Lacework Reviews

We use it for anomaly detection and security compliance.

Lacework has helped us in a couple of areas. The first is that it helps us with compliance and third-party risk assessment. We do a lot of third-party risk assessments for other people that ask us questions about how we monitor our environment and who want to know what our security posture looks like. Lacework gives us the ability to respond favorably to those kinds of questions and we rely on the tool for that a lot. In terms of breach risk assessment, it helps us improve the confidence of third-party risk assessors and stakeholders. When they know that we're using Lacework or some other tool like that to help with anomaly detection and compliance to known standards, that is certainly a big benefit.

With regards to vulnerabilities, we can point to the Lacework reporting for some of that information to demonstrate compliance with NIST 800-53, CIS, and other security standards. It's very helpful from that perspective.

It also helps us from a day-to-day monitoring perspective, to know where we are in time with our security posture and if anything new has come in or something has changed in the environment that warrants some kind of immediate action.

And because it helps us focus on the severity of alerts, it has helped us bring down the number of alerts. If you work on trying to understand the cause of each of the alerts, and you then identify the appropriate actions to clear them, that will help you reduce the number of alerts. We've been able to leverage the tool to help us gain insights into some of the more nuanced challenges and vulnerabilities. 

If you take action on the alerts it's telling you about, it will help save time on manual compliance tasks. Like any tool though, if you're not understanding the alerts in the context of your architecture, and then taking the action needed to clear those alerts, it probably isn't saving you much time. But it is saving me time in helping me understand exactly what those alerts are about. It helps us focus on the right things. I would give it credit there, for sure.

It also helps free up staff a little bit because it doesn't take as many people to keep tabs on the environment as it used to. I don't feel we're spending as much time on that.

The most valuable features are the anomaly detection and security compliance, both, that the product does pretty well.

For anomaly detection, it parses things using a severity scale of low, moderate, and high, and that helps provide context to the urgency and prioritization of the alerts that you get in the tool. And on the compliance side, it supports several benchmarks, including CIS, NIST 800-53, as well as other security standards. It will give you insights into compliance against those standards so you can see how your product is configured and if it complies with the best security practices of those standards.

Where it really shines is in helping you detect anomalous activities and known threats, assuming that you have it properly configured. Out-of-the-box, it's not difficult to configure. You do need to do some minor configuration work depending on how you deployed your application. But for the most part, out-of-the-box, it tells you right away about the things you need to work on. I like the fact that it prioritizes alerts based on severity, so that you can focus your efforts on anything that would be critical/high first, moderate second, and work your way down, trying to continue to improve your security posture. That part works very well.

Also, to the extent that attackers are trying to take advantage of vulnerabilities that you may have in your system, Lacework is very good at giving you a view of your environment from an attacker's perspective. It provides context to help understand how easy or difficult, and how likely or unlikely, it is for an adversary to exploit the vulnerabilities that you may have.

In addition, it's really good at continuously monitoring, 24/7, 365. It's designed to do that. It's constantly working in the background to protect our AWS workloads, and I feel good about that. It's very important because it's one of the things we rely upon the most to give us insights into our security posture at any given point in time.

I also like a lot of the dashboards and reports. They're fairly user-friendly and easy to understand.

The biggest thing I would like to see improved is for them to pursue and obtain a FedRAMP moderate authorization. I think they have an ISO 27001 or SOC 2 or maybe both, but they don't have any kind of FedRAMP security authorization. The challenge that creates for us is that we have products in the FedRAMP environment, and to use Lacework in such an environment, it has to be FedRAMP authorized. I don't believe they have any immediate plans to get FedRAMP moderate authorized, which is a bit of a challenge for us because we can only use Lacework in our commercial environment.

We have one government product, and a second one on the way right behind it, that require a FedRAMP authorization. We're unable to use Lacework for the government work that we have because it doesn't have a FedRAMP moderate authorization. We're at a point where if they don't get FedRAMP authorization, sometime in the future, we may be forced to look in another direction, unless we want to continue using more than one tool for the same thing. Doing so is a little bit frustrating from an administrative perspective.

We have been using Lacework for a little over two years.

The overall stability of Lacework is good. They're obviously a growing organization and they continue to expand. I've seen that they've hired some leaders from other organizations, and they have put together plans to continue to scale and grow the company, and that's encouraging.

We haven't had any issues with scaling. The biggest concern you have is the licensing structure, where one Lacework unit is 200 resources and AWS resources. But it's easy to scale and they're pretty flexible in that department.

We have contacted their tech support on multiple occasions. They're very good, very timely in terms of responding. Generally speaking, they give us good feedback and help us work through most of our problems. There have been a couple of stickier and more challenging problems that have taken some more time to work through, but generally speaking, they've been pretty good about working through issues in a timely manner.

They have a method of escalating when an issue doesn't get resolved in a timely manner, which is good. Sometimes, it takes a little bit longer to engage the supplemental support, get them up to speed on a problem, and get them engaged because that may not be their primary responsibility. But they do help get you through an issue if you give them enough time.

Positive

We have it rolled out across multiple AWS accounts that are associated with several of our commercial products.

We have definitely seen ROI with Lacework. We used to have more people monitoring things in a more manual way. Lacework has reduced the amount of effort and time applied to monitoring.

We've also leveraged some of the integrations, for example with Jira, so that when an anomaly or alert comes in, we automatically generate a Jira record, which somebody then has an assigned action to go look at. Those are examples of where it's really saved some time. Instead of having someone say, "Yep, there's an alert. I need to create a ticket," it automatically creates a ticket, assigns it to someone on our team, and then they look at it, investigate, and disposition it accordingly.

The pricing has gotten better. That scenario was somewhat unstable. They have a rather interesting licensing structure. I believe you get 200 resources per "Lacework unit." It was difficult, in the beginning, to figure out exactly what a "resource" was. That was not well defined. When I first started working with Lacework, that was something that we provided feedback to them about, that it was something they needed to improve. That was a problem until about a year or so ago.

They have improved it and it has stabilized quite a bit. And I will give them credit as well for being somewhat flexible, especially for their early adopters and customers, as they worked through some of their licensing and pricing-related challenges.

If you have a lot of ephemeral resources, that can throw off your numbers a little bit. But again, they average those to try to keep it balanced. That's pretty reasonable.

Lacework is pretty good at ingesting data to correlate workloads and account behaviors. As long as you have the tool properly configured, it will give you correlation information. It's not as much information as you might get out of some other products, potentially, but it does give you good correlation information against some of those standards that I mentioned. To the extent that there's overlap in those standards, we do see the same kind of compliance or other issues pop up more than once.

My advice is to understand what it's going to do for you and what it's not going to do for you. It's very good at highlighting vulnerabilities in your architecture or your system, and it's very good at identifying non-compliance and anomalies. It's not going to do anything outside of that. Those are the things it's intended to do and that it focuses on.

In terms of our time and effort spent on security incidents and threat-hunting, the reduced alerting that has resulted from using Lacework is a mixed bag. I look at Lacework as being part of an overall suite of tools that help us look at the environment. I wouldn't rely upon it too much for threat intelligence. That's not its primary wheelhouse. But, as I mentioned, it does offer us a whole lot in terms of looking at our security posture at a point in time.

We need to be more careful when we roll out new services because we often don't have them properly vetted. Sometimes, when we do that, Lacework will tell us there are a lot of issues with them. But if you use the tool for monitoring those things in a development or staging environment, and it tells you that you have those issues, it will be very helpful in identifying the vulnerabilities and bringing focus to clearing them before you roll something out into production.

The only thing that we do from a maintenance perspective is that we periodically review alerts that are suppressed. Sometimes, you'll run across alerts that don't have value or context in your architecture, based on how you're designed. We will look at those and validate that they should continue to be suppressed, based on our architecture or a similar valid reason for suppressing them. That's pretty much the extent of the maintenance.

The biggest draw was being able to have a report that would tell me if my AWS cloud environment was in compliance or not. So, the biggest use case was that I needed something that I could just plug in, and it would go through all of my resources in AWS and find all those nooks and crannies, every little thing, and tell me if I'm in compliance or not.

It gives me the insight and transparency that I didn't have before. It tells me exactly how compliant I am. It also gives me peace of mind by monitoring behavior within my AWS accounts and then notifying me. It has changed our organization in that we can focus on other pressing items that will help drive sales more, which is what really matters. It eliminates that part of your brain that's always worried about compliance and regulation. 

It does exactly what you expect it to do. It detects user behavior that is not normal. For example, I might test out a new service in AWS, and I'll get a notification from Lacework saying, "Hey, this user with username logged into this service for the first time." It is detecting that already just because we implemented it. It monitors all the users. It monitors what the users typically do. So, anytime a user goes outside of that normal behavior, it notifies me. If you're worried about remote workers or intrusion, it's such a good feature to have.

Its ability to continuously monitor configurations is phenomenal. It's instant. We have it set up. So, it notifies us via Slack as soon as an environment goes out of compliance. It also notifies us as soon as it goes back into compliance. It's instant. This ability to continuously monitor configurations for the organization is critical if that's something that you care about. When you think about how many different configurations or services or how many different ways you can set up AWS, and then you compound that across accounts and different geographies, you would have to hire a massive team to be able to do that manually. You might even need a massive team to maintain that or a different system that's doing that. Installing the Lacework agent and having that monitored by Lacework is a great return on your investment.

It has allowed us to focus on other pressing priorities. Nobody wants to go through compliance and alerts. It provides the ability to reduce that overall and hit SOC 2 Type 2 compliance, incident management, and having all of that taken care of. We're doing less and less of it, and it has enabled us to move faster as an organization.

It has helped us free up existing resources. We also didn't have to hire additional resources.

It has had a major effect on our breach risk assessment. When there is an anomaly detected with a user's behavior, such as a password gets compromised or somebody gains access to a user account, it notifies me right away. It also notifies me right away when a new user is created. It's also a third-party system that is storing these logs. In a worst-case event, if somebody did breach into our system because nobody was paying attention to the alerts for whatever reason, I can go back and look at the logs within Lacework to see exactly what happened. So, I can do a very good postmortem after the fact. It has helped in more ways than I could have thought of in terms of breach detection and also postmortem on any breach.

The compliance reports are definitely most valuable because they save time and are accurate. So, instead of relying on a human going through and checking or providing me with a report, I could just log into Lacework and see for myself.

It was very easy, and also a surprise, in terms of getting started and ingesting data. They have documentation on how to set it all up. Once we had it set up, it was seamless. I don't ever have to worry about maintaining it. I can just log in and see, or I can set up an alert. I can get alerts through Slack or email. It has been a great process overall.

The configuration and setup of alerts should be easier. They should make it easier to integrate with systems like Slack and Datadog. I didn't spend too much time on it, but to me, it wasn't as simple as the alerting that I've seen on other systems.

We implemented it in May of this year. So, it has been six or seven months.

I've never had any issues with its stability. So, it's not even something I think about.

I have zero doubt about its scalability. It can scale to as many hosts as you want it to and as many agents as you want to install. They'd be more than happy to do that. I've never had any concerns about its scalability.

It's exactly where you want it to be. I can just send them a Slack message. They check in with me quarterly. So, every three months, they'll check in and go over some statistics on how we use it. They're also constantly iterating and improving their product. They tell me about new features or some of their new training available to us. It's great because they're proactive like that. It's not something that I have to follow up with them on, but they're also there via Slack or email when I need them. I would rate them a 10 out of 10.

Positive

I've dabbled in a few different ones. SolCyber was one, but I've never implemented and integrated with one from start to finish.

I and another person on my team set it up. Its initial setup was very straightforward. If you're familiar with containers, it's a walk in the park.

In terms of maintenance, it doesn't need any maintenance. There was a large security vulnerability. I forgot what it was exactly, but with how we were using Lacework, it didn't impact us at all. We haven't done any sort of maintenance on it at all since we implemented it.

We didn't use an integrator, reseller, or consultant. We went straight with Lacework. Our experience with them was phenomenal. Wesley, the main person I was working with, streamlined everything for us. He was very easy to work with. He could tell I knew exactly what I wanted. There are classic sales processes, but he could tell I knew exactly what I wanted. So, he streamlined everything for me. It was a great process.

They held our hand through it, which was great. They provided documentation on how to deploy it. It was straightforward. It used, if I remember, Docker and Terraform. It was all documented. They jumped on a meeting with us while we did it. It was even to the point where we're like, "Hey, we can do this on our own." They hooked into Slack with us so that we could Slack them if we ran into anything, but I don't remember running into any issues at all. It was straightforward.

We looked at a couple of Managed Security Providers or MSPs. We evaluated some of the top ones. Wesley was the salesperson from Lacework with whom we were working. He is no longer with Lacework, but he reached out to me on LinkedIn at the perfect time. So, I was able to connect with him and get started that way.

The biggest thing about Lacework was that it was very to the point. It was exactly what we needed, and it was easy to implement. My use case was that I need to know if my AWS accounts are in compliance or not. Their response was, "Hey, we can do that. Here's an example report of what we do." They showed it to me, and I was like, "That is exactly what I need." The icing on the cake is that if a resource is out of compliance, in the report, you can click on it, and then it takes you to their documentation on how to fix that. Exactly line by line, they tell you what you need to do to fix that. So, when I saw that, it was a no-brainer. It doesn't only tell me if I'm in compliance or not. If I'm not in compliance, someone on my team can easily go into their help desk or documentation, and they would know exactly how to fix it. They don't have to research anything. They can just go in and fix it. That was incredible. That alone was what sold me on the product.

Lacework hasn't helped reduce our alerts. That's because we weren't alerting before Lacework in terms of security and compliance. If anything, it has increased our alerts, but that's just because we didn't have it before. So, overall, through time, after we implemented it and started addressing those alerts, for sure, they've been reduced. We've reduced our alerts by 70% to 80%, and there is more and more reduction.

I would rate it a 10 out of 10.

We use it mainly for detection and response purposes. We have also started using Lacework as our vulnerability management tool, which is most important for our organization. We don't have any kind of security layer for all our cloud infrastructure so we are using Lacework as a security product for our cloud infrastructure.

When I joined this organization, Lacework was being onboarded. It was in setup mode. If I compare the visibility I have had over those last 10 months with Lacework, with what visibility was like before, I now have complete visibility into my entire infrastructure. If anything happens, Lacework will definitely catch it. That is very efficient and I'm able to react before the attack.

An advantage that Lacework gives us in our environment is that it covers a vast majority of use cases, which helps us to detect things based on severity, and it helps us to have more focus on those issues. For example, last week we had an alert that said that there was an external connection made from an internal server, and our internal servers are not supposed to communicate with the external, because it's behind the VPN and it's behind the firewall. That should not happen, but it was happening. A good detection rule helped us.

In terms of seeing things from an attacker's point of view, a couple of weeks back I received an alert that a user with root permission had logged in and tried to do something he is not supposed to do, which means he didn't have admin permission. I also received an alert about policy changes. I got the user ID and did a reverse lookup in my database to find out who the user was and his department. I reached out to him and I asked him about it, and it turned out he was doing a red team activity and testing Lacework. Red team activity is very difficult to detect, but Lacework did a very good job on that.

And for continuous monitoring, we have created a kind of dashboard, although not a complete dashboard. Lacework has a better dashboard. Our major priority is to look into critical, high, and medium alerts, which we never miss. We continuously monitor for high-priority alerts. It shows us those by default in the Lacework dashboard. That helps in our daily monitoring.

With Lacework, the alert flow has been reduced a little bit, about 6 percent, but attackers never sleep. We have a lot of alerts coming in, day in and day out. It's now Christmas time and this is the perfect time for attackers to try to target an organization because as they know the response team will be outnumbered. In addition, Lacework has reduced the time it takes us in an investigation by 70 to 80 percent because it keeps complete information. That means we don't have to verify where the information came from. Rather, we can use that information in our investigation.

It helps free us up to work on other tasks. We can create custom rules to eliminate false positive alerts. These are the gray areas that we have started exploring and that gives us time to work on other stuff.

There are many valuable features that I use in my daily work. The first are alerts and the event dossier that it generates, based on the severity. That is very insightful and helps me to have a security cap in our infrastructure. 

The second thing I like is the agent-based vulnerability management, which is the most accurate information. It helps us to know what the security gaps or weaknesses are in the systems and to patch them. Finding a critical weak spot is one of the best features, with the agent-based scanner. We can check it out, based on a filter of the host or container, get the vulnerability report for that particular host, and just share it with the DevOps team to patch.

For anomalous activities, Lacework has a good set of rules for detection and it gives super-informative alert information. For example, when an issue is detected that results in an alert, it doesn't just give the details. It also explains clearly what is happening, with "WH" questions. In the alert, if you click on "Why this alert has been detected," there is a clear explanation for it. Next, you can click on, "When," and it gives the time range of the detection time. The next is "What has been impacted?" That kind of accurate information means we don't have to look around or worry about the source of the information or the legitimacy of the alert.

I would like to see a remote access assistance feature. And the threat-hunting platform could be better.

We have been using Lacework for about 10 months.

It's a stable product compared to the initial days that we had it. They are doing much better because they are also conducting frequent webinars on how to use new features whenever an update comes out. 

We haven't faced any issue, like a Google outage, in the last 10 months. It's really good. I do see a little lag but it could be because of my internet connection since I'm working from home.

We use all the cloud environments, Azure, GCP, and AWS, and have deployed Lacework for all three. We have approximately 50 people who use it, on and off.

Even though here and there there are some problems with the solution, whenever we address the issues with the Lacework team, they're always ahead of it in their response and they always are supportive. 

We have a community channel as well. CSP is partnered with us and we have frequent communications with them. We have a conversation with them on a day-to-day basis on a Slack channel. Their technical team is connected all the time. The moment we post a question on that channel, we will get a response within five or 10 minutes. That is a much faster resolution than any other solution that I have used.

Positive

We have a separate DevOps that takes care of Lacework deployment, uploading and installing the agent. My job is to make sure that we have visibility into all our containers and host-based cloud infrastructure. Lacework has a feature called resource that completely shows how many containers or instances are running with Lacework and without Lacework. I just pull that data and give it to the DevOps team. They go in and do the config of hosts that don't have a Lacework agent.

There is some maintenance involved with Lacework, but in most scenarios it isn't a problem. We always want to have visibility into everything, so we need to make sure that things are working fine.

There are very few solutions out there for cloud infrastructure. When it comes to physical infrastructure, there are already many tools. But the cloud industry is just beginning. I have worked with a few of the cloud solutions and I found Lacework is the most useful one because it has various categories of alerts.

The security team is the most important part of any organization because they are the people who help protect your organization. For them to protect you, they need better visibility into the environment and infrastructure and certain tools to help do their jobs more easily. As an analyst, I think Lacework is much better.

When an analyst gets an alert, time becomes very crucial. His response time should be 30 minutes. In the first 15 minutes, he should be able to understand what type of attack it is, exactly what is happening, and how to stop it. And he also should come to a method of remediation to stop the attack for the short term. For all these aspects, Lacework is really much better. Any analyst, when working on an alert, will initially have the five questions: why, when, what, how, and where. That's what Lacework provides. These questions are the template for any analyst and with them, it takes me about 15 minutes to understand an alert. In the next 15 minutes, I will work on contacting the team, et cetera. From a time perspective, Lacework is much better.

Give Lacework a try. It's one of the best tools in the market that I have used so far. Except for the RTR response, the rest is fine. It is really doing a pretty good job. It will never disappoint you.

Lacework is a sales platform.

Because Kubernetes had a number of important processes that used EKS, we needed Lacework to protect the cloud environment in general and Kubernetes in particular. We required it to defend both the overall cloud posture and to offer protection. And then our container environment's detecting capabilities.

The best feature, in my opinion, is the ease of use. As well as some levels of machine learning anomaly detection that they have that can detect pivotal anomalies faster.

Visibility is lacking, and both compliance-related metrics and IAM security control could be improved. This is what Ermetic does. IAM security management controls, as well as detection of deviations and misconfigurations, are critical but not fully developed in Lacework.

There is no data governance or data visibility. It's a little bit different, in the vector of cloud security management, but Lacework does not yet support this.

I would like to see some sort of data mapping or detection. The ability to pinpoint the exact location of data. Something similar to what Flow Security is currently doing. And that is what some other companies are attempting to do with data detection capabilities. Cloud Data Detection.

I used Lacewok more than 12 months ago. I evaluated it a year and a half ago, I believe, approximately 15 months ago.

I am not sure of the exact version.

It was used in the AWS environment.

It appears to be functioning in terms of stability. 

The impression is less that it has a lot of false positives in terms of detection and capability. There are some detections that are not particularly accurate. This is the general perception regarding data models. It needs to be improved.

I didn't notice any scalability or people-related issues because it's not a platform for widespread use. 

If you try to populate a very large environment in Lacework and there is a lot of traffic, you may encounter some difficulties. 

The system may struggle, but users, or operators, are not supposed to seriously disrupt or interfere with the platform.

We didn't experience any problems.

This solution was used by no more than 20 people in our organization.

But it is rarely used. You are supposed to get alerts from it from other places, such as Select PagerDuty.

The SIM system. You are not supposed to use it continuously.

We contacted technical support briefly, but not too much. We contacted them during the initial integration phase, but after that, communication was minimal.

Technical support was fine.  I would rate them a four out of five.

Several other vendors approached us. Dome9, which Check Point purchased, and Cloud Guard were both used in the past. However, when we decided to relocate, I believe I met some Lacework employees at a conference. And after reviewing the solution, we made the decision to put it to try.

They are starting to use Ermetic .

The initial setup is relatively straightforward.

The deployment was completed in two weeks. You will then have some additional time to configure everything.

We purchase the license here. 

The licensing fee was approximately $80,000 USD, per year.

There may be some discounts available. However, it is a one-time fee with no additional charges.

Currently, it is determined by your capabilities and the size of your environment.

In general, I would not recommend Lacework right now. There are more mature solutions that would be a better fit. 

It is very dependent on the specific environment in which you operate. Lacework isn't necessarily bad; it's just that the more mature solutions on the market have significantly more capabilities. Prisma Cloud, for example, or Rapid7 Clouds, I believe, have more capabilities and support. In the cloud environment, better support and different security use cases are available.

However, it is similar to the situation with automobiles. You are not required to drive a Ferrari. You could buy, a simpler car and seat it for your needs. It depends on what you want to accomplish.

I would rate Lacework an eight out of ten.

It has some technical capabilities, which are not bad, but it is currently lacking some technical features. It's also prone to false positives, which I believe is due to an over-reliance on some AI detection models. But the precision of those things isn't always good.

Lacework is a cloud security platform. We have multiple cloud providers, and we're ingesting the logs from each. About six people at my company use Lacework. 

Lacework provides a good overview of our security posture. We also use the Kubernetes agent because our software is a Kubernetes-based application. The Lacework polygraph offers nice visibility into the workloads on Kubernetes.

There are no applications out there that let you look at the workload in Kubernetes from the cluster to the namespace, pod, and images. From that image, you can see any connections going out. 

The most valuable feature is Lacework's ability to distill all the security and audit logs. I recommend it to my customers. Normally, when I consult for other customers that are getting into the cloud, we use native security tools. It's more of a rule-based engine. 

They have to go in and put their policies in place. It's hard for them to implement that, especially if they don't have a real security team. The team's policymakers don't do anything. Lacework takes out all the noise and gives them bits of things that actually matter with the application after it learns the behavior.

Lacework lacks remediation features, but I believe they're working on that.  They're focused on the reporting aspect, but other features need to improve. They're also adding some compliance features, so it's not worth saying they need to get better at it.

Also, they do image scanning for security vulnerabilities. They would have a full cloud security package if they could compete with Snyk or Qualys by providing vulnerability scanning for VMs.

I've been affiliated with Lacework for three or four years.

I've never experienced an outage or a hangup or even anything in the UI that says, "Still processing, give us a moment." 

I rate Lacework 10 out of 10 for scalability. I haven't run into any scaling issues.

Lacework support is awesome. They get right back to me. The account guys are also superresponsive.

 I've used all the cloud platforms, including GCP and AWS, so we used CloudWatch and Security Command Center.

Setting up Lacework was straightforward. I've deployed it both ways. I did it manually, which took a little time to go through the documentation. I used Terraform scripts the second time. Deployment took me 15 minutes. It's on the cloud. I'm using Google and AWS. 

You get a return from Lacework.

Lacework's price isn't too bad. I would rate it seven out of 10 for affordability.

As a consultant, I've seen all the products, and I was working with Lacework when it came out. They only supported AWS at the time, so I didn't what they could do. I recommend Lacework to other customers because I have customers who generate 30,000 alerts daily on GCP. I recommended Lacework, and we ripped out Security Command Center. With Lacework, they were getting maybe 15 alerts instead of 25,000.

I'm a fan, so I rate Lacework 10 out of 10. I recommend implementing it immediately. If you have a security team writing rules and trying to enforce them the old-fashioned way, that's a lot of man-hours. If they were to have a breach, not only the security team would be impacted but also the administrators. They have to go through the logs and parse them to figure out how many things were touched. You have to look through the VMs, load balancers, and other pieces of the infrastructure. You would need to put it in a spreadsheet and write a script to go through it. It's a pain.

With Lacework, it's all there in one fell swoop, and you can go through all the logs. However, if you are a rules-based person, Lacework has the features to do that too. You can add some specific rules that aren't part of the normal CIS benchmarks and stuff that is already in the posture. You're getting scanned across the CIS benchmarks whether or not you implement them or not. You can also go in there and switch those values around to meet whatever your organizational goals are.