The cloud native application protection platform (CNAPP) capability for Lacework’s Polygraph Data Platform offers snapshot analysis of potential attack paths and insights into application workloads. Credit: CIS Cloud security vendor Lacework this week announced the availability of a cloud-native application protection platform (CNAPP) for its broader Polygraph Data Platform offering, providing an agentless, low-touch option for organizations looking to improve their application security posture.There are two main components to the CNAPP release, according to Lacework, both of which require only that the user connect their cloud accounts with Lacework’s apparatus. The first is attack path analysis, which uses Lacework’s systems to analyze configurations, network topography and more to provide a visual representation of possible ways in which bad actors could compromise application workloads. The system searches for misconfigurations, open network access, identity management roles and known software vulnerabilities to create its diagnosis.Lacework’s CNAPP creates its own SBOMThe other main part of Lacework’s release is agentless workload scanning. This uses snapshot analysis of what’s going on in container images, hosts and libraries to create its own software bill of materials (SBOM) for a given environment. According to the company, this provides users with a deeper understanding of what’s going on in their cloud environment and highlights possible risks, and the agentless nature of the system means that there should be no performance impact on the user’s cloud applications. It also makes the workload scanning system simpler to implement, according to ESG senior analyst Melinda Marks. While agentless scanning doesn’t allow for the kind of continuous, up-to-the-second monitoring provided by agent-based systems, the ease of use and smaller footprint are bigger considerations for many organizations. “The ability to connect workloads without having to install agents enables broader coverage, which is important, thanks to the ephemeral nature of workloads,” she said. “It’s more efficient and more feasible than installing agents and being limited with monitoring only workloads with the agents installed.”Agentless scanning, according to Marks, is arguably the bigger deal for enterprise customers, given the flexibility and ease of use. Currently, the market for this type of application security is a patchwork, with vendors making the case for their proprietary technology, whether that’s agentless or not. “The goal is to collect the most information and telemetry while surfacing alerts on what needs attention to reduce security risk and protect the applications, and do so in a way that doesn’t impact application performance,” she said.Both the workload scanning and attack path analysis features are available immediately to Lacework customers, the company said. Related content news Change Healthcare went without cyber insurance before debilitating ransomware attack In doing so, Change exposed itself not just to greater financial risk, but reputational damage too. By John Leyden May 07, 2024 5 mins Data Breach Ransomware news Citrix quietly fixes a new critical vulnerability similar to Citrix Bleed Much similar to Citrix-Bleed, the information disclosure bug was identified within NetScaler devices configured as gateway or virtual servers. By Shweta Sharma May 07, 2024 3 mins Vulnerabilities feature What is IAM? Identity and access management explained IAM is a set of processes, policies, and tools for controlling user access to critical information within an organization. By David Strom May 07, 2024 12 mins Identity Management Solutions IT Leadership Security news Most interesting products to see at RSAC 2024 Tools, platforms, and services that the CSO team recommends 2024 RSA Conference attendees check out. By CSO Staff May 07, 2024 12 mins RSA Conference Security PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe