Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cloud Security

Cloud Security Firm Lacework Raises $42 Million

Funding Will Help Company Expand DevOps and Workload Security Offerings for Cloud, Container, and Hybrid Environments

Funding Will Help Company Expand DevOps and Workload Security Offerings for Cloud, Container, and Hybrid Environments

Mountain View, Calif-based cloud security firm Lacework has closed a $42 Million Series C funding round from Sutter Hill Ventures and Liberty Ventures, bringing the total raised to $74 million. Lacework provides a purpose-built platform for the modern environment, including DevOps and orchestration to cloud, cloud native and hybrid workloads.

Lacework was founded in January 2015 by Sanjay Kalra (CPO) and Vikram Kapoor (CTO).

The new funding will be used for further product and market development, and is supported by several new board appointments. Andy Byron is moving from chief revenue officer at Cybereason to become President at Lacework, and will run all go-to-market operations.

Lacework Logo

Traditional security products — even ‘NextGen’ products — are primarily firewalls or endpoint products. These have their place, explains Lacework CEO Dan Hubbard in an associated blog, but neither “have been purpose fit for modernized IT service consumption models; IaaS, PaaS, and cloud-native technologies such as container and Kubernetes.”

One of the problems is that cloud environments don’t just change the infrastructure — they are changing the way software is being developed. Where developers once had to engage with separate IT and security teams to gain change control approval, they can now run their own infrastructure on-demand, at scale, and often without traditional IT.

“The shift here is for security to be integrated into the process, not isolated from it in the world of the ‘Next Generation’,” writes Hubbard. “Call it DevSecOps, Secure DevOps, or SecDevOps, I just call it collaboration and teamwork in New Generation Security.”

Advertisement. Scroll to continue reading.

The ability for faster change at greater scale brings its own new risks; but the same programmability in cloud environments that creates these risks can also be used to mitigate them. Hubbard describes the environment as ‘predictable chaos engineering’, where it is normal for nodes to come and go and it all just continues to work.

“What this practically means,” he says, “is that instead of simply enforcing something at the network layer and continuing to have a machine on your network that is potentially infected you can orchestrate it offline. Additionally, when programmatic configuration mistakes happen in your infrastructure you can orchestrate them to be fixed, on the scale of one or one hundred with a software rollout.”

Lacework’s proposal is that security for new processes and infrastructure within the cloud is best served by new product designed for the cloud. But, “The security market is crowded with point solutions and legacy vendors trying to become relevant for containers and the cloud,” explains Mike Speiser, partner at Sutter Hill Ventures and new Lacework board member. 

“The cloud is certainly no less secure than on-prem; but it’s very different. The cloud is secure if you make it secure; but you have to think about it in a new way. Lacework helps to do that,” explains Stefan Dyckerhoff, Lacework board member and managing director of Sutter Hill Ventures.

Lacework raised $24 million in a Series B funding round in August 2018.

Related: Researchers Find 21,000 Exposed Container Orchestration Systems 

Related: Security, Compliance Remain Biggest Concerns Over Cloud 

Related: Cloud Security Firm Aporeto Raises $20 Million 

Related: Darktrace Raises $50 Million at $1.65 Billion Valuation 

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.

Register

Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybersecurity Funding

SecurityWeek investigates how political/economic conditions will affect venture capital funding for cybersecurity firms during 2023.

Funding/M&A

Forty cybersecurity-related M&A deals were announced in January 2023.

Funding/M&A

Seventeen cybersecurity-related M&A deals were announced in the first half of February 2023.

Funding/M&A

Thirty-five cybersecurity-related M&A deals were announced in February 2023

Funding/M&A

More than 450 cybersecurity-related mergers and acquisitions were announced in 2022, according to an analysis conducted by SecurityWeek

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Cloud Security

Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsoft’s ‘verified publisher’ status.