Live Demo
Blog   >   Application Infrastructure Protection   >   Cybersecurity That’s Not Fairy Dust: It’s Cloud Security Engineering and Science

Cybersecurity That’s Not Fairy Dust: It’s Cloud Security Engineering and Science

In the ever-evolving and increasingly competitive cybersecurity environment, Threat Stack and Lacework both aim to support customers in detecting critical threats to cloud-native workloads. Both companies take different approaches, and of course we here at Threat Stack believe that we have a more comprehensive solution to vulnerability and threat detection.

Recently, Lacework wrote a comparison article on their website which called the Threat Stack approach “fairy dust,” so we’d like to discuss how our improved cloud security technologies and processes goes beyond mere anomaly detection, to help our customers in their daily operations, especially cybersecurity – and explain how Threat Stack actually works. (Hint: it’s not fairy dust.)

Lacework’s critical article uses a number of marketing tactics that tip their hand to the hyperbole they rely on to make their cyber-risk detection methods seem “better.” In no particular order, they include:

  • The broad, unsubstantiated claim that Lacework can “do cybersecurity better than anyone”
  • The falsehood that Threat Stack’s cybersecurity alerts create “too much alert noise” because we don’t put an arbitrary limit to alerts-per-day
  • The fictional notion that Threat Stack’s rule set is fixed, rigid, and requires fairy dust – our Security Operations Center (SOC) team and machine learning – to make it seem more useful

Lacework’s claims of course miss the point of the technological and process improvements and product innovation that we have focused on. These changes have been based on customer needs and feedback, as well as the ever-changing regulatory, compliance, and industry standards landscapes. Our expanded addition of supervised learning processes and technologies to ThreatML is delighting our customers, because our combination of rules, machine learning, and human expertise serves our customers’ needs, no matter what situation they are in. To quickly put Lacework’s claims to rest:

  • Threat Stack isn’t noisy, we just deliver the alerts you need to have, with the right context in the moment. Here’s a little more on why arbitrary alert limits are misleading.
  • Threat Stack does not have rigid rulesets. In fact, they’re constantly expanding and updating, based on real customer experience. In addition, our cybersecurity rulesets are customizable, if a customer wants. As our customers experience new cyber alerts and security threats, we capture and update our rules to expand and support cloud security coverage.
  • Our machine learning isn’t fairy dust, but actual science and engineering technology. ThreatML uses supervised learning to make predictions on key behaviors. You can read about our new AI technologies and processes here – which is more than you can learn about how Lacework does their version of mere anomaly detection.
  • Our SOC team also isn’t just fairy dust – it’s human expertise that can become an extension of your DevSecOps or security teams, providing insight, investigation, and recommendations. Or it can even help run daily security operations for understaffed DevSecOps teams.

Our application infrastructure protection cybersecurity technology and processes constitute an innovative, comprehensive approach to support our customers wherever they are on their cybersecurity journey. But don’t just take our word for it – walk through a demo or get your hands on the platform to see for yourself.

What Cloud-Native Security Means To You

Since we’re here, let’s talk about why our cybersecurity platform was built with rules + machine learning, and how that all works together to provide cloud-native security. As mentioned, the driving force for Threat Stack’s product innovation comes from our customers. And what we’ve heard from our customers is that security leaders, managers and front-line workers are looking for cybersecurity solutions to:

  • Reduce the burden on security teams for their time, resources, and human toil
  • Surface only the most meaningful and time-sensitive Severity 1 alerts without arbitrary limits
  • Reduce “alert fatigue” by avoiding false negatives and false positives
  • Speed up and automate the entire process of tuning, training, triaging, reviewing, and resolving alerts

Of equal importance, customers need security solutions to have certain operational attributes, such as:

  • Ease of use
  • Always improving / learning
  • Transparency, with no black box hidden magic
  • Easy to access
  • Able to be understood and analyzed (for prevention, compliance, and remediation)

What Cybersecurity Alerts Can Your Organization Afford To Miss?

Cloud-native security today means protecting both your crucial applications and APIs, as well as the cloud-native infrastructure they run on. Now that Threat Stack is a part of the F5 family, we can deliver that full application infrastructure protection. But remember, delivering cloud-native cybersecurity comes with alerts. And there is always the need from customers to cut down the noise that comes from increased attacks at both the infrastructure and the application/API level.

Nobody wants to reduce that alert noise and alert fatigue more than Threat Stack. That’s why we have a huge data-driven and fluid (and ever-growing) ruleset. That ruleset classifies and categorizes alerts about vulnerabilities and attacks. As our recent webinar [link] “Machine Learning Done Right” discusses, this data classification expertise allows Threat Stack to apply supervised machine learning in a way that has never been done before. As this graphic shows, ThreatML couples that ruleset with machine learning and human expertise to deal with both false positives and false negatives, to reduce the number of alerts from in the thousands down to a manageable few.

As a result of this filtering process, each of the resulting alerts are high priority and actionable. That innovative filtering moves them out of the classification of “noise” and into the “vital, necessary, and essential” alert camp, where it doesn’t matter how many there are, because they’re all potentially dangerous unless dealt with.

Lacework points out its belief that more than a few alerts per day is too many, but that philosophy misses the point. We ask: “What cloud security intrusion alerts and potential vulnerability warnings can your organization afford to miss?”

Threat Stack focuses on getting its customers all the actionable alerts they need to protect their client and business data. Threat Stack couples its massive ruleset with a new level of supervised learning models to give customers high-efficacy, in-context alerts to act on; human analysis and assistance; and reports to help when compliance wants to know what happened and how you remediated the vulnerability or threat.

Then Threat Stack takes what was learned from those alerts and ties it into the ever-growing, ever-focused rulesets and machine-learning filters and models, to become even more effective. Think of this methodology as continuous process analysis and improvement in cloud security through supervised machine learning. This advanced type of cloud-native security leads to better detection because it adds both vulnerability and threat prediction. It strikes a balance between reducing operational burden, human toil, and time and resource drain, while still providing vulnerability awareness and high-efficacy threat detection.

Cloud-native cybersecurity is all about reducing or eliminating risk. As attacks and vulnerability exploits become more sophisticated and more wide-spread, you need cloud-native security that can recognize, respond to and help solve and resolve threats, while allowing you to see inside the box for full, actionable context to help with compliance.

This innovative “Machine Learning Done Right” solution creates Detection-in-Depth that is so far advanced that it might seem like fairy dust magic to those who don’t have it and don’t understand how it works. ThreatML with supervised learning is the next level of machine learning that scientifically and through automation reduces both false positives AND false negatives. How? By taking the data Threat Stack already has and classifying, analyzing, adapting, and improving alerts as well as predictions about vulnerabilities.

This is all to say – we listen to our customers. Approaching cloud security with a combination of rules, machine learning, and human expertise is not fairy dust – but ground-breaking technical progress. It’s engineering. It’s logic. It’s supervised machine learning. It’s deep learning. It’s science, applied to make Threat Stack work as best as it can for what the customer needs.

And it’s available for you, now, when you’re ready to upgrade your cloud-native security solutions beyond any sort of hyperbole, into the most innovative cybersecurity available. When you are ready to move to that next level of complete application infrastructure protection, to have us support you in surfacing risks, vulnerabilities, and attacks in context, so you can protect your business information and keep your customers’ data secure, all while being compliant, contact Threat Stack today.