loader image

Lacework Polygraph

x Mindflow

Lacework Polygraph was integrated by Mindflow to enable users to automate their incident management and better protect their information systems.

Lacework Polygraph Overview

The Lacework Polygraph Data Platform is a cloud threat detection platform. It delivers automated anomaly detection to provide uninterrupted visibility and actionable insights across multi-cloud environments.

The Polygraph technology uses multiple distinct data sets ingested from a lightweight agent and agentless cloud activity log data from your cloud providers. The platform captures data around processes, applications, APIs, files, users, and networks.

To analyze the ingested cloud and workload activity data, Lacework Polygraph uses machine learning and behavioral analytics to create a detailed model of how your company’s cloud systems operate and render a contextualized picture.

The platform creates a baseline defining normal cloud activity by continuously collecting, correlating, and analyzing activity data of your cloud environment.

Once a baseline is established, Polygraph continues to detect new actions or behaviors every hour. If the solution detects new behaviors and changes, these activities are flagged as alerts if they divert from the established baseline.

lacework polygraph screen detection

As such, alerts are contextualized and reduce the amount of noise traditionally generated by alerting tools. Traditional alerting tools lack the understanding of relationships between different dimensions and thus tend to generate a large number of false positives and, worse, increase the risk of missed attacks.

Then, these alerts are automatically prioritized by criticality to simplify and speed investigations.

Here, with Lacework being integrated with Mindflow, analysts can bridge the alerts generated by the platform to their cloud provider’s native security tools to orchestrate the investigation and remediation from Mindflow’s platform.

Benefits

Identify all assets and find misconfiguration to improve your cloud security posture and compliance by continuously monitoring your multi-cloud environment.

Detect host and container vulnerabilities from the earliest point in the development life cycle when developers build to the production phase.

Establish continuous analysis of your cloud data activity baselines to detect threats in your cloud environment.

Want to enhance your service with orchestration and automation capabilities? Get in touch with our partner team.

Related integrations