It's too easy to misconfigure S3 buckets and leave data in AWS exposed to cybercriminals and unauthorized users. Here's how Lacework brings a complete solution for S3 bucket security.

1. Lacework Protection for AWS S3 Buckets
Continuous, Automated Security from Configuration to Daily Operations
Misconfigurations, inappropriate access privileges, and third-party mistakes can expose data stored in AWS S3
buckets to cyber criminals and unauthorized users. S3 buckets, when properly configured, will keep your data
safe. But establishing and maintaining a robust bucket security approach can be difficult and time-consuming.
With Lacework’s comprehensive and automated S3 security solution, you’ll easily audit your S3 buckets, monitor
changes, and gain the continuous situational awareness you need to understand exactly how your buckets are
being used and managed.
Lacework helps you manage every aspect of S3 bucket security - from the initial assessment of your configuration
to on-going configuration audits and usage monitoring - so you can effectively and efficiently protect data stored
in AWS S3.
Find potentially exposed S3 buckets configured for external access
Identify buckets out of compliance with the CIS Benchmark for AWS,
including:
Get specific recommendations on how to fix violations
- Use of encryption at rest and in transit
- Only users with multi-factor authentication can delete buckets
- Versioning to protect against deletion or overwrite
Assess security configurations automatically and continuously
Get notified on significant bucket changes: new or deleted buckets, policy
modifications, and access control changes
Easily visualize users and apps accessing S3 buckets
Get notified when there is a deviation in access patterns, when new users,
processes, or connections access buckets
Graphically map access and usage changes over time
Receive alerts when new users, processes, or connections access buckets
Spot access attempts by known bad actors through integration with third-
party threat databases
Get visibility into unusual regional bucket activity
Actionable Auditing of S3 Bucket Security Configurations
Continuous Assessment and Tracking of Changes
Continuous Monitoring of S3 Activity and Behaviors
© Lacework 2017. All Rights Reserved. 1

2. Continuous, Complete Security for AWS S3 Buckets
The cloud isn’t static. Your S3 bucket security strategy shouldn’t be static either. Lacework gives you
everything you need with a solution that doesn’t quit once the audit is done. Automated daily re-
audits let you know when configuration changes impact your security posture. Administrative and
usage monitoring delivers alerts and a timeline of unusual accesses, abnormal activities in regions, and
changes made without the proper authentication. Lacework gives you visibility into applications and
processes accessing S3, and highlights unusual access behaviors.
Fast and easy installation and deployment. Automated discovery and reporting of new buckets, suspicious
access, and configuration violations.
Daily re-audits with notifications when configuration changes impact security. Continuous usage monitoring
with alerts for anomalous behaviors and accesses - all without manual rule or policy development.
Lacework complements and extends existing AWS Services to improve your AWS cloud security. We give you
immediate and actionable security insights by analyzing, correlating, and presenting insights from AWS
CloudTrail and AWS Config.
Check our other security solutions for AWS: AWS account security, AWS workload (EC2) security, compliance
to CIS benchmark for AWS.
SIMPLE AND AUTOMATED
CONTINUOUS
INTEGRATED WITH AWS SERVICES
© Lacework 2017. All Rights Reserved. 2