Skip to main content

Attack Path Analysis Overview

preview feature

This topic describes functionality that is currently in preview.

Overview

Watch Video Summary >>

By combining exposure path visualizations with data about what’s actively happening in production, the Lacework Polygraph® Data Platform empowers you to easily prioritize the most impactful attack vectors in your cloud environment. You can easily and accurately pinpoint risks, collaborating across teams to investigate and remediate from a single source of truth.

Attack path analysis is essential to uncovering and preventing malicious behavior. With these new capabilities, Lacework helps you track which assets an attacker could target when they enter a cloud environment.

Lacework leverages our platform to show possible attack paths within a cloud environment by correlating multiple risk factors - vulnerabilities, network reachability, secrets, and identity and access management (IAM) roles - from sources including configuration data, activity data, and runtime data. Lacework uses this information to create:

  • Exposure Polygraphs - Tie together risk factors to illustrate potential attack chains by being exposed to the internet.
  • Attack Path Polygraphs - Show detailed potential attack paths to assets in your cloud environment. Lacework generates these only if critical vulnerabilities are associated with a host instance, container image, RDS instance, or Kubernetes service and they are exposed to the internet.

Requirements

Minimum

Attack path analysis requires:

  • AWS configuration integration - provides compliance violations

Plus one of the following:

  • Lacework agents - provide context from workload data and vulnerabilities where the Lacework agent is installed Cluster Collector is required for Kubernetes service attack paths. (To set up Kubernetes agent collectors, follow the steps in Deploy Linux Agent on Kubernetes.)
  • AWS agentless workload scanning - provides vulnerabilities and secrets

To take full advantage of Lacework capabilities and Exposure Polygraph and Attack Path Polygraph details, enable all of the following:

  • AWS configuration integration - provides compliance violations
  • AWS CloudTrail integration - provides CloudTrail activity data
  • Lacework agents - provide context from workload data and vulnerabilities where the Lacework agent is installed Cluster Collector is required for Kubernetes service attack paths. (To set up Kubernetes agent collectors, follow the steps in Deploy Linux Agent on Kubernetes.)
  • AWS agentless workload scanning - provides vulnerabilities and secrets

Refresh Frequency

Lacework generates Exposure Polygraphs and Attack Path Polygraphs every 24 hours. The information is based on cloud configuration and the availability of EC2 asset information, which is ingested every 24 hours.

Video Summary