Skip to main content

Attack Path Analysis Overview

preview feature

Attack paths for identities are currently in preview.

About Attack Paths

Watch Video Summary >>

By combining exposure path visualizations with data about what’s actively happening in production, the Lacework Polygraph® Data Platform empowers you to easily prioritize the most impactful attack vectors in your cloud environment. You can easily and accurately pinpoint risks, collaborating across teams to investigate and remediate from a single source of truth.

Attack path analysis is essential to uncovering and preventing malicious behavior. With these new capabilities, Lacework helps you track which assets an attacker could target when they enter a cloud environment.

Lacework leverages our platform to show possible attack paths within a cloud environment by correlating multiple risk factors - vulnerabilities, network reachability, secrets, and identity and access management (IAM) roles - from sources including configuration data, activity data, and runtime data. Lacework uses this information to create Exposure Polygraphs to tie together risk factors to illustrate potential attack chains to assets in your cloud environment. Lacework generates Exposure Polygraphs if critical vulnerabilities are associated with a cloud asset and they are exposed to the internet.

Requirements

To take full advantage of Lacework capabilities, integrate all of the following:

Minimum

Attack path analysis requires:

  • Configuration integration (AWS, Google Cloud) - Provides compliance violations.

Plus one of the following:

Limitations

AWS

  • Exposure Polygraphs currently support EC2-backed services (Native EC2, ECS, and EKS) as the target of the path.
  • Special network ACLs are not considered.
  • IAM roles currently list only trust policies.

Google Cloud

  • Attack paths for GKE do not support Kubernetes Ingress services.

Refresh Frequency

Lacework generates Exposure Polygraphs every 24 hours. The information is based on cloud configuration and the availability of asset information, which is ingested every 24 hours.

Video Summary