Director of Security Operations at a insurance company with 51-200 employees
Real User
Top 20
2024-06-17T17:00:21Z
Jun 17, 2024
The solution lacks a cohesive data model, making extracting the necessary data from the platform challenging. It uses its own LQL query language, and each database across different layers and modules is structured differently, complicating correlation efforts. Consequently, I had to create extensive custom reports outside Lacework because their default dashboards didn't communicate risk metrics. They're addressing these issues by redesigning their tools, including introducing the dashboard, which is a step closer to actionable insights but still needs refinement. Regarding reporting features, the ability to create granular custom alerts remains limited. For instance, I could only filter alerts by source or type rather than selecting alerts based on specific IDs. This lack of granularity in alert management and reporting customization is a notable drawback.
Information Security Engineer at a insurance company with 501-1,000 employees
Real User
Top 10
2023-08-24T19:09:00Z
Aug 24, 2023
Lacework ranks high, primarily due to its role in alerting on unexpected behavior, potential vulnerabilities, and misconfiguration against policies. Currently, a view of all policies is available within the console. However, At some point in the past, I wanted a more tailored display of my compliance posture, focusing specifically on policies relevant to me. For instance, if I'm not subject to HIPAA regulations, I'd prefer not to see the HIPAA compliance details. It's worth noting that even with this request, there exists a filtering mechanism to control the type of compliance information visible. This flexibility provides a workaround to my preference, which is why it's challenging for me to definitively state my exact improvement request.
Techology Operations Lead at a computer software company with 11-50 employees
Real User
Top 20
2023-03-29T17:03:00Z
Mar 29, 2023
What they could improve is communicating their changes to customers. Most changes are being communicated through the Lacework portal, whereas I would appreciate it if those changes were communicated through a personalized email, with generous advanced notice, before they actually implemented them. For example, to understand the context, last year just before Christmas, when we stopped working during the last two weeks in December, they introduced API changes. When I came back to work in the first week of January, lots of things broke in our CI/CD pipelines because they weren't working with the old API version. Another thing that I would like, a feature that I have requested from them, is the ability to sort alerts and policies based on a security framework. Right now, when you go into alerts, you have hundreds and hundreds of them that you have to manually pick. It would be useful to have categories for CIS Benchmark or SOC 2 and be able to display all the alerts and policies for one security framework. The filtering of alerts could be improved.
Lacework lacks remediation features, but I believe they're working on that. They're focused on the reporting aspect, but other features need to improve. They're also adding some compliance features, so it's not worth saying they need to get better at it. Also, they do image scanning for security vulnerabilities. They would have a full cloud security package if they could compete with Snyk or Qualys by providing vulnerability scanning for VMs.
The configuration and setup of alerts should be easier. They should make it easier to integrate with systems like Slack and Datadog. I didn't spend too much time on it, but to me, it wasn't as simple as the alerting that I've seen on other systems.
Chief Information Security Officer at a tech services company with 201-500 employees
Real User
2022-07-10T15:39:00Z
Jul 10, 2022
Visibility is lacking, and both compliance-related metrics and IAM security control could be improved. This is what Ermetic does. IAM security management controls, as well as detection of deviations and misconfigurations, are critical but not fully developed in Lacework. There is no data governance or data visibility. It's a little bit different, in the vector of cloud security management, but Lacework does not yet support this. I would like to see some sort of data mapping or detection. The ability to pinpoint the exact location of data. Something similar to what Flow Security is currently doing. And that is what some other companies are attempting to do with data detection capabilities. Cloud Data Detection.
Lacework is a cloud security platform whose Polygraph Data Platform automates cloud security at scale so customers can innovate with speed and safety. Lacework is the only security platform that can collect, analyze, and accurately correlate data across an organization’s AWS, Azure, GCP, and Kubernetes environments, and narrow it down to the handful of security events that matter. As a breach detection and investigation tool, Lacework provides information on when and how a breach happened,...
The solution lacks a cohesive data model, making extracting the necessary data from the platform challenging. It uses its own LQL query language, and each database across different layers and modules is structured differently, complicating correlation efforts. Consequently, I had to create extensive custom reports outside Lacework because their default dashboards didn't communicate risk metrics. They're addressing these issues by redesigning their tools, including introducing the dashboard, which is a step closer to actionable insights but still needs refinement. Regarding reporting features, the ability to create granular custom alerts remains limited. For instance, I could only filter alerts by source or type rather than selecting alerts based on specific IDs. This lack of granularity in alert management and reporting customization is a notable drawback.
Lacework ranks high, primarily due to its role in alerting on unexpected behavior, potential vulnerabilities, and misconfiguration against policies. Currently, a view of all policies is available within the console. However, At some point in the past, I wanted a more tailored display of my compliance posture, focusing specifically on policies relevant to me. For instance, if I'm not subject to HIPAA regulations, I'd prefer not to see the HIPAA compliance details. It's worth noting that even with this request, there exists a filtering mechanism to control the type of compliance information visible. This flexibility provides a workaround to my preference, which is why it's challenging for me to definitively state my exact improvement request.
What they could improve is communicating their changes to customers. Most changes are being communicated through the Lacework portal, whereas I would appreciate it if those changes were communicated through a personalized email, with generous advanced notice, before they actually implemented them. For example, to understand the context, last year just before Christmas, when we stopped working during the last two weeks in December, they introduced API changes. When I came back to work in the first week of January, lots of things broke in our CI/CD pipelines because they weren't working with the old API version. Another thing that I would like, a feature that I have requested from them, is the ability to sort alerts and policies based on a security framework. Right now, when you go into alerts, you have hundreds and hundreds of them that you have to manually pick. It would be useful to have categories for CIS Benchmark or SOC 2 and be able to display all the alerts and policies for one security framework. The filtering of alerts could be improved.
Lacework lacks remediation features, but I believe they're working on that. They're focused on the reporting aspect, but other features need to improve. They're also adding some compliance features, so it's not worth saying they need to get better at it. Also, they do image scanning for security vulnerabilities. They would have a full cloud security package if they could compete with Snyk or Qualys by providing vulnerability scanning for VMs.
The configuration and setup of alerts should be easier. They should make it easier to integrate with systems like Slack and Datadog. I didn't spend too much time on it, but to me, it wasn't as simple as the alerting that I've seen on other systems.
Visibility is lacking, and both compliance-related metrics and IAM security control could be improved. This is what Ermetic does. IAM security management controls, as well as detection of deviations and misconfigurations, are critical but not fully developed in Lacework. There is no data governance or data visibility. It's a little bit different, in the vector of cloud security management, but Lacework does not yet support this. I would like to see some sort of data mapping or detection. The ability to pinpoint the exact location of data. Something similar to what Flow Security is currently doing. And that is what some other companies are attempting to do with data detection capabilities. Cloud Data Detection.