Boost efficiency in combating cyber threats with Tines and Lacework

Thomas KinsellaCo-founder & CCO, Tines
Bridget Hildebrand Senior Product Marketing Manager, Lacework

Published on September 13, 2022

This article was posted more than 18 months ago.

Everyone knows that when it comes to cybersecurity, the faster you can detect and remediate a breach, the better. In order to minimize the risk of damage, security teams need to be able to prioritize remediation efforts, so they can actively watch for exploits targeting vulnerable systems -- including those stemming from commercial, off-the-shelf tools they don’t control. Another known risk factor: cybersecurity threats continually rise, and there aren’t nearly enough cybersecurity specialists to fill the need.

Lacework and Tines have partnered to create the most powerful solution for automated remediation in the cloud. The industry-leading Lacework Polygraph® Data Platform provides comprehensive visibility and protection across all your cloud resources, while Tines’ robust orchestration capabilities automate threat analysis and incident response at scale.

The Lacework Polygraph Data Platform learns and understands behaviors that introduce risk across your entire cloud environment so that you can innovate with speed and safety. With visibility from build time to runtime and automated insights into unusual activity, threats, vulnerabilities, and misconfigurations, you gain the context to prioritize and act faster.

Tines’ no-code automation platform powerfully manages customers’ mission-critical workflows, automatically responding to and remediating events in real-time. Capable of handling massive complexity, Tines fuses data from multiple locations into single workflows to accelerate every step of security operations and eliminate repetitive, error-prone manual work.

“Lacework helps us extract the signal from the noise, surfacing anomalies in real-time. Then Tines steps in, analyzing and reacting with workflows defined by our teams, before automatically documenting everything in our case management system. The tools powerfully combine, vastly reducing toil — allowing our people to focus on the things that really matter."

Terence Runge, Chief Information Security Officer, Reltio

How do Lacework and Tines work together? 

Let’s look at two powerful use cases that highlight how the two platforms can work together.

Remediate compliance violations with Lacework

First, the Lacework Polygraph Platform detects an anomaly; for example, an AWS S3 bucket has been made public. The Polygraph Platform passes this event through to the Tines platform, where you can craft the exact remediation steps you want to take. Maybe that is restoring the bucket permissions, notifying the owner, paging an on-call team, or documenting the event in a case management system, etc. Or perhaps Lacework detects an anomaly on an EC2 instance. In this case, because of the severity, Tines can defer to a human for a decision before automatically remediating and documenting.

Loading story...

Investigate and remediate Lacework alerts

Joint customers can automate remediation of all their Lacework alerts and violations in line with the CIS Benchmark, increasing their security and enabling them to achieve faster SOC 2 compliance.

In this use case, a Webhook Action pulls in Lacework Polygraph Platform events to the Tines platform. Using an HTTP Request Action, Tines can reach back out to Polygraph to gather more data and context related to an event.

This Tines Story will then check for a compliance alert that will reveal any findings and violations, such as a hard drive being unencrypted in a specific account, an AWS S3 bucket being exposed to the world without versioning or encryption applied, etc. Tines will create a new compliance violation ticket in Jira, including some additional details on what resource triggered the violation and a prompt to remediate the alert.

Depending on how the customer wants to fix the issue, in each flow, we facilitate the best practices of responding to various alerts and prescribing a way to become more secure.

Once a customer clicks remediate, Tines can explode out all of the violations that triggered an alert. When compliance violations have been resolved, it will update the ticket's status.

Loading story...

Conclusion 

Together, Lacework and Tines provide end-to-end coverage for your cloud environment, from monitoring and detection to response and remediation. With Lacework and Tines working together, customers can be confident that their cloud environment is secure and compliant.

Want to see for yourself? The Stories featured in this blog are available to download, use and customize via the Tines Story Library. Users can get started with a free 30-day trial of Lacework and the always free Community Edition of Tines.

Watch this webinar to learn more about how Lacework and Tines can integrate.

▲  Reckless to Fearless: Automating Remediation in the Cloud