February 2024 Platform Releases

Generally Available

• Support for detecting vulnerabilities on Microsoft Windows Servers - You can install Lacework Windows agent v1.7.2 or later on your Microsoft Windows Server hosts to proactively identify and take action on operating system and application software vulnerabilities.

  For information on the Windows Server OS and application software versions for which vulnerability detection is supported, see Supported Windows Operating Systems and Applications.

  You can use the Host Vulnerabilities page on the Lacework Console to do the following:

  • View operating system and application software vulnerabilities on your Microsoft Windows Server hosts.

  • Prioritize fixing the critical and high risk vulnerabilities before fixing other vulnerabilities.

  • Know the Microsoft KB article or application software version you can install to fix a vulnerability.

  • Know whether you must reboot a Windows Server host after you fix a vulnerability.

  • Know whether Windows Server Update Services (WSUS) is disabled on your host. Lacework recommends enabling WSUS to protect your host from vulnerabilities.

  • Know whether you must upgrade a Windows Server host OS to ensure accurate vulnerability detection. Lacework does not support vulnerability detection on Windows Server 2012 R2 versions older than April 2016.

    note

    • Agentless Workload Scanning does not support host vulnerability assessment on Windows Server hosts. You must install the Lacework Windows agent to enable host vulnerability assessment on Windows Server hosts.
    • Active package detection is not supported on Windows Server hosts.
    • The lacework vulnerability host command is not supported on Windows Server hosts.

• Two additional configuration options for Kubernetes Compliance integrations - Two new configuration options have been added when integrating your Kubernetes cluster:

  • clusterAgent.proxyUrl - Configure the Cluster Collector to use a network proxy by setting the proxy server URL and port. The Cluster Collector will use the laceworkConfig.proxyUrl option first (if it has been set).
  • clusterAgent.hostNetworkAccess - Configure the Cluster Collector pod to have access to the host network (in case of strict pod network policies).

• The Lacework Security in Jira integration for Vulnerability Management is now available in all geographic locations - This feature is also now generally available. See Integrate Lacework with Security in Jira to get started.

• Active Package Detection (Code Aware Agent) is now generally available - Active Package Detection enables you to identify active and inactive packages in your environment through our Code Aware Agent, which in turn enables Active Vulnerability Detection.

• Identity management - The Lacework identity management feature provides you with the visibility and context to understand your cloud identity architectures and right-size cloud permissions to achieve least privilege goals.

  Access identity management capabilities through the top-level Identities menu item in the left navigation. Identities has three pages:

  • The Overview page provides a consolidated view of identity metrics, including excessive privileges, active keys older than 180 days, and total number of user accounts. Additional categories of metric trends include high risks, low usage, identity activity, and identity compliance.
  • The Top identity risks page helps you prioritize what to fix first by providing a list of the greatest identity risks in your environment.
  • The Explorer page provides a list of identities and summary information. From here, you can drill down into identity details such as access grants and identity transitions, for example, you can see which user can assume which roles. You can also get remediation suggestions and rationale for fixing identity issues and even add exceptions to specific risks. The Explorer page also lets you view identity policies.

• Transit gateway support added to attack path analysis - The Path investigation page indicates when an entity in the attack path is connected to a cross account. A cross account exists if a cloud entity in one account is exposed to the internet and the transit gateway allows traffic to another account. The Exposure Polygraph includes a new node for transit gateways and tabular details provide the cross account name in context of any connected entities.

• New composite alert - The Potentially compromised Kubernetes user alert will be triggered when there Lacework detects evidence suggesting potentially compromised Kubernetes user credentials.

• Support for detecting active and inactive Rust packages on hosts and containers - The Lacework platform can now detect active and inactive Rust packages on hosts and containers if you do the following:

  • Install Linux agent v6.12 or later on hosts or containers.
  • Enable active package detection for the agent. For more information, see How do I enable active package detection?
  • Enable Agentless Workload Scanning on the hosts.

  This enables you to know whether a vulnerable Rust package is being used by an application and prioritize fixing active vulnerable packages first. Use the Package status filter in the Host Vulnerabilities page and Container Vulnerabilities page to see active or inactive vulnerable Rust packages on hosts and containers. See Host Vulnerability - Package Status for details.

Documentation Updates

• Improvements to the Compliance Frameworks documentation - All current Compliance Framework documentation (for example: CIS AWS 1.4.0 Benchmark) has been improved to include additional information in the policy mapping tables.