Lacework has added a new vulnerability risk management capability to its cloud-native application protection.
The new offering will combine active package detection, attack path analysis, and in-house data on active exploits to generate personalized vulnerability risk scores.
Lacework takes a risk-based approach that goes beyond a CVSS and looks at each customer’s unique environment, to figure out what packages are active, whether that host is exposed to the internet, whether there are exploits in the wild and other factors. Customers can tweak the weightage of these factors to align with their internal security guidelines and prioritize patching based on the scores.
The scoring focuses on workflow context received from the cloud control panel, which indicates if the workload is being actively used in a private environment, production environment, development system, or business-critical process.
Lacework’s active vulnerability detection provides visibility into the actual packages being used by security teams and can also eliminate the added workload with software bloats.
Lacework claims the discovery of attack paths to Kubernetes-based applications, including internet-exposed containers and open ports, to allow security teams to communicate context-based, Kubernetes-related exposures to developers.
With the new risk-based vulnerability scores, Lacework claims it can help reduce 90% of vulnerability noise to help zero in on the most critical issues. The is already available to the public through Lacework’s CNAPP for no added price on the subscription.