Cloud security company Lacework Inc. today unveiled a new platform designed to help companies automatically uncover suspicious activity across a multicloud environment.

Called the Polygraph Data Platform, the service can detect and address genuine threats and risks to business from build time through runtime. Through a combined agentless and agent-based approach, the platform uses cloud service provider application vulnerability scanners and integrations with infrastructure as code and continuous integration and continuous deployment or CI/CD workflows.

That, the company says, delivers insights into vulnerabilities and misconfigurations for developers and an inventory of cloud assets, compliance checks, monitoring of cloud configuration and cloud account threat detection.

To deliver effective runtime security, the platform continuously monitors and automatically surfaces anomalous activity that could be indicative of an attack, even exploits tied to vulnerabilities that have not yet been discovered.

Lacework argues that most security approaches were not built for the scale, complexity and speed of a single cloud environment, let alone multicloud or hybrid cloud. Relying on security teams to create rules that scan against a list of known problems, these tools bury critical information amid an influx of alerts and delay protection for new issues or attacks. These tools also often exist outside the company’s development process, positioning security teams as a roadblock to speedy innovation.

The Polygraph Data Platform offers automated anomaly detection across Amazon Web Services, Google Cloud, Microsoft Azure and Kubernetes EKS environments, providing customers with the ability to detect attack activity stemming from known and unknown threats.

The platform’s key features include correlating major vulnerabilities with exploit activity, improved asset discovery and enhanced compliance benchmarking.

In testing before launching into general availability, Lacework says, customers found that the Polygraph Data Platform helped drive down the overall cost of security while at the same time increasing the time-to-value and efficacy of their security posture. Once deployed, the platform significantly reduced alerts, making it easier for security and developer teams to identify vulnerabilities while also allowing them to focus on more strategic initiatives.

“Companies are moving more workloads to the cloud, hoping to take advantage of the scalability and flexibility it offers, Jay Parikh, co-chief executive officer of Lacework, said in a statement. “They need security solutions that work with the scale of multiple cloud environments, not against it, and which can guard against the ransomware and zero-day threats that are increasing in sophistication alongside customer adoption in the cloud.

Parikh added that the “constant monitoring of runtime and the data-driven approach of the Polygraph Data Platform is the most effective way to help customers understand the entirety of their environment and stay ahead of these threats.”

Parikh, along with co-CEO David Hatfield, spoke to theCUBE, SiliconANGLE’s livestreaming studio, in October, when they discussed Lacework’s Polygraph technology.

“We’re ingesting many different types of data, bringing it into our engine, processing it, and from there we’re driving different types of actionable insights for customers,” Parikh said. “We can detect and understand what the baseline is so that if something changes, we can send an alert. It’s very much like finding that needle in the haystack because we understand what normal is in their environment compared to before when customers may have been getting a ton of alerts and lots of false positives.”

Image: Lacework