Lacework Partners with AWS Built-in to Bring Customers Massive Time and Cost Savings

Executive Summary

When Lacework learned about the AWS Built-in Competency, they saw it as an opportunity to help solve issues around complex deployments and configurations for their AWS customers. Working together, Lacework and AWS co-built a solution that automates deployment of Lacework Polygraph Data Platform with multiple AWS services in a single package via a CloudFormation template. For customers, the results are faster and simplified deployments that don’t require AWS experts or expensive consultants, saving time and money. For Lacework, the results are more opportunities for sales leads and co-marketing activities with AWS. Lacework’s AWS Built-in solution has also laid the groundwork for more customized AWS integrations in the future.

Lacework’s Partnership with AWS is Based on a Co-build Model

Michael Musselman, Area Vice President, Cloud & Technology Alliances at Lacework, is no stranger to Amazon Web Services (AWS). In fact, he describes his relationship with AWS as more of a friendship than a business partnership. Lacework prioritizes AWS customers, so keeping up with the latest AWS technologies and participating in early adopter and beta programs is essential for Lacework’s overall strategy in the cloud security services space. According to Michael, “Our co-build partnership with AWS is a logical move, not only to accommodate the majority of our customers, but also for building competitive AWS integrations for our security platform. We’re building security products specifically for AWS core services, so it just makes sense for us to be friends.”

Lacework’s extensive portfolio of AWS integrations demonstrates its commitment to partnering and co-building with Amazon. Integrations for AWS Control Tower, AWS Security Hub, Amazon GuardDuty, Amazon Security Lake, AWS CloudFormation, and others are built and tested by Lacework technical engineers to ensure they play nicely together with AWS core services and work as expected in real-world customer environments.

A key factor in Lacework’s successful integrations—and a large part of their AWS strategy in general—is data consumption and analysis. According to Michael, threat management in the cloud is inherently complicated because customers are managing multiple services simultaneously, different parts of the organization may not have access to the same data, and the threat landscape is different for everyone. “Our superpower is creating the right tools to find and prioritize misconfigurations, vulnerabilities and threats in a massive amount of activity data. We’re committed to the AWS shared responsibility helping our customers stay safe for the parts they’re responsible for securing.”


Our co-build partnership with AWS is a logical move, not only to accommodate the majority of our customers, but also for building competitive AWS integrations for our security platform.”

Michael Musselman
Area Vice President, Cloud & Technology Alliances, Lacework

Complex Onboarding Translates into Enormous Costs and Time Commitments

When asked about the top customer challenges with Lacework’s AWS integrations, Michael said that the biggest obstacles are not in the technologies themselves but instead mostly around onboarding. Customer environments are unique, vary in size, and have different requirements for security and threat monitoring. Infrastructure and disparate tooling around endpoint protection, firewalls, and web applications can be messy and complex.

To add to the complexity, Lacework’s customers are typically big innovators, which means they tend to build quickly. According to Michael, “While this fast-paced environment of spinning things up and down and deploying sizable workloads creates valuable intellectual property, it can also mean wide threat landscapes with more opportunities to misconfigure things or threats from outside attackers.”

For customers, especially those with multiple AWS accounts, these obstacles often translate into paying high fees for customized services to wire everything together. Unfortunately, most organizations don’t have AWS experts on site who are familiar with AWS best practices, so they end up having to hire expensive consultants or wait for an available opening with AWS Professional Services. Either way, the time commitment and associated costs can be quite alarming.

Finding the right people to configure and deploy all these technologies individually is a common complaint for customers. According to Michael, “There isn’t a single pane of glass for configuring these integrations. Customers end up deploying Lacework and AWS services in pieces across their organizations, and then they’re left with the task of wiring them all together.”

Without the proper configuration—one that complies with AWS best practices—businesses run the risk of not knowing how to act on the security findings and supporting analysis presented with the data. Michael says, “The good guys have to be right 100% of the time, the bad guys only have to be right once. It’s a real challenge and impossible to bring all security risks to 0%.”

Tackling Customer Pain Points Head on Through AWS Built-in

Michael has many connections at AWS, but one in particular proved to be a game changer in Lacework’s strategy for dealing with customer pain points. That connection is Anthony Paladino, Sr. Partner Development Specialist at AWS. Anthony is one of the creators of the AWS Built-in Competency, an AWS Specialization that’s designed to offer customers preconfigured, automated deployments of partner products that are fully integrated with AWS foundational services via a single AWS CloudFormation template. AWS Built-in solutions are co-built by partner developers and AWS solutions architects using a modular code base that’s rigorously tested and reviewed against the AWS Well-Architected Framework.

Michael says, “When Anthony approached us about being an early adopter of AWS Built-in, we were all in. We knew this program was different. The most appealing part was that it was designed specifically to address the problems our AWS customers face every day with rapid and accurate configuration and deployment of Lacework and AWS services.”


AWS Built-in was the key that unlocked the blueprint for building the infrastructure and the ingestion pipelines and all the slicing and dicing required to handle complex data.”

Michael Musselman
Area Vice President, Cloud & Technology Alliances, Lacework

A Full Integration that’s Preconfigured into a Single, Deployable Package

After weeks of planning, building, and testing, Lacework and AWS co-launched Lacework’s AWS Built-in solution. The end result is a deployable package that integrates Lacework Polygraph Data Platform with multiple AWS services, including AWS Control Tower, AWS CloudTrail, Amazon GuardDuty, and AWS Security Hub. Available on AWS Marketplace, customers can deploy the solution via a single CloudFormation template to existing AWS accounts all at once—no manual configuration required.

The solution is ideal for customers with multiple AWS accounts. All new AWS accounts are automatically enrolled using the Control Tower management account. Regardless of new or existing, all AWS accounts are configured consistently across the organization according to AWS best practices, and Lacework's security auditing and monitoring can be added to AWS accounts automatically. Once deployed, Lacework’s automated cloud security platform helps customers lower the risk of misconfigurations and vulnerabilities while simultaneously monitoring for anomalous behaviors in activities to alert security teams that something might be awry.

But the benefits don’t stop there. One outcome of Lacework’s AWS Built-in solution is a new GuardDuty integration with composite alerts, which are automatically enabled at deployment time. Composite alerts uniquely differentiate Lacework from many other security solutions by aggregating typically low-signal security events into a correlated alert with a specific call to action with supporting evidence. With the AWS Built-in integration, GuardDuty alerts also enhance the detections, increasing the confidence score of the threat. By joining forces, these alerts provide improved contextual summaries and less noise/false positives so teams can more efficiently identify threats and act on them immediately. By ingesting GuardDuty findings directly into Lacework, teams don’t have to spend time monitoring disparate streams of threat data from multiple systems. When both GuardDuty and Lacework findings confirm each other’s findings, incident response and triage can take more appropriate action and not get bogged down with alerts generated from normal day-to-day operations of the organization.

According to Michael, the overall project produced benefits well beyond the AWS Built-in solution, and the GuardDuty integration with composite alerts is proof of that. “We’ve seen that over half of our customers are using both Lacework and GuardDuty, so combining forces and creating a way to aggregate our event data so customers can spend their valuable time taking action on real threats instead of swiveling chairs between multiple systems, wasting time sifting through the noise, was paramount.”

Massive Time and Cost Savings for Customers

Lacework’s AWS Built-in solution translates into enormous cost and time savings for customers. In a single click, customers can perform a fully integrated, automated deployment across all their AWS accounts in just minutes. And because the deployment is preconfigured and optimized according to AWS best practices, account maintenance is much simpler. Customers can use their Lacework dashboard to manage the security of the entire organization.

Compliance is another huge win for customers. Knowing that the AWS Built-in solution was designed, created, tested, and validated according to the AWS Well-Architected Framework is reassuring for customers who aren’t AWS experts. Misconfigurations can lead to big mistakes when it comes to security, and most organizations don’t want to take chances. According to Michael, “Lacework’s customers are no exception. With AWS Built-in, our customers have 100% compliance validation. The security team at AWS fully validates our code, and that’s peace of mind for our mutual customers.”

In addition to AWS compliance and time and cost savings, another benefit is the fast and intuitive deployment process. After creating an API access key and then logging in to the Control Tower management account to select a deployment Region, customers simply navigate to AWS Marketplace and click a button to launch the stack from the CloudFormation console. They fill in a few configuration parameters for their cloud environment, and create the stack. The whole process takes just a few minutes. Once completed, customers can validate the solution in Lacework, where they’ll see a list of AWS accounts that are currently being monitored by Lacework.

According to Michael, “We’re facing customer pain points head on and, in true Amazon style, we’re working backwards from those obstacles. We’re combining best-of-breed technologies to achieve our customers' ability to continue to build and innovate quickly for their customers with the peace of mind that their cloud workloads are secured. It’s proof that we’re serious about our partnership with AWS.”

AWS Built-in Opens Doors for Bigger and Better Co-build Opportunities

Since launching their AWS Built-in solution and GuardDuty integration with composite alerts feature at re:Inforce 2023, Lacework has seen a significant increase in sales opportunities. Lacework’s sales team has a shiny new tool in their toolbag—one that’s been vetted by security experts and co-branded with AWS. AWS is also recommending Lacework’s solution in conversations with potential customers. With over 10,000 AWS sellers in the field, this could mean a significant impact in revenue for Lacework.

Lacework’s AWS Built-in solution and its availability on AWS Marketplace has also opened the doors to multiple co-marketing activities with AWS. Lacework and AWS are actively planning marketing campaigns, workshops, and immersion days where they walk customers through an end-to-end deployment and show them the end results. According to Michael, “Through our co-marketing efforts with AWS, we’ve got people all over the world talking about our AWS Built-in solution. We’re working on a lot of deals. This just shows that our partnership is really a better-together thing.”

Looking ahead, Michael says that the AWS Built-in solution is just the beginning of bigger and better co-build projects with AWS. “We now have a roadmap to do additional things. AWS Built-in was the key that unlocked the blueprint for building the infrastructure and the ingestion pipelines and all the slicing and dicing required to handle complex data. This is really just the beginning.”


About AWS Partner Lacework

Lacework keeps organizations secure in the cloud, allowing them to innovate faster with confidence. Cloud security requires a fundamentally new approach and Lacework's platform is designed to scale with the volume, variety, and velocity of cloud data across an organization's cloud environment: code, identities, containers, and multi-cloud infrastructure. Only Lacework provides Security and Development teams with a correlated and prioritized end-to-end view that pinpoints the largest risks and handful of security events that matter most.
APN Program Participation