San Jose, Calif., November 9, 2022 — Lacework®, the data-driven cloud safety firm, in the present day introduced new cloud-native software safety platform (CNAPP) capabilities for the Polygraph® Information Platform that present improved assault path evaluation and agentless workload scanning for secrets and techniques and vulnerabilities. These capabilities present higher visibility into in the present day’s more and more complicated safety atmosphere, enabling organizations to immediately perceive what issues to allow them to triage and reply sooner.
In keeping with the most recent Lacework Cloud Menace Report, attackers are quickly growing in sophistication, with a selected give attention to infrastructure. Attackers consistently search paths of least resistance to compromise a system, hiding within the complexity of seemingly disparate dangers and exploiting them every time doable. Regardless of cloud adoption turning into almost ubiquitous throughout industries, many enterprises nonetheless lack the visibility wanted to actually handle and perceive these refined vulnerabilities current or rising in their very own cloud environments. Even most fashionable safety options fall quick right here, counting on rules-based approaches that don’t account for the dynamic uniqueness of every group’s cloud atmosphere.
“As cloud environments turn into extra complicated, it’s tough for organizations to get a transparent image of what’s taking place throughout their important infrastructure to allow them to work effectively to scale safety to handle danger with the velocity of contemporary software program growth,” mentioned Melinda Marks, Senior Analyst at ESG. “Lacework is a robust participant within the CNAPP class as a result of it combines visibility with a deep understanding of behaviors throughout a buyer’s general cloud atmosphere.”
In response to those challenges, Lacework has launched assault path evaluation, which mixes a visible illustration of potential assault paths with deep runtime perception from the Polygraph Information Platform. These visible assault paths tie collectively completely different assault vectors, together with vulnerabilities, misconfigurations, community reachability, secrets and techniques, and id and entry administration (IAM) roles for each host within the atmosphere. That is offered as an extra layer of context for each alert to obviously present which belongings might be attacked and why. As cloud threats proceed to develop in quantity and class, this important context allows safety groups to establish and prioritize remediation primarily based on danger and actively look ahead to exploits earlier than they turn into an issue, all from a single platform.
With the addition of agentless workload scanning, prospects profit from extra flexibility to construct layered safety, broader protection throughout environments, and sooner time to worth via vulnerability and secrets and techniques discovery in runtime environments with out using brokers. Clients can now assess vulnerabilities and uncovered secrets and techniques in container photographs, hosts, and language libraries and ship a software program invoice of supplies for his or her runtime atmosphere. This permits:
- A greater understanding of the cloud atmosphere and potential dangers with an up-to-date stock of software program elements and details about vulnerabilities and uncovered secrets and techniques within the manufacturing atmosphere
- The flexibility to scan extra sources with out an agent for extra full protection of the runtime atmosphere and to remain compliant with safety requirements and enterprise wants
- Extra flexibility and option to construct layered safety with steady monitoring
“We take safety critically and all the time take into account it a important issue once we construct or deploy new providers, “ says Charly Vitrano, Director of Safety Operations at Medallia. “Lacework has given the market a brand new, higher, and safer possibility for agentless scanning — the privateness and least privilege parts have been important for us to deploy this answer throughout the environment.”
“With the intention to present a whole, strong safety answer, prospects want each visibility into the dangers to prioritize fixing throughout the whole cloud atmosphere and deep perception into what’s actively taking place throughout their atmosphere to allow them to take motion shortly to guard their enterprise,” mentioned Adam Leftik, VP of Product, Lacework. “We knew delivering solely danger prioritization wasn’t ok, which is why we’ve integrated superior visibility and safety from lively assaults into our Polygraph Information Platform. Clients now have the context they should guarantee their environments keep secure at the same time as threats proceed to develop.”
Lacework is the one safety platform that mixes the power to see potential dangers from the lens of an attacker with the data of what’s actively taking place to uncover assaults while not having to put in writing a single rule. This permits prospects to prioritize mitigating probably the most impactful assault vectors and routinely detect if or when they’re exploited.
Assault path evaluation and agentless vulnerability scanning are actually usually accessible to Lacework prospects. Go to our web site to get began in the present day.
Further Sources:
- To be taught extra and to request a demo, please go to our web site: www.lacework.com/
- Try our weblog for extra data on our new agentless scanning capabilities.
Learn what Lacework prospects should say in regards to the Lacework Polygraph Information Platform.