Cloud security vendor Lacework this week announced the availability of a cloud-native application protection platform (CNAPP) for its broader Polygraph Data Platform offering, providing an agentless, low-touch option for organizations looking to improve their application security posture.There are two main components to the CNAPP release, according to Lacework, both of which require only that the user connect their cloud accounts with Lacework\u2019s apparatus. The first is attack path analysis, which uses Lacework\u2019s systems to analyze configurations, network topography and more to provide a visual representation of possible ways in which bad actors could compromise application workloads. The system searches for misconfigurations, open network access, identity management roles and known software vulnerabilities to create its diagnosis.Lacework's CNAPP creates its own SBOMThe other main part of Lacework\u2019s release is agentless workload scanning. This uses snapshot analysis of what\u2019s going on in container images, hosts and libraries to create its own software bill of materials (SBOM) for a given environment. According to the company, this provides users with a deeper understanding of what\u2019s going on in their cloud environment and highlights possible risks, and the agentless nature of the system means that there should be no performance impact on the user\u2019s cloud applications.It also makes the workload scanning system simpler to implement, according to ESG senior analyst Melinda Marks. While agentless scanning doesn\u2019t allow for the kind of continuous, up-to-the-second monitoring provided by agent-based systems, the ease of use and smaller footprint are bigger considerations for many organizations.\u201cThe ability to connect workloads without having to install agents enables broader coverage, which is important, thanks to the ephemeral nature of workloads,\u201d she said. \u201cIt\u2019s more efficient and more feasible than installing agents and being limited with monitoring only workloads with the agents installed.\u201dAgentless scanning, according to Marks, is arguably the bigger deal for enterprise customers, given the flexibility and ease of use. Currently, the market for this type of application security is a patchwork, with vendors making the case for their proprietary technology, whether that\u2019s agentless or not.\u201cThe goal is to collect the most information and telemetry while surfacing alerts on what needs attention to reduce security risk and protect the applications, and do so in a way that doesn\u2019t impact application performance,\u201d she said.Both the workload scanning and attack path analysis features are available immediately to Lacework customers, the company said.