Sold by: Fortinet Inc.Â
Deployed on AWS
Free Trial
AWS Free Tier
Lacework FortiCNAPP offers unmatched visibility and context to simplify and strengthen security, empowering teams to make the biggest impact with minimal effort and time.
Overview
Lacework FortiCNAPP empowers teams to quickly identify, prioritize, and remediate code vulnerabilities, cloud misconfigurations, and overprivileged identities more efficiently, safeguard business continuity through rapid detection, investigation, and resolution of active threats like compromised credentials, streamline security operations, to do more with less, while maintaining the highest security standards and continuously comply with evolving regulations and industry best practices.
Our data-driven platform never stops learning. It automatically visualizes complex relationships between entities, events, and vulnerabilities, correlates build and runtime data for deeper insights and uses patented analytics to understand normal behavior within your environment. It notifies you to significant changes and provides highly actionable alerts, all without requiring you to create and maintain static, rigid rules.
Whether your applications run in a single cloud, across multiple clouds, in a hybrid environment, or use containers and Kubernetes, Lacework FortiCNAPP delivers the right alerts to the right people at the right time to protect your applications, data and business.
Lacework is a more comprehensive alternative to products from companies like Palo Alto Networks, Wiz, Aqua, Orca, Snyk, Sysdig, and CrowdStrike and offers key features such as:
CODE SECURITY - Lacework FortiCNAPP offers integrated code security with SCA, SAST, and IaC security. It continuously monitors runtime application behavior to identify active, exploitable vulnerable packages versus inactive ones with lower risk.
CSPM/KSPM - Lacework FortiCNAPP provides robust CSPM and KSPM to ensure cloud service usage aligns with regulatory guidelines and best practices like CIS Benchmarks for AWS and AWS FSBP. To help prioritize risks, Lacework FortiCNAPP attack path analysis visualizes how attackers could exploit misconfigurations, showing the interconnected risks of a host or container, such as internet exposure, critical vulnerabilities, misconfigurations, exposed secrets, and privileged IAM roles.
CIEM - Lacework FortiCNAPP provides Cloud Infrastructure Entitlement Management (CIEM) for complete visibility into AWS IAM users, groups, roles, policies, entitlements, and machines (EC2). It automatically discovers identities, assesses net-effective permissions, and highlights excessive ones by comparing granted and used permissions.
BEHAVIOR ANALYTICS - Lacework FortiCNAPP continuously monitors AWS workloads for unusual behaviors, like compromises by comparing past and present states to detect anomalies. With over 100 patents, our approach ensures faster detection, quicker responses, and improved security.
COMPOSITE ALERTS - Lacework FortiCNAPP is unique in detecting early signs of active attacks by automatically correlating various alerts into a single, high-confidence composite alert. This alert provides detailed context and evidence of suspected attacks for further investigation. Lacework FortiCNAPP uses behavioral analytics, anomaly detection, in-house threat intelligence, and insights from AWS CloudTrail and GuardDuty to identify active attacks, including compromised credentials, ransomware and cryptojacking.
Contact AWSsales@fortinet.com for more information, a demo, or to discuss a private offer.
Are you concerned about the security of your cloud environment? Our expert cloud consulting services can help you implement security best practices, identify vulnerabilities, ensure compliance and protect your data from potential threats.
https://aws.amazon.com/marketplace/pp/prodview-bnqdxtusyye5qÂ
https://aws.amazon.com/marketplace/pp/prodview-ua74gq5f72fcqÂ
Highlights
- Gain comprehensive, continuous visibility into your AWS assets, applications, and users, enabling you to identify, measure, prioritize, and address associated risks faster and more efficiently
- Ensure business continuity by rapidly detecting, investigating, and resolving active attacks - such as compromised credentials, ransomware, and crypto-jacking to protect critical applications, services, and data
- Do more with less by streamlining security processes while maintaining high standards. Reduce cloud security costs by consolidating multiple siloed tools into a single platform and improve time-to-value with automated, easy-to-deploy and DevOps-friendly cloud security at scale
Details
Unlock automation with AI agent solutions
Fast-track AI initiatives with agents, tools, and solutions from AWS Partners.
Features and programs
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Free trial
Try this product free according to the free trial terms set by the vendor.
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/12 months |
|---|---|---|
Lacework Standard starter pack | Standard starter pack. Up to 500 vCPUs | $25,000.00 |
Lacework Pro starter pack | Pro starter pack. Up to 334 vCPUs | $25,000.00 |
Lacework Enterprise starter pack | Enterprise starter pack. Up to 250 vCPUs | $25,000.00 |
Vendor refund policy
No refunds
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA)Â .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Support
Vendor support
Fortinet FortiCare support offerings provide global support and deliver best-in-class support services. With FortiCare support, customers can be assured that their Fortinet security products are performing optimally and protecting their corporate assets. https://support.fortinet.comÂ
Let Fortinet cloud experts help you successfully adopt and operationalize Lacework FortiCNAPP to secure your hybrid and public cloud environments.
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By Fortinet Inc.
By One Identity
By Transmit Security
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Code Security
Integrated code security with Software Composition Analysis (SCA), Static Application Security Testing (SAST), and Infrastructure as Code (IaC) security with continuous runtime application behavior monitoring
Cloud Security Posture Management
Robust Cloud Service Posture Management (CSPM) and Kubernetes Security Posture Management (KSPM) with attack path analysis and visualization of interconnected infrastructure risks
Cloud Infrastructure Entitlement Management
Comprehensive visibility and assessment of AWS IAM users, groups, roles, policies, and machine entitlements with automatic discovery and excessive permission identification
Behavioral Analytics
Continuous monitoring of AWS workloads using advanced anomaly detection techniques with comparison of past and present states to identify unusual behaviors
Threat Correlation
Automated correlation of multiple security alerts into high-confidence composite alerts using behavioral analytics, anomaly detection, and threat intelligence from AWS CloudTrail and GuardDuty
Single Sign-On (SSO)
Supports automatic user synchronization across multiple directories with one-click access to corporate applications across on-premises and cloud environments
Multi-Factor Authentication
Provides diverse authentication methods including passwordless, passkeys, one-time passcodes, push notifications, biometric data, and security keys with real-time reporting capabilities
Identity Lifecycle Management
Enables role-based user provisioning with least-privileged access controls and automated user management workflows
Cloud Directory Services
Offers secure cloud-based directory management with web interface for managing users, authentication policies, and access controls
Security Integration
Supports pre-built authentication connectors with third-party web applications and integrations with cloud infrastructure platforms like AWS IAM, AWS SSO, Amazon Cognito, and Amazon EventBridge
Multi-Factor Authentication
Support for biometric authentication, FIDO standards, passwordless authentication, social logins, magic links, OTPs, and single sign-on across multiple authentication methods
Risk Detection Engine
Real-time fraud protection service analyzing hundreds of signals using machine learning to detect and prevent account takeover, session hijacking, device spoofing, and malicious bot attacks
Identity Verification
Advanced identity proofing using facial scans with liveness detection and government document validation for comprehensive identity verification
Authentication Protocols
Integration with open authentication protocols including OIDC and SAML for flexible and secure identity management
Contextual Policy Engine
Dynamic security profiling that continuously assesses trust levels and applies intelligent risk-based authorization decisions in real-time
Standard contract
No
No
Customer reviews
4
4 ratings
4 AWS reviews
|
140 external reviews
Star ratings include only reviews from verified AWS customers. External reviews can also include a star rating, but star ratings from external reviews are not averaged in with the AWS customer star ratings.
Asad M.
Proactive Trust Center, Fast AIQA—Needs Better Multi-Org Support
Reviewed on Oct 30, 2025
Review provided by G2
What do you like best about the product?
Safebase not only allows us to proactively address customer questions by providing relevant information from the Trust Center and the AIQA feature helps us rapidly turn around questionnaires we get rather than manually addressing all the questions.
What do you dislike about the product?
Safebase lacks the ability for multi-organizational support for larger enterprises and needs to remediate the issue of being able support larger organizations with subsidiaries under one umbrella.
What problems is the product solving and how is that benefiting you?
reducing friction during customer security reviews
Sai Tharun Kumar
Improving security insights has been helpful but inconsistent vulnerability tracking needs attention
Reviewed on Oct 29, 2025
Review from a verified AWS customer
What is our primary use case?
The major use case for Lacework FortiCNAPPÂ is for security.
I'm using it for security internally for my company.
What is most valuable?
The machine learning capability in Lacework FortiCNAPPÂ is used for threat detection.
Automated policy recommendation helps to improve my security measures in general.
I usually use certain policies in my workspace, like if there are some alerts or something.
Continuous compliance and security monitoring are good, but they need more improvement in the vulnerabilities part.
What needs improvement?
The vulnerability part is not systematically organized; it is all clumsy in the web UI, and it is not user-friendly.
Regarding improvements, the vulnerability part, recent changes with user management, and Fortinet IMÂ coming into place, which is not helpful at all because it cuts out the automation part, are the most important things.
Lacework FortiCNAPP should have a new clean UI and ease of access for the users as that should be the main concern.
There are limitations regarding the scalability of Lacework FortiCNAPP.
There are also more limitations with integrations like GitHub or any other pipeline, CI/CD, or ISD.
It is glitchy and works well only sometimes, and most of the time, the reports or other things are not properly calculated or circulated with the teams.
For how long have I used the solution?
I have been using Lacework FortiCNAPP for about two years.
What do I think about the stability of the solution?
The threat response time is good; we haven't faced any major threats as of now.
What do I think about the scalability of the solution?
There are limitations regarding the scalability of Lacework FortiCNAPP.
How are customer service and support?
Technical support from Fortinet is good; I get feedback and responses quickly.
How was the initial setup?
The installation of Lacework FortiCNAPP is quite complicated, especially regarding the settings.
We face some issues with troubleshooting the settings.
Which other solutions did I evaluate?
I see some big differences between Lacework FortiCNAPP and Microsoft.
The ease of access is better with Lacework FortiCNAPP, while Microsoft is more complex.
What other advice do I have?
I'm not aware of the pricing because I've seen it with my lead.
If I do these integrations, I see some impact on the DevSecOps workflow.
The integrations, like with GitHub , help with alerts directly over there.
The positive impacts I see from Lacework FortiCNAPP are majorly regarding security itself, but it has a long way to improve; there are many things to improve, and I have had many connects with the team to provide my feedback and requirements.
The review rating for Lacework FortiCNAPP is 6.
Which deployment model are you using for this solution?
Private Cloud
Biotechnology
A super easy process, from procurement to implementation
Reviewed on Sep 22, 2025
Review provided by G2
What do you like best about the product?
The platform is intuitive with minimal onboarding training required for Admins. The solution operates well out of the box and the Safebase team (shoutout to Crystal and Antonio) are communicative and highly available to help.
What do you dislike about the product?
Some platform behaviors and information are not fully customizable.
What problems is the product solving and how is that benefiting you?
Putting compliance information in the hands of the customer is what safebase solves. We are able to answer questions more easily with the content on our trust center and hopefully will see fewer questionnaires submitted.
Pradeep K.
Safebase Product Review
Reviewed on Aug 18, 2025
Review provided by G2
What do you like best about the product?
The ease of securely sharing documentation—with audit trails and granular access controls for different sets of users—has significantly streamlined our process. It eliminated the need for back-and-forth emails, while offering clear visibility into key metrics such as number of views and downloads. I would recommend this solution without hesitation; it's a true value-add for any organization. The trust, support, and partnership we’ve experienced ensure that product-related queries are addressed quickly and effectively. I truly appreciate this strong, customer-centric culture.
What do you dislike about the product?
There are always certain thoughts that come into play and we wanted them as feature, especially when it comes to prioritizing them. However, what seems to be good in the context of Safebase—is a clear mechanism or option to mark these as feature requests is available although it takes time (high-priority) items that require immediate attention
What problems is the product solving and how is that benefiting you?
Lack of Centralized Trust Information:
Solves the problem of scattered documentation by providing a single, centralized trust center.
Inefficient Customer Trust Communication:
Provides a transparent and automated way to share security posture, reducing back-and-forth emails.
Time Delays in Sales Cycles Due to Security Approvals:
Speeds up the sales process by proactively addressing customer security concerns upfront.
No Visibility into Who Accessed Security Docs:
Tracks who viewed or downloaded which documents, improving oversight and auditability.
Solves the problem of scattered documentation by providing a single, centralized trust center.
Inefficient Customer Trust Communication:
Provides a transparent and automated way to share security posture, reducing back-and-forth emails.
Time Delays in Sales Cycles Due to Security Approvals:
Speeds up the sales process by proactively addressing customer security concerns upfront.
No Visibility into Who Accessed Security Docs:
Tracks who viewed or downloaded which documents, improving oversight and auditability.
Joellene B.
Helpful and responsive
Reviewed on Aug 06, 2025
Review provided by G2
What do you like best about the product?
SafeBase continues to be one of my favorite platforms to use on a daily basis. Its suite of tools—AIQA, the Knowledge Base, and the Security Portal—provides significant value to our customers and our internal teams alike. On top of that, the support from the SafeBase team has always been exceptional.
Crystal Culver, our Customer Success contact, has been instrumental in our success with the platform. She is consistently helpful, highly responsive, and always in the loop on internal updates—whether it's new features, tools, or upgrades to existing tools. I particularly appreciate her efforts in getting us early access to beta programs that are relevant to our needs. Her proactive communication and expertise make it seem like we are the most important customer in SafeBase's book of business.
Crystal Culver, our Customer Success contact, has been instrumental in our success with the platform. She is consistently helpful, highly responsive, and always in the loop on internal updates—whether it's new features, tools, or upgrades to existing tools. I particularly appreciate her efforts in getting us early access to beta programs that are relevant to our needs. Her proactive communication and expertise make it seem like we are the most important customer in SafeBase's book of business.
What do you dislike about the product?
I wouldn't call it a dislike; however, it would be helpful to have a way to send documents within the portal to a customer contact as PDF's that are watermarked for their specific company when there is apprehension to logging into a portal.
What problems is the product solving and how is that benefiting you?
SafeBase has been instrumental in centralizing the documentation that our customers and prospects frequently request during contract negotiations and renewals. The Knowledge Base feature streamlines our workflow by storing and surfacing responses to commonly asked questions, significantly reducing the time spent on repetitive tasks. As a small team, we’ve found the AIQA tool especially valuable—it continues to evolve and has meaningfully accelerated the completion of our security questionnaires from start to finish.