Attack Path Analysis Overview
Attack paths for identities are currently in preview.
About Attack Paths
By combining exposure path visualizations with data about what’s actively happening in production, the Lacework Polygraph® Data Platform empowers you to easily prioritize the most impactful attack vectors in your cloud environment. You can easily and accurately pinpoint risks, collaborating across teams to investigate and remediate from a single source of truth.
Attack path analysis is essential to uncovering and preventing malicious behavior. With these new capabilities, Lacework helps you track which assets an attacker could target when they enter a cloud environment.
Lacework leverages our platform to show possible attack paths within a cloud environment by correlating multiple risk factors - vulnerabilities, network reachability, secrets, and identity and access management (IAM) roles - from sources including configuration data, activity data, and runtime data. Lacework uses this information to create Exposure Polygraphs to tie together risk factors to illustrate potential attack chains to assets in your cloud environment. Lacework generates Exposure Polygraphs if critical vulnerabilities are associated with a cloud asset and they are exposed to the internet.
Requirements
Recommended
To take full advantage of Lacework capabilities, integrate all of the following:
- Cloud configuration integration (AWS, Google Cloud) - Provides compliance violations.
- Log analysis integration (AWS CloudTrail, Google Cloud Audit Trail) - Provides cloud log activity data.
- Lacework agents - Provide context from workload data and vulnerabilities where the Lacework agent is installed.
For AWS, Kubernetes agent collectors are required to view Kubernetes service attack paths. Read how to set up Kubernetes agent collectors. - Agentless workload scanning (AWS, Google Cloud) - Provides vulnerabilities and secrets.
Minimum
Attack path analysis requires:
- Configuration integration (AWS, Google Cloud) - Provides compliance violations.
Plus one of the following:
- Lacework agents - Provide context from workload data and vulnerabilities where the Lacework agent is installed.
For AWS, Kubernetes agent collectors are required to view Kubernetes service attack paths. Read how to set up Kubernetes agent collectors. - Agentless workload scanning (AWS, Google Cloud) - Provides vulnerabilities and secrets.
Limitations
AWS
- Exposure Polygraphs currently support EC2-backed services (Native EC2, ECS, and EKS) as the target of the path.
- Special network ACLs are not considered.
- IAM roles currently list only trust policies.
Google Cloud
- Attack paths for GKE do not support Kubernetes Ingress services.
Refresh Frequency
Lacework generates Exposure Polygraphs every 24 hours. The information is based on cloud configuration and the availability of asset information, which is ingested every 24 hours.