Lacework Prioritizes Cloud Security Risks with New Vulnerability Risk Management Technology
New risk-based vulnerability score reduces 90% of vulnerability noise so customers can prioritize fixing what matters most
April 19, 2023
Mountain View, Calif, April 19, 2023 – Leading up to RSA Conference 2023, Lacework®, the data-driven cloud security company, today announced the expansion of its cloud-native application protection platform (CNAPP) capabilities with an industry-first vulnerability risk management technology. By combining active package detection, attack path analysis, and active exploit data from Lacework Labs and curated feeds, Lacework generates personalized risk scores based on a customer’s unique cloud environment. This allows organizations to reduce up to 90% of vulnerability noise and quickly prioritize fixing the vulnerabilities that matter most.
The new risk-based score is made possible with the Lacework agent, which now automatically detects active vulnerable packages, saving organizations from spending time upgrading unused dependencies caused by software bloat. This in-depth understanding of the customer’s unique environment, together with innovative research and exploit intelligence, produces custom risk-based vulnerability scores that fit each customer’s business scenarios. This provides organizations with context that enables them to focus on the 10% of NVD critical vulnerabilities that truly pose a risk to their business, freeing up resources for developer innovation without sacrificing security.
“One of our biggest cloud security challenges is getting the visibility and context we need to prioritize risks across our environment. With this innovation from Lacework, we can now provide developers with just a handful of work items that need their attention. They will no longer waste time on vulnerabilities that do not pose a risk,” said Zachary Rohrbach, Staff Security Engineer at Quickbase. “Beyond increasing our efficiency, this will also help build trust between our development and security teams.”
Another core component of the new risk-based score is internet exposure from attack path analysis which Lacework introduced last year. Today, Lacework is announcing expanded attack path analysis capabilities to more efficiently prioritize work items and protect data. This functionality also means organizations can innovate with both speed and safety. New capabilities include:
- Top risk dashboard: Lacework provides immediate visibility into the top risks across multiple risk domains, including exposed secrets and attack paths to critical data assets. New active vulnerability detection is leveraged to prioritize these findings.
- Kubernetes context: Lacework discovers attack paths to Kubernetes-based applications, including internet-exposed services and open ports. Security teams can utilize this context to efficiently communicate Kubernetes-related work items to developers.
“As cybersecurity increasingly becomes an executive and board-level discussion, CISOs are looking for platforms which can provide comprehensive visibility across their cloud environment so they can take action against critical risks quickly,” said Sowmya Karmali, Director of Product Management, Lacework. “Our customers can’t afford to spend time fixing inactive vulnerabilities in their environment. With our deep understanding of each customer’s cloud environment and our novel approach to vulnerability risk management, Lacework is the only CNAPP that can help customers increase operational efficiency and better prioritize cloud security risks through visibility and context.”
Resources:
- Learn more about vulnerability management.
- Read what Lacework customers have to say about the Lacework Polygraph Data Platform.
About Lacework
Lacework offers the data-driven security platform for the cloud and is the leading cloud-native application protection platform (CNAPP) solution. Only Lacework can collect, analyze, and accurately correlate data — without requiring manually written rules — across an organization’s cloud and Kubernetes environments, and narrow it down to the handful of security events that matter. Security and DevOps teams around the world trust Lacework to secure cloud-native applications across the full lifecycle from code to cloud. Get started at www.lacework.com.