Lacework on Wednesday announced new cloud-native application protection platform (CNAPP) features to its Polygraph Data Platform that adds improved attack-path analysis and agentless workload scanning for secrets and vulnerabilities.
These new analysis and scanning features promise improved visibility into today’s increasingly complex security environment, allowing organizations to better understand what matters so they can triage and respond faster.
“As cloud environments become more complex, it’s difficult for organizations to get a clear picture of what’s happening across their critical infrastructure so they can work efficiently to scale security to manage risk with the speed of modern software development,” said Melinda Marks, senior analyst at the Enterprise Strategy Group. “Lacework…combines visibility with a deep understanding of behaviors across a customer’s overall cloud environment.”
Marks added that with the move to cloud-native, organizations need security products that can meet the needs of dynamic applications in cloud environments along with faster development cycles. Marks said Lacework has been a pioneer monitoring cloud-native workloads (VMs, containers) and is known for its agent-based Polygraph technology that can fully monitor workloads to collect and analyze data to detect anomalies and threats.
“Now, they are adding agentless capabilities to help customers easily connect for wider coverage of their applications,” Marks explained. “Their platform can pull all of the data collected for context on which issues should be addressed first, and the attack-path analysis helps determine those needed actions to stay ahead of threats. This also helps position them compared to some newer entrants focused on agentless capabilities that are offering similar capabilities to help companies scale security to support cloud-native development.”
Frank Dickson, who covers security and trust at IDC, said Lacework continues to roll out features to enhance its platform approach to cloud workload security. Platform approaches are important as application developers, security professionals and cloud operations teams all have demands of cloud security offerings, but their needs are unique and they do not always work well together, said Dickson.
Dickson said the agentless scanning feature underscores organizational conflict at businesses. Dickson said while there are few benefits that an agentless solution offers that an agent-based solution cannot, application developers are often the power brokers in the organization and may prevent cloud operations teams from leveraging an agent.
“Agentless solutions overcome the imperfections in organization and enable cloud teams to get the telemetry that they need to satisfy compliance requirements,” Dickson said. “The attack-path analysis is about adding context to vulnerabilities. No environment is vulnerability-free as addressing 100% of vulnerabilities is fool’s errand. We want to prioritize significant vulnerabilities that are actively being exploited. Attack-path analysis add context to vulnerabilities, prioritizing vulnerabilities based on an attacker’s ability to reach the vulnerability.”
Ratan Tipirneni, president and CEO at Tigera, added that while attack-path analysis is a step in the right direction to contextualize the scope and gravity of a breach, it’s still not enough to prevent the attack from happening. For example, Tipirneni said in the case of Log4j, the vulnerability was discovered at a time when numerous Log4j workloads were already in production.
“In such situations, attack path analysis helps identify the ways the vulnerability can be exploited,” said Tipirneni. “However, unless the organization can deploy mitigating controls to neutralize the attack paths, it’s still an incomplete solution. The right approach should be to combine vulnerability detection with techniques to mitigate the risks of exploitation of vulnerable workloads.”