Best of both for CSPM: Lacework & AWS Security Hub

Bridget Hildebrand, Sr. Product Marketing Manager, Partners & Tech Alliances

Abstract architectural photo shot from the ground. Features a lot of modern windows and steel.Cloud security posture is an important part of any organization’s security practice. By understanding your assets and attack surface, you have a better opportunity to identify, detect, and respond to risks before they become a major issue. The problem is that security teams typically struggle with applying security policies consistently across the organization.

The struggle is real

Security teams face an embarrassment of riches when it comes to the choice of tools to combat vulnerabilities. There are all manner of vendors with point products and niche solutions, and they all promise panaceas that will eliminate threats. At issue, however, is that each tool creates configuration and management complexity. Because of the added work and distributed nature of these solutions, these tools actually increase the attack surface and threat exposure. Without the necessary integrations, organizations may experience technical debt, staffing frustration, complications over tool management, and simply operational inefficiencies. Not exactly what a security team wants or needs when it comes to making their cloud environment more secure. By integrating the fewest and most complementary solutions, teams gain the ability to reduce many of these struggles. Of course, the right tool(s) depends on the size of your organization and security needs. At Lacework®, we are committed to providing you with the best options to suit how you build and grow in the Amazon Web Services (AWS) cloud.

Making the most of your security tools

AWS has always stated that “security is job zero.” AWS Security Hub is a service that performs security best practice checks, aggregates alerts, and enables automated remediation. However, there’s still the risk of missed configuration events. With AWS and Lacework, organizations can receive their cloud security posture management (CSPM), pipeline security scanning (Infrastructure as Code and image vulnerabilities), and workload protection alerts in one place. 

The integration pushes cloud security events like compliance deviations, user and resource activity anomalies, software vulnerabilities, and runtime workload anomalies from the Lacework Polygraph® Data Platform to AWS Security Hub from the Amazon EventBridge alert channel via the Cloudwatch Alert Channel. You can configure alert rules in the Polygraph Data Platform to customize which events are sent to Security Hub. EventBridge forwards the event to an Amazon Simple Queue Service (SQS) queue. The Amazon SQS queue triggers the Lambda function which transforms the finding(s) and sends them to AWS Security Hub. The Lacework and AWS Security Hub integration uses multiple self-hosted AWS components that will transform a Lacework CloudWatch/EventBridge alert into a Security Hub finding.

With the ability to view all of your AWS security events from one place, whether from AWS native services, the Lacework Polygraph Data Platform, or any of the other AWS partners, you can make the most of your response and remediation workflows.

Want to know more about how Lacework and AWS Security Hub work together to improve your CSPM?  Download our integration brief: Consolidated view of your AWS posture with AWS Security Hub. We also invite you to learn about our many integrated solutions with AWS at


Suggested for you