Cloud Security and Compliance for the Gaming Industry
Lacework protects Cloud Gaming Infrastructure
Like a warrior on a quest to max out their EXP, cybercriminals are relentless in attacking all aspects of the gaming industry. As a result, disruptions from cyber attacks can delay game development and distribution and result in a poor experience for players encountering account takeovers, and denial of service.
Gaming Industry Challenges
The gaming industry is a favorite target of cyberattackers, and motivation for attacks ranges from illegally manipulating in-game currency to the simple notoriety of successfully hacking their favorite title. Gaming security faces some unique challenges, given the nature of the industry:
- Complexity: In some respects, the gaming industry is an easy target. An unnoticed vulnerability in the latest update could leave the castle gates wide open. Companies often use a central platform for all their games, creating an attractive target that can wreak havoc across many franchises with a single successful exploit. Games may have custom protocols that aren’t built to distinguish legitimate traffic from an attack.
- Always-On: Gamers are online literally 24×7, leaving little to no downtime for patches or cold fixes that could strengthen defenses. Attackers are always on as well, using server farms and hijacking users’ machines to flood data against overwhelmed infrastructure.
- Valuable: Gaming is a multibillion-dollar industry and growing, surpassing many other forms of traditional media and entertainment. Given the potential for profit, even small successes can embolden attackers to go after bigger targets. Many large companies have been targeted for ransom demands; gaming faces the same potential vulnerability, leading to large payouts.
Compliance Made Easy
While gaming may not have the same regulatory compliance requirements as some industries, managing the logistical and physical security of the IT infrastructure is critical. Like all businesses that accept payment information, gaming companies are responsible for safeguarding customers’ personally identifiable information (PII), including payment details. There may also be national regulations regarding data security where compliance must be demonstrated.
Hosting and scaling dedicated game servers for online, multiplayer games require IT security protocols that contain effective cloud security solutions. Lacework streamlines compliance by continuously tracking configuration changes and providing daily audits to maintain compliance and protection.
Lacework monitors user accounts for abnormal activity, even when that activity is technically authorized. We empower IT security and compliance teams with customizable alerts when items change from compliant to non-compliant.
- Lacework checks across the industry-accepted CIS Benchmark for secure configurations of cloud accounts and workloads.
- Lacework includes supplemental checks for common compliance frameworks like PCI DSS and SOC 2.
- Lacework empowers compliance and security teams with continuous analysis and historical reporting to demonstrate what is being checked, where problems exist, an analysis of each problem encountered, and the steps needed to remediate misconfigurations.
- Lacework’s configuration compliance solution detects behavioral anomalies, so even if configurations meet required standards, unauthorized use or abnormal activity is detected and alerted on. This ensures that organizations are aware of issues that might go undetected by solutions that rely on manually written compliance rules. Lacework delivers native container and Kubernetes security support, reducing the attack surface and detecting threats in containerized environments.
- Lacework integrates multi-cloud checks into a single dashboard by continuously monitoring configuration changes and API activity for containers across common platforms.
Innovation at the Speed of DevOps
Leading companies innovate, go to market, and scale quickly with limited resources. These companies ship products at light speed with security at every touchpoint. At Lacework, we empower customers to do this with our cloud security platform. Lacework enables customers with visibility to secure data, networks, and DevOps teams that involve the entire organization and communicates vulnerabilities as soon as they are detected.
Lacework Polygraph® exceeds security and compliance requirements by empowering IT security teams with security content that drives visibility into host workload, container, and Kubernetes platforms as well.
Lacework was built from the ground up for detecting and observing security threats in the cloud, including serverless, containers, and Kubernetes workloads, and streamlines security tasks for software teams building on Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP).
Always-On Cloud IT Security
One of the most important gaps within gaming systems is robust and real-time monitoring of all activity. Lacework not only constantly monitors networks for anomalies, but our foundation, Polygraph, delivers a deep temporal baseline built from collecting high-fidelity machine/process/users interactions over a period of time.
The Polygraph is used to detect anomalies, generate appropriate alerts, and provide a tool for users to investigate and triage issues including:
- Activity on all cloud platform resources, such as new activity in a region, activation of new services, or changes to access control lists.
- Changes to users, roles, or access policies.
- Tampering to access or customer master keys.
By understanding the natural hierarchies of processes, containers, pods, and machines, Polygraph is able to dynamically develop a behavioral and communication model of your services and infrastructure that aggregates all data points to develop behavioral models.
EN SAVOIR PLUS
When it comes to development and security, you’re not playing games. Neither is Lacework. We automate and continuously monitor your compliance and security, from build to runtime. Consolidate tools, optimize your SIEM, secure your containers. Run faster, jump further, and expand your empire.
FAQ sur la solution de compliance des configurations de Lacework
Lacework utilise les meilleures méthodes de vérification, y compris les critères de CIS Benchmark, pour évaluer les configurations de la sécurité dans Amazon AWS, Google GCP et Microsoft Azure.
Lacework dispose de mapping avec PCI, HIPAA, SOC 2 et NIST 800-53 Rev 4.
Lacework surveille les configurations de vos comptes cloud en continu. Lorsque les configurations s'écartent des bonnes pratiques, elles sont détectées et une alerte est générée. Ces alertes peuvent être configurées pour être envoyées à la plupart des outils d'alerte courants tels que Slack, Splunk, Pagerduty, etc.
Lacework dispose de contrôles pour AWS, Azure et GCP. Lacework fournit une plateforme unique qui peut contribuer aux mesures de compliance sans qu'il soit nécessaire de déployer plusieurs outils pour chaque fournisseur cloud.
Lacework effectue des contrôles de configuration sur la base des bonnes pratiques reconnues par la profession, telles que le CIS. Lacework fournira ensuite des rapports listant toutes les ressources présentant une menace, ce qui permettra de contribuer aux mesures correctives. Ces rapports peuvent ensuite être remis aux auditeurs pour servir de preuve du respect des critères de compliance.