility in multi-cloud environments, including detection of unknown and known threats, vulnerabilities, misconfigurations and unusual activity.
Powered by the patented Polygraph self-learning engine, the Lacework platform automatically learns how cloud environments operate and identifies behavioral anomalies, delivering the handful of highly precise alerts that matter, coupled with the context needed to take action. fast. Now, with the addition of Soluble, Lacework expands its coverage to include Infrastructure as Code in addition to AWS, GCP, Azure, private and hybrid cloud, Kubernetes, containers and workloads, and intertwines security early in the day. DevOps cycle.
Using IaC increases speed and consistency for developers and can allow security teams to anticipate potential errors before production. As businesses grow, this becomes a requirement. So far, many organizations have faced the challenge of integrating security practices directly into current developer workflows and tools.
The Lacework platform democratizes access to security data between developers, DevOps, cloud operations, IT and security teams so organizations can effortlessly develop secure environments and products. Lacework allows businesses and developers to focus on delivering code quickly and securely, the top priority for organizations operating in a digital world.
Lacework bridges developers and security professionals with Soluble
Soluble helps customers quickly detect and correct configuration errors and policy violations in their IaC through Terraform, CloudFormation, and Kubernetes. Through static code analysis, as well as risk, impact, cost, and policy inspection, Soluble uncovers issues and enables IaC remediation.
Due to the internal structure of most organizations, security and development teams often disagree, making it more difficult to quickly identify and fix vulnerabilities or configuration errors before going into production. Together, Lacework and Soluble put security practices in the hands of developers and tie them into their existing workflows.
By extending the capabilities of the Lacework platform to first inform and then automate fixes at the source, customers can implement proactive practices in continuous integration / continuous delivery (CI / CD) pipelines to reduce risk and build faster.
“Developers play a critical role in solving cloud security issues. With Soluble and the new developer-focused features of our platform, we are helping our clients eliminate friction between security and development teams. Addressing security issues earlier and making cloud security information more accessible across the organization enables developers to ship faster and more securely, ”said Jay Parikh, co-CEO of Lacework.
“Joining Lacework is an exceptional next step for Soluble and our customers,” said Rob Schoening, CEO of Soluble. “By combining our remediation capabilities at the source code level with the power of Lacework’s platform during build and run, technologists can, for the first time, truly tie security across the lifecycle. of development.
Fix container vulnerabilities earlier, based on actual risk
Lacework also announced new features that allow customers to find and remediate vulnerabilities earlier in the development process. By enabling developers to remediate vulnerabilities before code is deployed to production, customers can secure their environments and thereby reduce the risk of successful attacks, while saving time and money.
For example, the security bill of an online loan marketplace has been cut in half, and the ability to effectively identify unknown threats has reduced their annual risk by approximately $ 1,200,000.
- Prevent vulnerabilities during construction: With the new online vulnerability scanner, the Lacework platform allows developers to identify vulnerable container images and update them before deployment, without the intervention of the security team. Developers can now perform fast, low latency, on-demand analysis directly in their CI pipeline through integrations with developer-centric tools like Jenkins.
- Block vulnerable containers before execution: The new Lacework Intake Controller for Kubernetes helps security teams ensure that every container image meets security standards before it is deployed. Organizations can now automatically block the deployment to production of substandard container images.
- Prioritize fixes at runtime with actionable risk assessment: The new risk-based scoring leverages a combination of build time and runtime information to understand the real risk of a vulnerability in any customer’s unique environment. This allows developers to better prioritize remediation tasks and quickly have the greatest impact in improving their security posture earlier.
- Berkeley Extended Packet Filter (eBPF) support: Enables Lacework customers to gain complete visibility into their container processes with virtually zero overhead and exceptionally easy deployment, without the need for additional configuration.