Lacework Adds Visualization Capabilities to CNAPP
Lacework today added multiple capabilities to its namesake cloud-native application protection platform (CNAPP), promising to make it simpler for security analysts to correlate threats using, for example, graph technology the company developed.
At their core, graph technologies leverage a graph database to surface the relationship between data sources. For example, a Lacework Explorer tool added to the platform can help a cybersecurity team to visualize how a cyberattack is unfolding or to discover where a specific application is running within its IT environment.
In addition, Lacework added a set of context panels to better highlight the relationships between alerts, along with composite alerts for Kubernetes environments. Finally, the company is adding dashboards built for CIOs who need to track cybersecurity events to, among other things, justify their cybersecurity investments.
Adam Leftik, vice president of product for Lacework, said the overall goal is to reduce the amount of time required to analyze cybersecurity data at a time when cyberattacks are increasing in both volume and sophistication. The longer it takes for security analysts to determine the root cause of an issue the longer it takes to remediate the issue, he noted.
Lacework already makes use of a Polygraph engine that applies machine learning algorithms to identify potential attack paths and other related cybersecurity issues. The latest capabilities add additional visualization and correlation capabilities to the artificial intelligence (AI) already embedded into a platform designed to provide the connective tissue for managing security operations, said Leftik. Lacework also previously added generative AI capabilities to make it easier to create reports and perform other useful tasks.
It’s not clear at what pace organizations are embracing CNAPPs to streamline operations in a way that also promises to reduce costs by rationalizing toolsets. The one thing that is certain is there is already no shortage of options. As a cybersecurity category originally defined by Gartner, CNAPPs aggregate two types of security platforms: Cloud security posture management (CSPM) platforms—already used by many organizations to surface misconfigurations and other vulnerabilities that cybercriminals could potentially exploit—and cloud workload protection platforms (CWPP) that protect a workload running on either a virtual machine or encapsulated in a container.
Interest in CNAPPs has naturally risen sharply as the number of workloads deployed in the cloud and concerns about the total cost of cybersecurity have increased. The challenge is that organizations need to find the budget resources to acquire a CNAPP before the financial benefits of rationalizing their cybersecurity toolset might be realized.
In the meantime, the overall size of the cybersecurity team within most organizations is not expected to substantially increase. Many organizations have open positions they for one reason or another are unable to fulfill. As a result, many of them are shifting toward platform-centric approaches through which they hope to automate more tasks.
The pressure on cybersecurity teams to do more with existing or sometimes even fewer resources increases with each passing day. The challenge is finding a way to achieve that goal without further burning out cybersecurity staff who are as hard to find and retain as ever.
