Lacework’s visibility enhancements give businesses real time insight into resource inventory
Lacework announced a range of visibility updates to its platform headlined by Continuous Threat Exposure Management (CTEM).
These advancements provide customers with continuous visibility, real-time threat detection, and streamlined vulnerability management for cloud-native applications.
Continuous Threat Exposure Management (CTEM)
The Lacework platform’s CTEM functionality offers continuous visibility into cloud resources, delivering event-driven architecture. This technology allows security teams to detect and manage risks in real time, reducing the mean time to remediate and enhancing overall security posture.
Empowering teams to innovate safely with CTEM
“When it comes to cloud security, our vision centers around platform–not point–solutions. Lacework is committed to empowering organizations to innovate rapidly while maintaining the highest standards of security,” said Adam Leftik, Lacework VP of Product. “Our CTEM and enhanced code security features are designed to complement each other and provide a holistic view of security threats, enabling teams to respond with speed and precision.”
Enhanced Code Security features
The updated Lacework Code Security solution includes several innovative features designed to ensure comprehensive security throughout the application lifecycle:
Smart Fix: Integrated with the Software Composition Analysis (SCA) tools from Lacework, Smart Fix for third-party software streamlines remediation by automatically determining the optimal upgrade path for vulnerable dependencies at the package level. This dramatically reduces the workload for developers and enhances the security of cloud applications.
Secrets detection + static application security testing (SAST): Beyond SCA, new tools from Lacework now offer powerful detection capabilities that safeguard against potential breaches and leaks. SAST provides longer, more detailed code analysis by scanning compiled code for targeted application weakness exploitability as well as tracing the full path of untrusted data across call chains and control paths. From there, SAST customizes rules to meet specific codebase needs. Secrets detection, another new feature from Lacework, scans all text files (i.e. source code) in repositories to identify known patterns for dozens of different secrets types.
The Technical Alliance Program
To be the best cloud security platform, integration with a business’s cloud ecosystem is essential. For instance, the Lacework platform’s continuous visibility functionality is possible through its Amazon Web Services (AWS) integrations (specifically AWS Cloudtrail). The integrations enrich downstream security tooling with actionable insights to improve incident response, integrate with DevOps tools to embed security in the SDLC, and provide custom security analytics, reporting, and data routing.
This enables developers – like those at Buildkite – to build with security in mind and safely innovate. For these reasons, Lacework is launching its Technical Alliance Program to enable companies to build, certify, and co-sell integrations for the Lacework platform. Interested partners can send an email to [email protected] or reach out to their account manager to register.
A platform solution for today’s threats
The integrated platform offered by Lacework not only identifies and prioritizes vulnerabilities, but also provides evolving insight into threat detection, an approach that is crucial for development and security teams. These new visibility enhancements allow Lacework customers to benefit from deeper insights into threat potential, enabling them to prioritize vulnerabilities more intelligently based on actual runtime exposure data.
The unified platform approach ultimately allows for a more effective allocation of resources and faster resolution of potential threats, ensuring that applications are both secure and compliant with industry standards.
source: HelpNetSecurity
Free security scan for your website
Top News:
Microsoft 365 outage impacts Exchange Online, Teams, Sharepoint
November 25, 2024Download: CIS Critical Security Controls v8.1
August 8, 2024CWE top 25 most dangerous software weaknesses
November 21, 2024APT-K-47 Uses Hajj-Themed Lures to Deliver Advanced Asyncshell Malware
November 23, 2024Chinese APT Gelsemium Targets Linux Systems with New WolfsBane Backdoor
November 21, 2024