RapidSOS Calls on Lacework and AWS to Scale Cloud and Container Security

RapidSOS connects critical data from devices, applications, and sensors directly to first responders. The company was using incumbent rules-based and open-source security solutions that resulted in a high percentage of false positives. The manual processes that RapidSOS used to gather evidence were also time-intensive and increased compliance and security risk. Working with AWS Partner Lacework, RapidSOS deployed the Lacework PolygraphData Platform to monitor and protect its AWS environment, which replaced many of the company’s disparate tools, unified cloud security capabilities, and provided greater time to value than a collection of open-source tools.

RapidSOS securely links life-saving data from 500 million-plus connected devices, apps, and sensors from 90-plus global technology companies to over 450,000 first responders across 15,000 agencies nationwide. Whether there’s an unsafe moment or an emergency, RapidSOS Ready devices, vehicles, homes, or buildings deliver essential data to the right place, when it matters most.

The rules-based security solutions RapidSOS was using impeded its overall operational efficiency and caused its security and DevOps teams to suffer from alert fatigue. Eighty percent of alerts were false positives, which increased time and resources spent on investigation and remediation. To secure its Amazon Web Services (AWS) and Kubernetes environments, RapidSOS Information Security Engineer Russell Kingley and his team combined various open-source tools with those built on AWS to deliver the necessary threat detection, but they were time-consuming to deploy, configure, and maintain.

Disparate tools also meant RapidSOS had limited visibility across its AWS environment. There was a disconnect between the various platforms due to a lack of threat attribution between what controls were being exploited and how much traffic was being received.

“Nothing could really scale properly,” says Russell Kingley. “The critical goal of our services is scaling it and being sure the services are redundant and not impacted by any sort of anomalies or outages.” RapidSOS searched for a better, more accessible way to secure its platform.

RapidSOS deployed the Lacework Polygraph Data Platform for end-to-end comprehensive, integrated monitoring and protection of its AWS environment. As a result, RapidSOS avoids alert fatigue, achieves greater efficiency, and reduces security and compliance risk with behavior-based threat detection from AWS Partner Lacework. Lacework was also able to look at containers that RapidSOS was running in Kubernetes and monitor those, providing cost savings and consolidation.

“The combination of Lacework and AWS—including services like Amazon GuardDuty and AWS CloudTrail—helps us monitor and attribute behavior end to end, from initial activity to ensuring the appropriate changes get made,” explains Russell Kingley. This allows RapidSOS to monitor suspicious behavior or anomalies, then link the behavior to the change that was made, providing insight and, more importantly, efficiency, because the tools talk to each other.

One prominent feature attracted Russell Kingley to AWS Partner Lacework: “Low resource work from Lacework on our endpoints and servers. The fact that we can easily deploy the platform and not see significant resource use is important, because any significant resource use can interrupt our services, which can interrupt location services for emergency phone calls.”

With the purpose-built Lacework Polygraph Data Platform, RapidSOS saw a reduction of alert fatigue by 41 percent for its AWS environment.

“We want to isolate alerts that are new,” says Russell Kingley. “That’s where Polygraph, as well as other mechanisms that Lacework has implemented more recently, help in reducing alert fatigue for our developers as well as our security team and NOC team.”

Russell Kingley says his team sees more alerts than ever before, with fewer false positives—but that’s a positive, not a negative. These alerts are higher-quality and rich in context, giving RapidSOS the information it needs to find and fix issues.

Employing the rules-optional Lacework approach means RapidSOS can operationalize faster. Lacework has streamlined file-integrity monitoring, pinpointing any anomalies or file tampering in transit within the RapidSOS environment.

Writing rules is another task that has seen substantial improvement. “Rules won’t necessarily scale,” states Russell Kingley. “You have to rewrite a rule for a different environment or for a different build.” Machine learning gives RapidSOS the opportunity to scale as needed, without requiring manually written rules.

The data-driven Lacework Polygraph Data Platform on AWS simplified the compliance process, too. RapidSOS can prove compliance faster, reducing evidence gathering from two days to less than an hour. Lacework provides auditable evidence of compliance with pre-built compliance templates to help guide remediation and reduce risk.

Russell Kingley recognizes that both Lacework and AWS know how startups like RapidSOS function—with rapid movement, cost sensitivity, and risk aversion. “Ideally we want to grow with a company with that start-up mentality,” says Kingley. “We know that the delivery of the different tool sets or different features will be at a faster velocity than it would be at a larger-scale company.”

In comparison to open-source tools, Russell Kingley appreciates how Lacework resembles a native AWS service that makes the AWS infrastructure work faster and smarter, improving his team’s performance.

“There’s definitely a benefit to partnering with Lacework and AWS. We’ve already seen increased visibility and service improvements. As the relationship between Lacework and AWS progresses, it will only benefit customers like us.”