Flush with funds, rising DevSecOps vendor reveals roadmap

A calendar year in the past, DevSecOps vendor Lacework was a single among a lot

A calendar year in the past, DevSecOps vendor Lacework was a single among a lot of emerging cybersecurity providers, but considering that then, it really is manufactured a meteoric rise, capped with a massive Sequence D funding round to start off 2021.

The privately-held company, started in 2015, stated it noticed 300% income development in 2020 as the COVID-19 pandemic accelerated organization electronic transformations and cloud migrations. This thirty day period, the company shut a $525 million funding round led by Sutter Hill Ventures and Altimeter Capital. 

Lacework’s SaaS-based cloud security system collects a broad swath of info from AWS, Azure and GCP cloud infrastructures, together with application configurations, into a petabyte-scale again end based on the Snowflake cloud info warehouse. Lacework’s device mastering algorithms then recognize improvements in that info on an hourly foundation, alerting IT operators to anomalous behaviors that point out security risk and suggesting remediations.

Similar functions can be located among container and Kubernetes-targeted security equipment that have also emerged about the last numerous several years. But Lacework’s merchandise has a broader focus that spans several IT security disciplines, such as identification and obtain management, cloud security posture management, menace detection and reaction and regulatory compliance management, for container-based and non-container workloads alike. The system also integrates into DevSecOps workflows with its API hooks into CI/CD pipelines, infrastructure as code and ChatOps equipment.

Lacework CEO Dan Hubbard served as Chief Security Architect and Chief Item Officer at the company just before becoming named chief govt in June 2019. Before Lacework, Hubbard was CTO at OpenDNS, now owned by Cisco, and just before that, CTO at Websense, now owned by Raytheon underneath the name Forcepoint. SearchITOperations caught up with Hubbard this week to discover extra about what manufactured Lacework stand out to buyers and in which he programs to steer the company in 2021.

What accounts for the scale and velocity of the Lacework system, which seem to be its primary differentiation?

Dan HubbardDan Hubbard

Dan Hubbard: There are genuinely a few primary crucial differentiators. The initial a single is breadth — we just do a good deal of points across a lot of different types, all the way from compliance by means of to growth, security, develop time, runtime, containers and Kubernetes. That prospects to a good deal of ingestion, across a lot of different info resources — petabytes of info.

A person way to believe about the merchandise is fundamentally as a massive ingestion engine, which can acquire all of your audit trails from GCP, Azure, AWS and Kubernetes, and all of your configurations. We pull all that information and facts in to glimpse for vulnerabilities, configuration complications, developer errors and unknown behaviors.

The second differentiation is the depth of our info classification and the efficacy of that engine. On typical, a consumer sends us a very little about a billion log entries for every day. We switch it into, on typical, 1.twenty five significant-end critical situations or alerts that they need to triage.

The third differentiation is that we in good shape quite nicely into a DevOps lifecycle, or triage method, or a security method. We can plug into your Jira ticket, we can plug into an API, we could plug straight into your monitoring procedure, like Datadog or New Relic Main, or we can plug straight into your security workflow.

Is the integration with DevSecOps and CI/CD pipelines largely for that monitoring output? Or do you also keep an eye on the pipeline itself and workloads as they go by means of it?

On typical, a consumer sends us a very little about a billion log entries for every day. We switch it into, on typical, 1.twenty five significant-end critical situations or alerts that they need to triage.
Dan HubbardCEO, Lacework

Hubbard: We can glimpse in and poll container repos, glimpse at your containers for vulnerabilities and configurations. And then we have an API and a command line interface, which enables you to integrate into points like Chef, Puppet, Ansible and Terraform and automate a good deal of the CI/CD method as component of the push.

If you might be managing a pipeline, we can support you if you want to cease a develop, or ship a reaction, like, ‘Build X failed for the reason that of Y, ship to this crew.’ Or build a ticket in Jira that goes to a different group. And then in Terraform, we have an integration that would say, ‘read template’ to push a template, or [detect that] you can find a difficulty with this template in some way.

The tool can present suggestions for remediation — can it automate remediation if a person needs it?

Hubbard: Our customers under no circumstances want their cloud supplier to have that amount of privilege in just their procedure. That’s just quite risky for a variety of security causes. Having said that, we both give them steerage, or we give them code, like a Lambda functionality for AWS, that enables you to close an S3 bucket if you want, or that enables you to switch on multifactor authentication if it really is turned off. We’re doing work on the skill to do further points in just Kubernetes, like [support build] pod security procedures and network security procedures.

Our belief is, in the upcoming, the platforms themselves will have the genuine enforcement. We you should not see Lacework becoming the system that kills packets or quarantines hosts and points like that — it really is both heading to be created into Kubernetes, or your AWS VPCs, or integrate straight with a CI/CD tool. And by the way, it really is in fact quite, quite exceptional, that customers are experienced adequate to get into that variety of automation. The most well-liked issue proper now is detect and react, probably build a ticket and monitor that ticket. Then the subsequent amount is what we call Driver Support — probably they integrate our merchandise into Slack, and it says something like, ‘There’s a difficulty in this article, click this button to remediate it.’ And then the actual experienced types are like, ‘Okay, run a serverless functionality that does, or a security policy that does XYZ.’

Even that represents an expansion of users’ rely on in AI and device mastering, proper?

Hubbard: Have faith in is created with constructive effects about time, and we have been fortuitous that we haven’t had any major concerns in which some suppliers have had what I call harmful bogus positives, blue screens of demise, bad Linux kernel panics and points like that. But we run at a bigger amount – we’re not a kernel filter. We run in userspace.

We have a few strategies that you can do detection — the device mastering stuff, commonly based off of your infrastructure, and knowing your infrastructure. That’s genuinely fantastic for the ‘unknown bad’. Then you can find the ‘known bad,’ known bad indicators of compromise like bad domains and bad IP addresses, and bad hashes, [which] is world wide. And [third,] you can find custom made policies that the consumer generates.

Most security people today are relaxed with the center a single, [vulnerability detection], and what they’re in fact genuinely awkward with are policies. This is a significant component of our automation story — though they may well believe they want the versatility of policies, and genuinely like policies, for a single, it really is just time-consuming. Then, the difficulty that normally occurs is that they both compose the policies quite, quite slender, and they miss all kinds of stuff. Or they compose them quite, quite broad, and they catch way as well substantially.

Buyers are getting extra employed to the device mastering, and the output of that. And a single of the causes why we visualize that and signify it [graphically] — our graphs are what build the situations and alerts, but they also build stories and images. Occasionally the images genuinely converse volumes, versus just an notify that says, ‘bad stuff taking place.’

So, you have just gotten this large chunk of funding, and you have stated you approach to double the number of employees this calendar year. What will that necessarily mean, in conditions of your merchandise?

Hubbard: We believe about the industry variety of in two types: There is the net-new stuff, cloud workload safety, Kubernetes security, container security, compliance for the cloud. And ChatOps also, the skill to do triage by means of Slack or other mechanisms — probably routing of tickets. Now, you have the skill to react and ship information and facts, but ChatOps can get fairly deep, fairly immediately. We have a whole new suite of APIs that we’re releasing this quarter, which will make it possible for us and our customers to plan the procedure better.

There are points we get questioned for that we you should not want to do [from a deployment standpoint], like ship an equipment or do layered software package, or solitary-tenant SaaS — we’re sticking to our strengths in multi-tenant SaaS. We’re setting up a European info centre and setting up out a European presence.

Then there is a set of present-day and present technologies that are expanding into or coming toward our strengths, for illustration, security analytics, security triage, SIEM and vulnerability management, as people today move their main assets to the community cloud. Buyers just started off asking us, ‘Hey, can you support reduce my SIEM expend? How can I use you as my SIEM?’ We didn’t genuinely style this that way — the skill to ingest other info resources, I believe, is heading to grow to be fairly vital about the subsequent calendar year there.

Beth Pariseau, senior information writer at TechTarget, is an award-winning 15-calendar year veteran of IT journalism. She can be attained at [email protected] or on Twitter @PariseauTT.