Lacework Adds Attack Path Mapping to Cybersecurity Platform
Lacework today announced it has added an attack path analysis tool to its cloud-native application protection platform (CNAPP) that visually surfaces how multiple threat vectors could be combined to compromise an IT environment.
Kate MacLean, senior director of product marketing for Lacework, said this addition to the company’s Polygraph Data Platform makes it simpler to understand how cybercriminals combine, for example, vulnerabilities and misconfigurations with network access and secrets to inject malware into applications without requiring organizations to deploy agent software.
The extension of Lacework’s scanning capabilities provides cybersecurity teams with a lens through which they can visualize how cybercriminals view the attack surface that needs to be defended, she added. The issue that cybersecurity teams are encountering these days is that while a single vulnerability may not appear to be especially severe, when used in combination with other threat vectors it can create a major cybersecurity incident, noted MacLean.
At the core of the Lacework platform is Polygraph, a self-learning engine that identifies optimal configurations for cloud environments and then uses that information to identify any behavioral anomalies. That capability is required because IT has reached a level of complexity that is beyond the ability of any cybersecurity team to manage without the aid of some form of artificial intelligence (AI). On top of that foundation, Lacework makes available a CNAPP through which it delivers cloud security posture management (CSPM) and cloud workload protection capabilities via a single platform.
It’s not clear how quickly cybersecurity teams are embracing AI to improve the overall state of cybersecurity, but there is a clear need for additional tools as IT environments become more distributed. The overall size of the attack surface that needs to be defended has increased dramatically in the cloud era. The challenge is that cybersecurity teams can’t deploy agent software everywhere there happens to be a workload connected to the rest of the enterprise. A combination of agents and agentless-enabled scanning capabilities is going to be required.
Less clear is precisely who within organizations will be responsible for securing those platforms. Responsibility for security operations tasks continues to shift toward IT and application development teams, in part to compensate for the chronic shortage of cybersecurity professionals. As that shift occurs, cybersecurity teams should be able to focus more of their time and effort on identifying threats rather than operational remediation tasks. In effect, cybersecurity is finally becoming more of a team sport.
There are, of course, no shortage of CNAPPs these days as the management of cybersecurity increasingly shifts to the cloud. In addition to being more accessible to distributed teams of cybersecurity professionals, CNAPPs typically have the compute resources to collect the amount of data required to create and update AI models. It may be a matter of time before cybersecurity policies are enforced via the cloud rather than using legacy tools and platforms deployed in on-premises IT environments. One way or another, a modernization of security operations is now all but inevitable.
