Lacework and Securiti Ally to Better Secure Data
Lacework and Securiti today announced they are partnering to integrate their respective data security posture management (DSPM) and cloud-native application protection platforms (CNAPP).
Adam Leftik, vice president of product for Lacework, said that the alliance will make it simpler for Lacework customers to secure sensitive data in a way that provides more context. The Lacework CNAPP is based on Polygraph, an engine that makes use of machine learning algorithms to identify potential attack paths and other related cybersecurity issues.
By incorporating data sensitivity tags into risk models, security teams can better understand attack paths to prioritize remediation efforts. That capability also makes it easier to understand the scope of the blast radius when there is a breach.
Nikhil Girdhar, senior director for data security products at Securiti, said the Data Command Center provided by Securiti makes it simpler to apply policies and respond to threats effectively by providing an understanding of the sensitivity of the data at risk. The Data Command Center requires a platform capable of analyzing the risks attached to petabytes of data that many organizations now need to secure.
Both Lacework and Securiti make use of software-as-a-service (SaaS) platforms that can be integrated via application programming interfaces (APIs). The result is an integrated offering that is capable of tracking data flows across runtime environments, noted Gardner.
Data is often copied and moved between various classes of repositories with little to no regard for the regulations that might apply. Cybersecurity and compliance teams that are tasked with minimizing risks to the business traditionally had little to no visibility into where sensitive data resides in applications and repositories. The volume of data that needs to be identified and classified far exceeds the ability of any organization to track manually.
Integrating a DSPM platform with a CNAPP also promises to reduce the integration costs that organizations would otherwise encounter when trying to integrate these platforms themselves.
It’s not clear how quickly CNAPP and DSPM platforms are being adopted, but as cyberattacks become more sophisticated, there is a clear need for an approach to cybersecurity that is squarely focused on protecting data. In addition, a wave of more stringent regulations is holding organizations more accountable than ever for data security.
At the same time, organizations are clearly more sensitive to costs. Even though threats are increasing in volume and sophistication, there is more pressure being applied to streamline cybersecurity workflows in ways that improve security while simultaneously reducing costs.
It may take some time and effort for cybersecurity teams to achieve those twin goals, but in the meantime, business leaders want to better understand the overall level of risk the organization faces. After years of funding cybersecurity investments, business leaders are trying to better understand if the overall level of cybersecurity risk is declining or increasing using a consistent set of metrics.
Naturally, any effort to measure the effectiveness of cybersecurity is going to begin and end with how much data has been compromised. The challenge is the need to first put platforms in place that enable cybersecurity teams to assess the level of risk to that data using a set of consistent metrics that business leaders can easily comprehend.
