Skip to main content

Internet Security

Lacework Edge helps you manage risks your users face on the Internet. It helps prevent harm from common Internet threats, such as phishing attacks, spamware, and malware.

As a secure web gateway, Lacework Edge enables you to block, discourage, or set an approval requirement to access specific websites.

For known malicious sites, you can configure security at the DNS level, so that Lacework Edge blocks the request at the DNS request stage, preempting requests to the malicious sites altogether.

For trusted sites, you can set up permit policies to allow the Lacework Edge client to connect directly to the destination site. In particular, streaming sites such as Zoom make good candidate destinations for permit policies. This allows the Lacework Edge client to go directly to the destination site, avoiding the burden of streaming traffic.

You can implement traffic inspection by having Lacework Edge terminate SSL connections, enabling it to apply security algorithms (instead of only the initial CONNECT request) to the requests, before initiating the request to the destination host. In this way, Lacework Edge operates as a man-in-the-middle, performing a valuable security function. Lacework Edge also records logs with the full path for every request.

Getting Started

Implementing Internet Security for your organization requires the following high-level steps.

Step 1: Deploy the Client to Users

The Lacework Edge client runs on your client devices, performing a range of functions, but in particular routing traffic to the Lacework Edge point of service.

While you can install the Lacework Edge client individually, for best results, you should automate deployment to your users with an MDM Mobile Device Management (MDM) tool, such as Kandji or jamf.

For details, see Client Deployment via MDM.

Step 2: Configure Security Policies to Route Traffic for Sites

Routing Internet traffic through Lacework Edge allows you to apply your organization's security and business policies to Internet usage. You can block, permit, or apply custom workflows to access attempts for specific sites. You configure this functionality using Security Policies. See below for more details on setting up custom workflows.

Step 3: Configure Workflows to Moderate Requests

As an alternative to applying and denying traffic, you can apply a workflow to an access attempt. The workflow can require an administrator's approval or simply self-approval. You can customize the page that appears to users when they trigger the workflow. The outcome of the workflow may result in the access attempt being permitted, blocked, or triggering an additional workflow.

For details, see Create workflows to moderate certain traffic.

Step 4: Set up Alerting for Detected Anomalies

After deploying Lacework Edge clients and traffic routing, you can configure alert rules to notify you of detected anomalies or other specific events. You can configure user and user group specific alerts, ranging from connections or disconnection events, anomalous user location, external user documentation access, and much more.

For details see Alerts.

Step 5: Set up Content Inspection

After you set up content inspection, Lacework Edge terminates SSL for client connection attempts, inspects content for anomalies, and reinitiates the connection to the destination. In other words, Lacework Edge acts as a man-in-the-middle, providing insights and policy enforcement.

For details, see Content Inspection.