Lacework Strengthens Data-Driven Cloud Security Platform with Acquisition of Infrastructure as Code Company Soluble

The addition of Soluble introduces new DevSecOps capabilities, Lacework customers benefit from new innovations that enable both agent-less and agentless visibility to detect and protect all major hyperscale cloud providers

SAN JOSE, California, November 11, 2021 / CNW / – Lacework®, the data-driven security platform for the cloud, today announced the acquisition of Soluble, a scalable cloud infrastructure management company. The infrastructure-as-code (IaC) remediation capabilities that Soluble provides, in addition to several new updates to the Lacework platform announced today, combine to help organizations integrate security practices. in their software delivery workflows, further extending the value of the platform to customers.

The Lacework platform provides end-to-end visibility in multi-cloud environments, including detection of unknown and known threats, vulnerabilities, misconfigurations and unusual activity. Powered by the patented Polygraph® self-learning engine, the Lacework platform automatically learns how cloud environments operate and identifies behavioral anomalies – delivering the handful of very specific alerts that matter, coupled with the context needed to take quick action. Now, with the addition of Soluble, Lacework expands its coverage to include Infrastructure as Code in addition to AWS, GCP, Azure, private and hybrid cloud, Kubernetes, containers and workloads, and intertwines security early in the day. DevOps cycle.

Using IaC increases speed and consistency for developers and can allow security teams to anticipate potential errors before production. As businesses grow, this becomes a requirement. So far, many organizations have faced the challenge of integrating security practices directly into current developer workflows and tools. The Lacework platform democratizes access to security data between developers, DevOps, cloud operations, IT and security teams so organizations can effortlessly develop secure environments and products. Lacework allows businesses and developers to focus on delivering code quickly and securely, the top priority for organizations operating in a digital world.

Lacework builds a bridge between developers and security professionals with Soluble
Soluble helps customers quickly detect and correct configuration errors and policy violations in their IaC through Terraform, CloudFormation, and Kubernetes. Through static code analysis, as well as risk, impact, cost, and policy inspection, Soluble uncovers issues and enables IaC remediation. Due to the internal structure of most organizations, security and development teams often disagree, making it more difficult to quickly identify and fix vulnerabilities or configuration errors before going into production. Together, Lacework and Soluble put security practices in the hands of developers and tie them into their existing workflows. By extending the capabilities of the Lacework platform to first inform and then automate fixes at the source, customers can implement proactive practices in continuous integration / continuous delivery (CI / CD) pipelines to reduce risk and build faster.

“Developers play a critical role in resolving security issues in the cloud. With Soluble and the new developer-focused features of our platform, we are helping our clients eliminate friction between security and development teams. Resolving security issues earlier and getting cloud security information more accessible across the organization enables developers to ship faster and more securely, ”said Jay parikh, co-CEO of Lacework.

“Joining Lacework is an exceptional next step for Soluble and our clients,” said Rob schoening, CEO, Soluble. “By combining our remediation capabilities at the source code level with the power of Lacework’s platform during build and run, technologists, for the first time, can truly interweave security throughout the lifecycle. of development.

Fix container vulnerabilities earlier, based on actual risk
Today, Lacework also announced new features that allow customers to find and remediate vulnerabilities earlier in the development process. By enabling developers to remediate vulnerabilities before code is deployed to production, customers can secure their environments and thereby reduce the risk of successful attacks, while saving time and money. For example, the security bill of an online lending marketplace has been cut in half, and the ability to effectively identify unknown threats has reduced their annual risk by about $ 1,200,000.

  • Prevent vulnerabilities during construction: With the new online vulnerability scanner, the Lacework platform allows developers to identify vulnerable container images and update them before deployment, without the intervention of the security team. Developers can now perform fast, low latency, on-demand analysis directly in their CI pipeline through integrations with developer-centric tools like Jenkins.
  • Block vulnerable containers before execution: The new Lacework Intake Controller for Kubernetes helps security teams ensure that every container image meets security standards before it is deployed. Organizations can now automatically block the deployment to production of substandard container images.
  • Prioritize fixes at runtime with actionable risk assessment: The new risk-based scoring leverages a combination of build time and run time information to understand the true risk of a vulnerability in any customer’s unique environment. This allows developers to better prioritize remediation tasks and quickly have the greatest impact in improving their security posture earlier.
  • Berkeley Extended Packet Filter (eBPF): Allows Lacework customers to gain complete visibility into their container processes with virtually zero overhead and exceptionally easy deployment, without the need for additional configuration.


  • Learn more about these announcements in our announcements blog.
  • Subscribe to November 18e start a webinar on how to move faster to the left here.
  • Watch a demo of the Lacework platform here

About lace
Lacework is the data-driven security platform for the cloud. The Lacework Cloud Security Platform, powered by Polygraph, automates cloud security at scale so our customers can innovate with speed and security. Lacework is the only security platform that can accurately collect, analyze, and correlate data across an organization’s AWS, Azure, GCP, and Kubernetes environments, and narrow it down to the few security events that matter. Customers around the world depend on Lacework to generate revenue, get products to market faster and more securely, and consolidate point-of-time security solutions on a single platform. Founded in 2015 and based in San jose, california, with offices around the world, Lacework is backed by leading investors such as Sutter Hill Ventures, Altimeter Capital, Liberty Global Ventures and Snowflake Ventures, among others. Start to

Copyright 2021 Lacework Inc. All rights reserved.

CONTACT: [email protected]


Related links

About Nicole Harmon

Check Also

SoftWorks AI goes TRUE and meets the need for loan intelligence –

The new name truly reflects the company’s ability to make decisions faster and reduce lending …

Leave a Reply

Your email address will not be published.