Lacework Adds Custom Risk Scoring Capability to CNAPP
Lacework today announced it has added a risk vulnerability scoring capability to its cloud-native application protection platform (CNAPP) that can be customized to a specific cloud computing environment. Lacework also announced it has expanded its attack path analysis capabilities to add support for Kubernetes.
Kate MacLean, senior director of product marketing for Lacework, said this capability analyzes the package detection, attack path analysis and exploit data the Lacework agent collects with curated feeds of known vulnerabilities to generate a risk score for each unique instance of a cloud computing environment.
That approach enables cybersecurity teams to better prioritize which vulnerabilities, including exposed secrets, to remediate first because they have been found in software packages that are actually running, she said. In addition, it also dramatically reduces the number of alerts that would otherwise be generated, MacLean noted.
Alert fatigue has become a major cybersecurity challenge among organizations that have a limited number of cybersecurity personnel. Every minute spent tracking down an alert that proves to be a false alarm is that much less time that can be spent on thwarting an actual attack or helping to remediate a vulnerability.
In fact, one of the primary reasons that organizations don’t add additional cybersecurity platforms is that they often only serve to generate more alerts to the existing cacophony of alerts that overwhelm cybersecurity teams.
Less clear, however, is the pace at which organizations are embracing CNAPP to centralize the management of cybersecurity in the cloud era. Lacework is making a case for a CNAPP that leverages machine learning algorithms to enable cybersecurity teams to better secure cloud computing environments. That’s critical because, in addition to being short-handed, many cybersecurity teams have limited cloud computing expertise.
It’s still early days in terms of how machine learning algorithms and other forms of artificial intelligence (AI) will be applied to cybersecurity, but as algorithms are exposed to more data, the number of tasks that can be automated will steadily grow. Each of those advances collectively serves to improve the productivity of cybersecurity teams. Of course, cybercriminals are also starting to leverage AI to launch sophisticated attacks. In effect, cybersecurity teams are now involved in an AI arms race with cybercriminals with abundant financial resources.
In the meantime, the number of workloads being deployed in the cloud is only going to increase. The challenge is that securing these environments is fundamentally different than securing existing on-premises IT environments. Providers of cloud services will secure the infrastructure they provide, but the responsibility for securing applications that run on those platforms falls to the organization that deployed them. On the plus side, however, CNAPPs present an opportunity to consolidate the management of cybersecurity functions that previously were isolated. That approach should reduce the total cost of cloud security compared to the cost of securing on-premises IT environments with a combination of point products that cybersecurity teams need to integrate.
One way or another, securing cloud computing environments will require a different approach that should ultimately result in more secure applications once all the nuances are appreciated and mastered.
