Lacework this week named David “Hat” Hatfield as CEO as part of an effort to accelerate adoption of a platform that unified runtime threat detection, behavioral anomaly detection and cloud compliance. Most recently, Hatfield was vice chairman of Pure Storage, Inc.
Lacework’s previous CEO, Dan Hubbard, is now serving as the company’s chief product officer, while Ulfar Erlingsson has been brought in as Lacework’s chief architect. Erlingsson has 25 years of security, privacy and machine learning experience; during his career he has been issued 30 U.S. patents. He is currently chair of the IEEE Technical Committee on Security and Privacy, and joins Lacework from Apple, where he led the development of a machine learning initiative aimed at protecting privacy.
Lacework also revealed that Vikram Kapoor, Lacework CTO, is taking on an additional role as the founder of a wholly owned Lacework entity working on complementary technologies that will be formally launched at a later date.
Hatfield said as more application workloads move to the cloud, there is a clear need for a different approach to cybersecurity. IT security teams want a single platform for securing multiple cloud platforms made up of virtual machines, containers and serverless computing frameworks, Hatfield said. Securing all those highly ephemeral cloud services represents a massive data processing challenge that requires a software-as-a-service (SaaS) platform infused with machine learning algorithms, Hatfield added.
Earlier this year, Lacework announced a $525 million round of investment that brought its valuation to more than $1 billion. At the time, the company said adoption of its platform in 2020 grew 300%, despite the economic downturn brought on by the COVID-19 pandemic. The plan is to use that funding to expand the go-to-market reach of the company, rather than attempting to roll up other cybersecurity platforms, Hatfield said. As cybersecurity becomes more complex, Hatfield said, it’s difficult to integrate point products and other platforms based on different source code, so acquiring other security vendors is not a major priority.
The Lacework platform itself is built on top of the Snowflake data lake platform running on the Amazon Web Services (AWS) cloud. It employs what Lacework describes as a polygraph security architecture based on machine learning algorithms, and other automation tools, to understand and detect threats in cloud applications and infrastructure. That approach has enabled customers to reduce false positives by up to 98%, and investigation time by over 90%, the company claimed.
The challenge cybersecurity teams face today is that, as the overall defensible attack surface expands, pressure to reduce cybersecurity costs is also increasing. At the same time, cybersecurity teams are looking to transition to cloud-based platforms that make it easier for them to work from anywhere in the wake of the COVID-19 pandemic.
In theory, cybersecurity teams should be able to rationalize tools, as they transition to cloud platforms as part of an overall effort to reduce costs. Laceworks claims 80% of its new customers replaced two or more point products in 2020.
However, the bulk of the data that needs to be secured still resides in on-premises platforms. At the same time, the rate at which new data is being created in the cloud continues to increase, so, ultimately, cybersecurity may not become as easy as anyone would like any time soon.