Description
This article describes how Lacework FortiCNAPP Explorer enables security teams to identify and mitigate toxic combinations within cloud environments. Toxic combinations occur when risks such as internet exposure, vulnerabilities, secrets, and excessive permissions converge, significantly increasing the potential for lateral movement and unauthorized access to critical assets. This article also explains how graph visualizations provide clarity in understanding these risks and prioritizing remediation.
Lacework Explorer now known as FortiCNAPP Lacework Explorer and check out this earlier article about Explorer’s ability to help our users discover and mitigate identity sprawl.
At Fortinet, this is called a toxic combination—a dangerous mix of misconfigurations, vulnerabilities, and excessive permissions that attackers exploit to escalate their access. Lacework FortiCNAPP Explorer helps uncover these hidden paths with interactive graph visualizations, enabling teams to identify and mitigate risks before they are exploited.
Scope
Lacework FortiCNAPP Explorer offers features to identify and visualize toxic combinations of risks across cloud environments. The features focus on:
- Internet Exposure: Detecting compute instances and resources exposed to the public internet.
- Active Vulnerabilities: Identifying exploitable packages actively running on these exposed instances.
- Exposed Secrets: Highlighting SSH private keys or credentials that could enable lateral movement.
- Over-Provisioned Identities: Pinpointing excessive permissions that allow access to sensitive assets like RDS databases and S3 buckets.
Explorer's interactive graphs go beyond traditional security tools by connecting these signals to provide a clear, actionable visualization of how risks interact across the environment.
Solution
Lacework Explorer in Action:
Explorer transforms static alerts into an interconnected view of risk, helping security teams understand and prioritize what truly matters.
Toxic Combination in Action:
- Internet Exposure
A compute instance is directly exposed to the internet, increasing its risk of exploitation.
- Active Vulnerabilities
Thanks to the Lacework agent, FortiCNAPP can detect vulnerable packages that are active on the instance, meaning it is more likely to get exploited in real-time—a clear threat signal that demands attention.
- Exposed Secrets.
Explorer's graph reveals that the same instance has an SSH private key exposed. This key can grant unauthorized access to two other instances in the environment, allowing an attacker to laterally move into other areas of the enterprise
- Over-Provisioned Identities leading to crown jewels.
To make matters worse, the same instance has an over-provisioned IAM role, giving it access to critical resources like RDS databases and S3 buckets. This escalates the blast radius significantly, putting sensitive data at risk.
Visualizing the Threat: Why the graph matters.
The Lacework FortiCNAPP Explorer consolidates these risk factors into an interactive graph visualization, providing:
- Identification of Attack Paths: Visualizing the connections between risks, such as how exposed instances lead to sensitive resources.
- Contextual Risk Analysis: Understanding the overall impact and severity of interconnected risks.
- Prioritization: Focusing remediation efforts on risks that have the greatest potential impact.
Why This Matters:
Traditional tools often isolate risk signals, such as vulnerabilities or misconfigurations, making it difficult to understand their combined effect. Lacework FortiCNAPP Explorer connects these dots, helping security teams identify and address toxic combinations efficiently.
Turn Insights Into Action:
The Lacework FortiCNAPP Explorer provides an advanced approach to analyzing risks in cloud environments by visualizing interconnected vulnerabilities, secrets, and permissions. This capability enables better prioritization and faster remediation of critical threats, ultimately enhancing the security posture of cloud deployments.
Start exploring with Lacework FortiCNAPP today.
