Everyone knows that when it comes to cybersecurity, the faster you can detect and remediate a breach, the better. In order to minimize the risk of damage, security teams need to be able to prioritize remediation efforts, so they can actively watch for exploits targeting vulnerable systems -- including those stemming from commercial, off-the-shelf tools they don’t control. Another known risk factor: cybersecurity threats continually rise, and there aren’t nearly enough cybersecurity specialists to fill the need.
Lacework and Tines have partnered to create the most powerful solution for automated remediation in the cloud. The industry-leading Lacework Polygraph® Data Platform provides comprehensive visibility and protection across all your cloud resources, while Tines’ robust orchestration capabilities automate threat analysis and incident response at scale.
The Lacework Polygraph Data Platform learns and understands behaviors that introduce risk across your entire cloud environment so that you can innovate with speed and safety. With visibility from build time to runtime and automated insights into unusual activity, threats, vulnerabilities, and misconfigurations, you gain the context to prioritize and act faster.
Tines’ no-code automation platform powerfully manages customers’ mission-critical workflows, automatically responding to and remediating events in real-time. Capable of handling massive complexity, Tines fuses data from multiple locations into single workflows to accelerate every step of security operations and eliminate repetitive, error-prone manual work.
“Lacework helps us extract the signal from the noise, surfacing anomalies in real-time. Then Tines steps in, analyzing and reacting with workflows defined by our teams, before automatically documenting everything in our case management system. The tools powerfully combine, vastly reducing toil — allowing our people to focus on the things that really matter."
Terence Runge, Chief Information Security Officer, Reltio
How do Lacework and Tines work together?
Let’s look at two powerful use cases that highlight how the two platforms can work together.
Remediate compliance violations with Lacework
First, the Lacework Polygraph Platform detects an anomaly; for example, an AWS S3 bucket has been made public. The Polygraph Platform passes this event through to the Tines platform, where you can craft the exact remediation steps you want to take. Maybe that is restoring the bucket permissions, notifying the owner, paging an on-call team, or documenting the event in a case management system, etc. Or perhaps Lacework detects an anomaly on an EC2 instance. In this case, because of the severity, Tines can defer to a human for a decision before automatically remediating and documenting.
Investigate and remediate Lacework alerts
Joint customers can automate remediation of all their Lacework alerts and violations in line with the CIS Benchmark, increasing their security and enabling them to achieve faster SOC 2 compliance.
In this use case, a Webhook Action pulls in Lacework Polygraph Platform events to the Tines platform. Using an HTTP Request Action, Tines can reach back out to Polygraph to gather more data and context related to an event.
This Tines Story will then check for a compliance alert that will reveal any findings and violations, such as a hard drive being unencrypted in a specific account, an AWS S3 bucket being exposed to the world without versioning or encryption applied, etc. Tines will create a new compliance violation ticket in Jira, including some additional details on what resource triggered the violation and a prompt to remediate the alert.
Depending on how the customer wants to fix the issue, in each flow, we facilitate the best practices of responding to various alerts and prescribing a way to become more secure.
Once a customer clicks remediate, Tines can explode out all of the violations that triggered an alert. When compliance violations have been resolved, it will update the ticket's status.
Together, Lacework and Tines provide end-to-end coverage for your cloud environment, from monitoring and detection to response and remediation. With Lacework and Tines working together, customers can be confident that their cloud environment is secure and compliant.
Want to see for yourself? The Stories featured in this blog are available to download, use and customize via the Tines Story Library. Users can get started with a free 30-day trial of Lacework and the always free Community Edition of Tines.
Watch this webinar to learn more about how Lacework and Tines can integrate.