Lacework Case Study
Lacework’s unified cloud security platform provides unprecedented visibility, automates intrusion detection, delivers one-click investigation, and simplifies cloud compliance across AWS, Azure, and GCP, providing a comprehensive view of risks across cloud workloads and containers.
Challenges & Goals
Neova team was tasked to perform end-to-end testing of Lacework’s application.
Following were the goals set for the team:
- 1. Provide comprehensive automated suites to test the complex Dashboard UI.
- 2. Automate a solution to simulate all end user activity that simulates a security threat across all the major clouds Azure, GCP & AWS.
- 3. Include all the validations that result in testing compliances related to CIS, HIPPA, PCI DSS, NIST 800, SOC 2.
- 4. Validate the threat simulation on browser UI using selenium & python
- 5. Simulate an end user activity on Linux & OSX that results in a security threat.
After getting a clear understanding of the requirements of the end user, the following automation testing scripts were implemented :
- UI TESTING – Neova team performed manual & selenium based automated testing, that included cross browser testing on major browsers like chrome, firefox, safari & microsoft edge. Our specialized strategies included testing of the complex front end web application built using react js. Data visualization polygraphs, that are built using vis.js were automated using a unique approach.
- DATA DRIVEN TESTING – Lacework AI & ML based systems processes terabytes of data to identify different threats. Our team was responsible for generating this Big Data with automation scripts in Python, Shell & JAVA. The Data-Driven Automation simulated end-user activity being performed. The scripts also included creating & deploying containers using Docker.
- Cloud – CIS BENCHMARKS, PCI & SOC 2 – Lacework monitors cloud environments for threat events and also validates configurations against the controls established as best practices in the CIS, PCI & SOC 2 Benchmarks for different clouds.
- Our Automation solution included creating & updating all the possible configurations of AWS/Azure/GCP to validate against all the Benchmark recommendations. Implementations were done using Python Boto3, Cloud specific CLI & REST API as applicable.
- Event Generation – Our Automation solution included Cloud Formation & scripting activities in the cloud as if an end user would use the cloud. This involved interacting with major services from AWS/Azure/GCP services with internal & external resources. Examples of these services include:
- AWS : S3, EC2, Lambda, IAM, Kinesis, CloudTrail, CloudWatch, SNS, SQS, Config, VPC & Glacier. Implementations were done using Python Boto3 & AWS CLI.
- Azure : Azure Kubernetes Service (AKS), Key Vault, Security Center, Storage, Virtual Network, Azure DNS, SQL Database, Cosmos DB, Identity, Compute, Batch. Implementations were done using REST API & CLI’s.
- GCP : Compute, Storage, Cloud SQL, Cloud Bigtable, Virtual Private Cloud (VPC), Cloud IAM, Cloud Security Scanner, Kubernetes Engine, Cloud DNS, Monitoring, Cloud Dataflow. Implementations were done using google-api-python-client & CLI’s.
- KUBERNETES Lacework monitors Kubernetes Clusters & Pod Namespaces to detect any threat event. Our Automation solution included creating a scalable Kubernetes cluster and deploying container pods that host various services. The data driven Kubernetes automation included almost all the communication activities that can happen in a cluster : Internal & External pod communication, Containerization, Intra & Inter Web Services Communication, File Monitoring. Implementations were done using kubectl, kops, shell scripting, docker, python & java.
- CI & DevOps – We achieved Continuous Integration & Testing of various activities via pipelined jobs using Jenkins & Slack Reporting. Application Integration testing was performed with 3rd party providers like Service Now, PagerDuty, New Relic, Splunk, VictorOps & Cisco Webex Teams.