Lacework added an automated time-series modeling to its existing anomaly detection capabilities and enhanced its alert system for better threat detection and investigation at scale. 

Launched this week in Amazon Web Services (AWS) environments this week, Lacework's time series modeling is the latest feature of its Polygraph platform that collects machine, process, and user interactions to develop behavioral models at scale and update them over time.

Polygraph then monitors infrastructure, looks for anomalous behavior, and generates alerts with severity scores. It also maps out events to make it easy to visualize the who, what, where, and how far a security event moved in the customer’s environment.

On top of dozens of existing models that Polygraph uses to build a baseline of normal behaviors in the cloud, the time series model brings another dimension of analysis by tracking changes in activity frequency and volume over time. It complements the existing graph-based models to catch more anomalies with fewer alerts, Lacework claims.

Using automated learning and behavioral analytics, the Polygraph platform monitors for spikes that deviate from the baseline from the time series model to detect potential threats including compromised accounts and crypto miner attacks, while automatically adjusting the severity of alerts.

Additionally, Lacework enhanced its alerting system for better tracking, prioritizing, and investigation. 

The new features enable context-rich insights on associated events, timelines, and other details; configurable bi-directional sync; and an easy-to-manage alert lifecycle, the security vendor claims.

The bi-directional sync capability allows automatically alert status sync on both the Lacework user interface and the associated ticket in backend workflow tools. The company's Polygraph Data Platform will optimize modeling based on users’ feedback on Lacework alert severity levels.

Lacework's new enhancements target the skills gap and alert fatigue issues in the industry.

"It's critical organizations get transparency as to what is happening across their multi-cloud environments, but security teams face a massive challenge keeping up with the dynamic nature of cloud environments while threats like crypto-mining continue to proliferate," said IDC VP Frank Dickson in a Lacework statement.

"As an industry plagued by a seemingly insurmountable skills shortage, simply layering more alerts on the [security operations center (SOC)] does not help. Context matters; context quickly forwards SOC investigations from awareness to understanding by enabling correlations across datasets,” Dickson said. “Alerts are thus replaced with context-rich incidents that are quickly actionable and facilitate outcomes for customers. In the end, secure outcomes are the goal of every SOC."