Skip to main content

Policies Overview

Policies provide visibility into the security and integrity of your integrated cloud environments, enabling you to understand and act based on that visibility. Lacework policies generate events based on data collected by Lacework from your integrated cloud environments.

Lacework provides numerous built-in policies that provide actionable information out-of-the-box. An important step in implementing and maintaining Lacework for your environment is evaluating and fine-tuning the behavior of built-in policies. In doing so, you can change their default configuration, enable or disable them, or create brand new policies specific to your environments and your requirements.

Reactive and Proactive Policies

There are many types of Lacework policies. At a high level, the Lacework policy types can all be classified by how they enable organizational security processes in one of two ways:

  • Risk detection policies help you understand and mitigate security risk. Proactive policy types include:
    • Cloud compliance
    • Kubernetes compliance
    • IaC
    • Host Vulnerability
    • Container Vulnerability
  • Threat detection policies allow you to react to threat events. Reactive policy types include:
    • Host user and entity behavior analytics
    • Host rules
    • Cloud activity user and entity behavior analytics (machine learning aided)
    • Cloud activity rules
    • Kubernetes activity user and entity behavior analytics
    • Kubernetes activity rules

The two types are most distinguished in how you and your team consume the information they provide. Threat detection events typically trigger an alert, such as an email notification. Risk detection policies are typically consumed a report, which aggregates the assessments of multiple policies.