Introducing Lacework Smart Fix: The smart way to remediate cloud risks

Lacework Editorial·May 2, 2024·5 min read

For developers, time is always in short supply. They are constantly being pushed to do more, faster. Securing their code has historically required extra work, blocking them from moving quickly. With Smart Fix, a new feature from Lacework, developers can focus on what they do best: building and innovating. Smart Fix combines the unparalleled speed and accuracy of Lacework code security with automatic remediation for third-party code vulnerabilities, making it easier than ever to deliver secure code fast.

The power of Smart Fix in code security

This innovative feature is the latest addition to the code security offering from Lacework, which was unveiled in November of last year. By unifying code and cloud security, teams are empowered to accelerate the delivery of secure cloud applications. With code security, Lacework introduced two new static code analysis capabilities: software composition analysis (SCA) provides visibility of third-party code and their associated common vulnerabilities and exposures (CVEs), and static application security testing (SAST) discovers and assesses common weakness enumeration (CWE) issues in first-party code.

Combined, the Lacework approach to code security empowers developers to quickly secure third-party and first-party code, and security teams to scale expert reviews to millions of lines of code per minute for their most exposed internet-facing applications.

While open-source and commercial SCA and SAST tools have been available in the market for years, operationalizing shift-left security remains a struggle for many organizations. Despite promises to simplify secure code development, these tools often fail to deliver, requiring developers to perform significant additional work, slowing them down, and often making them highly skeptical of application security automation.

Automate and accelerate third-party security fixes

There's nothing more frustrating than applying a fix for one vulnerability only to uncover that it actually introduces others. Manually researching and testing different fix versions can be time-consuming, with developers spending hours updating and retesting packages until they find a clean version. But now, Lacework Smart Fix streamlines the process, enhancing the speed and accuracy of Lacework code security with automatic remediation for third-party code vulnerabilities.

Lacework Smart Fix is the next step in our commitment to simplify cloud security, empowering developers to take swift, decisive action that saves invaluable time in the fight to deliver secure code rapidly. It is your intelligent guide for automated remediation of third-party software vulnerabilities.

How does it work?

Smart Fix provides a single recommendation to safely fix every CVE within a third-party or open-source package. It rigorously evaluates each potential fix version to uncover any other vulnerabilities within those versions, and automatically recommends a safe and secure fix for the entire package. It also identifies which versions are free of CVEs and those that are free of critical and high severity CVEs. In both cases, it recommends a version that's closest to the vulnerable starting point, minimizing any operational risks of breaking an application or causing significant regression testing.

Transparency matters: Quick fixes, clear results

The Smart Fix graph clearly displays how Lacework calculates its recommended safe package versions. This technology integrates seamlessly into developers’ GitOps workflows, enabling them to quickly understand the security implications of an update directly in their existing workflows. With Smart Fix, developers no longer need to spend hours searching for safe versions or updating vulnerable packages that might necessitate additional fixes or cause them to backtrack and address other CVEs later in the development process.

Less friction, more function

Smart Fix is just one of the powerful features in our comprehensive code security solution. To further streamline secure coding practices and reduce security friction for developers, Lacework is introducing several additional capabilities:

Application context: Enumerates every instance in which an application references a vulnerable library. Developers can observe how often the library is called and understand how the library is utilized, giving them the context needed to effectively prioritize CVEs.
Differential analysis: Identifies CVEs introduced by each developer as they change code and submit pull requests. This allows developers to prioritize speed in getting their code developed and through security checkpoints rather than dealing with longstanding vulnerabilities introduced by others.
Visual Studio (VS) Code extension: Detects and alerts developers to vulnerable third-party and open-source libraries and packages as code is written. Developers can proactively address security risks directly within their integrated development environment (IDE) and avoid delays caused by discovering vulnerabilities during PR submissions or code check-ins.

See it in action

Lacework code security empowers teams to deliver secure cloud applications faster than ever before. Lacework Smart Fix takes this a step further with automatic remediation for third-party code vulnerabilities, saving developers valuable time in the fight to deliver secure code quickly.

To learn more about Lacework Smart Fix, sign up for an upcoming product tour.