We are covering cloud security posture management and run-time detection as well, so there are two flavors. It is also used for inventory purposes. We are probably using all the capacity of the tool. We have the agents deployed in our environment, and we are also covering all of the cloud environments with the Cloud Security Posture Management version.

First of all, alert reduction is helping us to be focused on other things that matter. The other thing is in regards to visibility. What we found is that Lacework is super easy to deploy in Kubernetes environments and other environments. You can get super quick visibility into what is going on in your environment. Even though it has a behavioral engine, and it takes a couple of hours to consolidate the information and present that to you, it is pretty quick. We have a huge environment, it is great for us.

Lacework saves us a lot of money because in terms of the ingestion of data or in terms of the way AWS, GCP, and other cloud providers are sending logs into Lacework, if we have to ingest the data in our SIEM, for instance, it is going to cost us a lot of money. Having Lacework in the middle, ingesting the data, processing the data, and providing us with the right information is super valuable, at least from a cost perspective. I know every company would like to have all the logs in the SIEM or store them somewhere in their environment, but that is an advantage that I recognize in Lacework. The data is good. We can see the data that we want.

It is good for helping us view our environment from an attacker’s perspective. One of the things that they introduced recently is Attack Path. Previously, we needed to go to two or three places to figure out what was going on in our environment. Even though we had alerts from Lacework that gave us a lot of information, we sometimes needed to go to other places to make sure that we fully understood the context of the data alert. Lacework has introduced Attack Path which helps us a lot to identify the activity from the beginning to the end.

It has the ability to monitor configurations continuously. This capability is important, but we have complementary tools that monitor the configuration of certain files.

We have reduced the alert noise by 60% to 70%. We needed an opportunity to focus on projects and improve our controls elsewhere. We also wanted to focus on improving our detection capabilities because the network is providing a subset of alerts that are helpful, but we also need to think about all those things that we need to do in our environment, such as make a list of some use cases from an attacker's perspective and see if we can catch the event. We have threat intelligence as well. We can see whether we have a particular type of threat in our environment. There is vulnerability management as well. The combination of those factors is what we are currently doing. We can focus on these things.

Lacework helped save time by reducing our manual tasks. Lacework is providing us with comprehensive data or some set of data to see what is going on. In the past, we were doing that manually. We had to go to other places to understand what was going on, so Lacework helped us on that front. That was the most important saving of manual tasks.

It also has helped us to free up existing resources. The number of people that I had initially on the on-call rotation is less because of it. I could take out those people for other projects. That is the huge value that I saw from Lacework. As long as we reduce alerts, we will have time to focus on other things. In terms of human resources, people are more focused on other things.

Lacework has absolutely helped to reduce our organization's breach risk. Our company is super focused on protecting customer data. We are storing data in several cloud providers' object storage. With Lacework, especially with Cloud Security Posture Management, there is a compliance part where we can see how many object storages are exposed to the Internet. Whenever we have any event, we can identify that properly and immediately take action. That is how we reduce the risk in cloud providers. We take customer data super seriously, and we were able to identify all the alerts for the public object storage or for those that we had already but did not know.

Lacework has been helpful for spotting critical weaknesses. The most important thing is our customer data. It has helped us a lot, and it is super valuable.

Lacework is helping a lot in reducing the noise of the alerts. Usually, whenever you have a tool in place, you have a lot of noise in terms of alerts, but the time for an engineer to look into those alerts is limited. Lacework is helping us to consolidate the information that we are getting from the agents and other sources. We are able to focus only on the things that matter, which is the most valuable thing for us. It saves time, and for investigations, we have the right context to take action. 

Its integrations with third-party SIEMs can be better. That is one of the things that we discussed with them. We have integrations, for instance, with Splunk. The data that we are receiving in Splunk is huge, and it is valid because Lacework has a bunch of data that they can provide to you. However, to be able to import the data and create alerts, we needed to do some work, so integration is one of the things that they can improve. 

For container security, how they scan images and how they provide results is something that they need to continue improving in terms of visibility. We already have visibility to several artifacts, but they can take that to the next level and see what else they can do. There can be better integrations with CI/CD pipelines. There can be improvements in terms of how we can take action or how we can report from the number of inventories they are providing to us.

I have been using Lacework for about four years.

It is stable. We sometimes experienced slowness when the objects were loading in the console, but it was related to something internal. Overall, it is good.

It is scalable. We have multiple locations. We have about 10 data centers on-premises. We have deployed agents in all of them. We also have cloud providers such as AWS, GCP, Azure, and OCI. It is a pretty big environment with more than 8,000 assets to monitor, more than 45 cloud provider accounts, and about 10 on-prem data centers. It is only used by the security team. There are 10 to 15 people.

Their technical support is good. We have a Slack channel. We have monthly meetings. We have a dedicated customer success manager. He is taking care of all of the tickets that we are creating. We have probably opened five cases so far, and they were able to resolve them all. It might not have been at the pace that we were expecting, but in the end, they are supportive. I would rate them an eight out of ten.

Positive

We have used a lot of solutions. We had Sysdig. We had something from Rapid7. We had Prisma Cloud as well. Lacework stands out in reducing the alert noise, having the right context for investigations, and saving time. That was the main driver for us to switch to Lacework.

If I have to compare Lacework with other tools, it covers the basis, but from the detection perspective, when you combine different portions of the data that you are receiving and create a comprehensive alert for your analysis, that is the advantage that we have from Lacework against others. That is great because we are only focused on the things that we need to fix.

It is a cloud solution. I was involved in its deployment from the beginning. I started with the definitions of the success criteria that I was going to use with the team. I had the team implement it, and I was supervising. I was practically aware of every single aspect of this work.

Its initial deployment was super straightforward. It was super easy. It also depends on how your infrastructure is managed. In our case, it was easy to deploy the agents. For the entire environment, it took us four days. There were three to four people involved.

In terms of maintenance, from our side, only the agents need to be maintained. It requires us to download the new version of the agent and deploy it. Cloud Security Posture Management does not require any maintenance from our side. They are doing that by themselves.

We have seen an ROI. It has been three to four years since we have been using the tool. If we had gone to another tool in the past, we would have been spending a lot of money and resources as well.

It is slightly expensive. It depends on how big your environment is, but it is expensive. Right now, we are spending a lot of money. We have covered all of the cloud providers and most of our colocation facilities as well, so we cannot complain, but it is slightly expensive. It is not super expensive.

To those evaluating this solution, I would advise identifying the requirements of the company and having a clear understanding of the success criteria and the use cases that they want to cover. After that, they can do a PoC. Identify the right number of systems that you want to go over the cloud environments and then move to production. Take Lacework's support for production deployment. It is important.

I would rate Lacework a nine out of ten.