Overview

Lacework is a cloud security platform designed to provide visibility, threat detection, and compliance across multi-cloud and hybrid environments. The platform's core offering, the Polygraph Data Platform, uses behavioral analytics and machine learning to analyze activity across cloud accounts, workloads, containers, and Kubernetes. This approach aims to establish a baseline of normal behavior and identify deviations that may indicate security threats or misconfigurations Lacework Polygraph Data Platform overview.

The platform is engineered for organizations operating in dynamic cloud environments, including those utilizing AWS, Azure, GCP, and private clouds. It addresses challenges related to cloud security posture management (CSPM), cloud workload protection (CWPP), and cloud detection and response (CDR) Lacework Platform capabilities. Lacework integrates with CI/CD pipelines and DevSecOps workflows, allowing security to be incorporated earlier in the development lifecycle. This includes scanning infrastructure as code (IaC) templates for misconfigurations before deployment and monitoring container images for vulnerabilities Lacework IaC security documentation.

Lacework's capabilities extend to continuous monitoring of cloud configurations, identifying compliance violations against standards such as SOC 2 Type II, GDPR, ISO 27001, and HIPAA Lacework compliance features. For workload protection, it monitors runtime behavior of virtual machines, containers, and serverless functions to detect anomalous process execution, network connections, and file access patterns. The platform also provides a centralized view of security events and automates aspects of incident response by correlating alerts and providing contextual information for investigations.

The developer experience with Lacework includes access to a REST API, which allows for integration with existing security tools, SIEMs, and custom scripts Lacework API reference. SDKs are available for Python, Go, and Java, enabling programmatic interaction with the platform for automation, data extraction, and workflow orchestration. This extensibility supports organizations looking to embed cloud security into their automated infrastructure and operational processes.

The platform is designed to provide comprehensive visibility across different cloud providers, which is a common requirement for enterprises adopting multi-cloud strategies. As noted by industry analysts, managing security across disparate cloud environments can introduce complexity, making unified platforms valuable for maintaining a consistent security posture Gartner report on cloud security posture management. Lacework aims to reduce this complexity by consolidating security data and alerts into a single console, providing a holistic view of an organization's cloud security landscape.

Key features

  • Polygraph Data Platform: Leverages behavioral analytics and machine learning to establish baselines of normal cloud activity and detect anomalies across workloads, containers, and accounts Polygraph Data Platform details.
  • Cloud Security Posture Management (CSPM): Continuously monitors cloud configurations for misconfigurations, compliance violations, and adherence to security best practices across AWS, Azure, and GCP Lacework CSPM capabilities.
  • Cloud Workload Protection Platform (CWPP): Provides runtime threat detection for virtual machines, containers, and serverless functions, identifying unusual process activity, network connections, and file modifications Lacework CWPP overview.
  • Cloud Detection and Response (CDR): Consolidates security alerts, correlates events, and provides context for investigations, aiding in the rapid detection and response to cloud-native threats Lacework CDR features.
  • Kubernetes Security: Monitors Kubernetes environments for misconfigurations, policy violations, and runtime threats within clusters and containers Lacework Kubernetes security.
  • Container Security: Scans container images for vulnerabilities in CI/CD pipelines and monitors container runtime behavior for suspicious activities Lacework Container security.
  • Infrastructure as Code (IaC) Security: Integrates with CI/CD pipelines to scan IaC templates (e.g., Terraform, CloudFormation) for security misconfigurations before deployment IaC security documentation.
  • Compliance and Reporting: Offers pre-built compliance policies and reporting for standards such as SOC 2 Type II, GDPR, ISO 27001, and HIPAA Compliance reporting.

Pricing

Lacework offers custom enterprise pricing for its platform. Prospective customers are advised to contact the sales team directly to discuss specific requirements and obtain a tailored quote.

Plan Name Features Included Pricing Model As Of Date
Enterprise Full Polygraph Data Platform capabilities, CSPM, CWPP, CDR, Kubernetes/Container/IaC Security, Compliance Reporting, API & SDK access Custom Enterprise Pricing negotiated based on usage and scope 2026-05-08 Lacework Pricing Page

Common integrations

  • Cloud Providers: AWS, Azure, Google Cloud Platform (GCP) for multi-cloud security monitoring Lacework cloud integrations.
  • SIEM/SOAR: Splunk, ServiceNow, IBM QRadar, Sumo Logic for security event forwarding and automated response SIEM/SOAR integrations.
  • CI/CD & DevSecOps: Jenkins, GitLab, GitHub Actions, HashiCorp Terraform for integrating security into development workflows DevSecOps integrations.
  • Notification & Alerting: Slack, PagerDuty, Microsoft Teams for real-time security alerts Notification integrations.
  • Vulnerability Management: Integrations with various vulnerability scanners for enhanced container and workload security Vulnerability management integrations.

Alternatives

  • CrowdStrike: Offers a cloud-native platform focused on endpoint protection, cloud security, and threat intelligence CrowdStrike Cloud Security.
  • Palo Alto Networks Prisma Cloud: Provides a comprehensive cloud-native security platform (CNSP) covering CSPM, CWPP, and cloud network security Prisma Cloud overview.
  • Wiz: A cloud security platform that offers risk assessment, vulnerability management, and threat detection across cloud environments Wiz Platform.

Getting started

To get started with Lacework, you typically begin by integrating your cloud accounts. The following example demonstrates how to use the Lacework CLI to configure an AWS integration. This process involves installing the CLI, authenticating, and then executing a command to set up the integration.

# Install the Lacework CLI
curl -sL https://packages.lacework.net/install | bash

# Authenticate the Lacework CLI
lw configure
# Follow the prompts to enter your Lacework account name and API key/secret

# Create an AWS CloudTrail integration using the CLI
# This command creates the necessary AWS CloudFormation stack or Terraform configuration
# Replace <INTEGRATION_NAME> with a unique name for your integration
# The output will provide instructions or a link to deploy the stack in AWS
lw cloud account create AWS --name <INTEGRATION_NAME> --cloudtrail

# Verify the integration status (optional)
lw cloud account list

For more detailed instructions and alternative integration methods (e.g., using Terraform or direct API calls), refer to the official Lacework AWS Integration Guide.