New risk-based vulnerability score reduces 90% of vulnerability noise so customers can prioritize fixing what matters most
Leading up to RSA Conference 2023, Lacework, the data-driven cloud security company, announced the expansion of its cloud-native application protection platform (CNAPP) capabilities with an industry-first vulnerability risk management technology. By combining active package detection, attack path analysis, and active exploit data from Lacework Labs and curated feeds, Lacework generates personalized risk scores based on a customer’s unique cloud environment. This allows organizations to reduce up to 90% of vulnerability noise and quickly prioritize fixing the vulnerabilities that matter most.
The new risk-based score is made possible with the Lacework agent, which now automatically detects active vulnerable packages, saving organizations from spending time upgrading unused dependencies caused by software bloat. This in-depth understanding of the customer’s unique environment, together with innovative research and exploit intelligence, produces custom risk-based vulnerability scores that fit each customer’s business scenarios. This provides organizations with context that enables them to focus on the 10% of NVD critical vulnerabilities that truly pose a risk to their business, freeing up resources for developer innovation without sacrificing security.
CIO INFLUENCE News: Netwrix Annual Security Survey: 68% of Organizations Experienced a Cyberattack within the Last 12 Months
“One of our biggest cloud security challenges is getting the visibility and context we need to prioritize risks across our environment. With this innovation from Lacework, we can now provide developers with just a handful of work items that need their attention. They will no longer waste time on vulnerabilities that do not pose a risk,” said Zachary Rohrbach, Staff Security Engineer at Quickbase. “Beyond increasing our efficiency, this will also help build trust between our development and security teams.”
Another core component of the new risk-based score is internet exposure from attack path analysis which Lacework introduced last year. Today, Lacework is announcing expanded attack path analysis capabilities to more efficiently prioritize work items and protect data. This functionality also means organizations can innovate with both speed and safety. New capabilities include:
- Top risk dashboard:Â Lacework provides immediate visibility into the top risks across multiple risk domains, including exposed secrets and attack paths to critical data assets. New active vulnerability detection is leveraged to prioritize these findings.
- Kubernetes context:Â Lacework discovers attack paths to Kubernetes-based applications, including internet-exposed services and open ports. Security teams can utilize this context to efficiently communicate Kubernetes-related work items to developers.
CIO INFLUENCE News: Kaizen Analytix Achieves AWS Advanced Tier Consulting Partner Status, Further Augmenting Data Analytics Offering
“As cybersecurity increasingly becomes an executive and board-level discussion, CISOs are looking for platforms which can provide comprehensive visibility across their cloud environment so they can take action against critical risks quickly,” said Sowmya Karmali, Director of Product Management, Lacework. “Our customers can’t afford to spend time fixing inactive vulnerabilities in their environment. With our deep understanding of each customer’s cloud environment and our novel approach to vulnerability risk management, Lacework is the only CNAPP that can help customers increase operational efficiency and better prioritize cloud security risks through visibility and context.”
CIO INFLUENCE News: 2023 PCI Guide from SecurityMetrics Outlines the New PCI 4.0 Standard and Latest Security Trends
[To share your insights with us, please write to sghosh@martechseries.com]
