Cloud security vendor Lacework this week announced the availability of a cloud-native application protection platform (CNAPP) for its broader Polygraph Data Platform offering, providing an agentless, low-touch option for organizations looking to improve their application security posture.
There are two main components to the CNAPP release, according to Lacework, both of which require only that the user connect their cloud accounts with Lacework’s apparatus. The first is attack path analysis, which uses Lacework’s systems to analyze configurations, network topography and more to provide a visual representation of possible ways in which bad actors could compromise application workloads. The system searches for misconfigurations, open network access, identity management roles and known software vulnerabilities to create its diagnosis.
Lacework’s CNAPP creates its own SBOM
The other main part of Lacework’s release is agentless workload scanning. This uses snapshot analysis of what’s going on in container images, hosts and libraries to create its own software bill of materials (SBOM) for a given environment. According to the company, this provides users with a deeper understanding of what’s going on in their cloud environment and highlights possible risks, and the agentless nature of the system means that there should be no performance impact on the user’s cloud applications.
It also makes the workload scanning system simpler to implement, according to ESG senior analyst Melinda Marks. While agentless scanning doesn’t allow for the kind of continuous, up-to-the-second monitoring provided by agent-based systems, the ease of use and smaller footprint are bigger considerations for many organizations.
“The ability to connect workloads without having to install agents enables broader coverage, which is important, thanks to the ephemeral nature of workloads,” she said. “It’s more efficient and more feasible than installing agents and being limited with monitoring only workloads with the agents installed.”
Agentless scanning, according to Marks, is arguably the bigger deal for enterprise customers, given the flexibility and ease of use. Currently, the market for this type of application security is a patchwork, with vendors making the case for their proprietary technology, whether that’s agentless or not.
“The goal is to collect the most information and telemetry while surfacing alerts on what needs attention to reduce security risk and protect the applications, and do so in a way that doesn’t impact application performance,” she said.
Both the workload scanning and attack path analysis features are available immediately to Lacework customers, the company said.