Lacework Prioritizes Cloud Security Risks with New Vulnerability Risk Management Technology

The data-driven cloud security company, announced the expansion of its cloud-native application protection platform (CNAPP) capabilities with an industry-first vulnerability risk management technology. By combining active package detection, attack path analysis, and active exploit data from Lacework Labs and curated feeds, Lacework generates personalized risk scores based on a customer’s unique cloud environment. This allows organizations to reduce up to 90% of vulnerability noise and quickly prioritize fixing the vulnerabilities that matter most.’

AiThority: How AI Can Improve Public Safety

The new risk-based score is made possible with the Lacework agent, which now automatically detects active vulnerable packages, saving organizations from spending time upgrading unused dependencies caused by software bloat. This in-depth understanding of the customer’s unique environment, together with innovative research and exploit intelligence, produces custom risk-based vulnerability scores that fit each customer’s business scenarios. This provides organizations with context that enables them to focus on the 10% of NVD critical vulnerabilities that truly pose a risk to their business, freeing up resources for developer innovation without sacrificing security.

“One of our biggest cloud security challenges is getting the visibility and context we need to prioritize risks across our environment. With this innovation from Lacework, we can now provide developers with just a handful of work items that need their attention. They will no longer waste time on vulnerabilities that do not pose a risk,” said Zachary Rohrbach, Staff Security Engineer at Quickbase. “Beyond increasing our efficiency, this will also help build trust between our development and security teams.”

Another core component of the new risk-based score is internet exposure from attack path analysis which Lacework introduced last year. Today, Lacework is announcing expanded attack path analysis capabilities to more efficiently prioritize work items and protect data. This functionality also means organizations can innovate with both speed and safety. New capabilities include:

• Top risk dashboard: Lacework provides immediate visibility into the top risks across multiple risk domains, including exposed secrets and attack paths to critical data assets. New active vulnerability detection is leveraged to prioritize these findings.
• Kubernetes context: Lacework discovers attack paths to Kubernetes-based applications, including internet-exposed services and open ports. Security teams can utilize this context to efficiently communicate Kubernetes-related work items to developers.

Latest Insights: Is Customer Experience Strategy Making or Breaking Your ‘Shopping Festival’ Sales?

“As cybersecurity increasingly becomes an executive and board-level discussion, CISOs are looking for platforms which can provide comprehensive visibility across their cloud environment so they can t********** against critical risks quickly,” said Sowmya Karmali, Director of Product Management, Lacework. “Our customers can’t afford to spend time fixing inactive vulnerabilities in their environment. With our deep understanding of each customer’s cloud environment and our novel approach to vulnerability risk management, Lacework is the only CNAPP that can help customers increase operational efficiency and better prioritize cloud security risks through visibility and context.”

Read More: The Practical Applications of AI in Workplace

[To share your insights with us, please write to sghosh@martechseries.com]