Cloud safety vendor Lacework this week introduced the provision of a cloud-native utility safety platform (CNAPP) for its broader Polygraph Information Platform providing, offering an agentless, low-touch possibility for organizations trying to enhance their utility safety posture.
There are two most important elements to the CNAPP launch, in response to Lacework, each of which require solely that the person join their cloud accounts with Lacework’s equipment. The primary is assault path evaluation, which makes use of Lacework’s methods to investigate configurations, community topography and extra to supply a visible illustration of attainable methods during which dangerous actors might compromise utility workloads. The system searches for misconfigurations, open community entry, identification administration roles and recognized software program vulnerabilities to create its prognosis.
Lacework’s CNAPP creates its personal SBOM
The opposite most important a part of Lacework’s launch is agentless workload scanning. This makes use of snapshot evaluation of what’s happening in container pictures, hosts and libraries to create its personal software program invoice of supplies (SBOM) for a given setting. In keeping with the corporate, this supplies customers with a deeper understanding of what’s happening of their cloud setting and highlights attainable dangers, and the agentless nature of the system signifies that there needs to be no efficiency affect on the person’s cloud purposes.
It additionally makes the workload scanning system less complicated to implement, in response to ESG senior analyst Melinda Marks. Whereas agentless scanning doesn’t enable for the type of steady, up-to-the-second monitoring offered by agent-based methods, the benefit of use and smaller footprint are greater issues for a lot of organizations.
“The power to attach workloads with out having to put in brokers allows broader protection, which is vital, due to the ephemeral nature of workloads,” she mentioned. “It’s extra environment friendly and extra possible than putting in brokers and being restricted with monitoring solely workloads with the brokers put in.”
Agentless scanning, in response to Marks, is arguably the larger deal for enterprise clients, given the flexibleness and ease of use. At present, the marketplace for one of these utility safety is a patchwork, with distributors making the case for his or her proprietary expertise, whether or not that’s agentless or not.
“The purpose is to gather probably the most info and telemetry whereas surfacing alerts on what wants consideration to scale back safety threat and defend the purposes, and accomplish that in a manner that doesn’t affect utility efficiency,” she mentioned.
Each the workload scanning and assault path evaluation options can be found instantly to Lacework clients, the corporate mentioned.
Copyright © 2022 IDG Communications, Inc.
