Listing Thumbnail

    Fortinet Lacework FortiCNAPP

     Info
    Deployed on AWS
    Free Trial
    Lacework FortiCNAPP offers unmatched visibility and context to simplify and strengthen security, empowering teams to make the biggest impact with minimal effort and time.

    Overview

    Play video

    Lacework FortiCNAPP empowers teams to quickly identify, prioritize, and remediate code vulnerabilities, cloud misconfigurations, and overprivileged identities more efficiently, safeguard business continuity through rapid detection, investigation, and resolution of active threats like compromised credentials, streamline security operations, to do more with less, while maintaining the highest security standards and continuously comply with evolving regulations and industry best practices.

    Our data-driven platform never stops learning. It automatically visualizes complex relationships between entities, events, and vulnerabilities, correlates build and runtime data for deeper insights and uses patented analytics to understand normal behavior within your environment. It notifies you to significant changes and provides highly actionable alerts, all without requiring you to create and maintain static, rigid rules.

    Whether your applications run in a single cloud, across multiple clouds, in a hybrid environment, or use containers and Kubernetes, Lacework FortiCNAPP delivers the right alerts to the right people at the right time to protect your applications, data and business.

    Lacework is a more comprehensive alternative to products from companies like Palo Alto Networks, Wiz, Aqua, Orca, Snyk, Sysdig, and CrowdStrike and offers key features such as:

    CODE SECURITY - Lacework FortiCNAPP offers integrated code security with SCA, SAST, and IaC security. It continuously monitors runtime application behavior to identify active, exploitable vulnerable packages versus inactive ones with lower risk.

    CSPM/KSPM - Lacework FortiCNAPP provides robust CSPM and KSPM to ensure cloud service usage aligns with regulatory guidelines and best practices like CIS Benchmarks for AWS and AWS FSBP. To help prioritize risks, Lacework FortiCNAPP attack path analysis visualizes how attackers could exploit misconfigurations, showing the interconnected risks of a host or container, such as internet exposure, critical vulnerabilities, misconfigurations, exposed secrets, and privileged IAM roles.

    CIEM - Lacework FortiCNAPP provides Cloud Infrastructure Entitlement Management (CIEM) for complete visibility into AWS IAM users, groups, roles, policies, entitlements, and machines (EC2). It automatically discovers identities, assesses net-effective permissions, and highlights excessive ones by comparing granted and used permissions.

    BEHAVIOR ANALYTICS - Lacework FortiCNAPP continuously monitors AWS workloads for unusual behaviors, like compromises by comparing past and present states to detect anomalies. With over 100 patents, our approach ensures faster detection, quicker responses, and improved security.

    COMPOSITE ALERTS - Lacework FortiCNAPP is unique in detecting early signs of active attacks by automatically correlating various alerts into a single, high-confidence composite alert. This alert provides detailed context and evidence of suspected attacks for further investigation. Lacework FortiCNAPP uses behavioral analytics, anomaly detection, in-house threat intelligence, and insights from AWS CloudTrail and GuardDuty to identify active attacks, including compromised credentials, ransomware and cryptojacking.

    Contact AWSsales@fortinet.com  for more information, a demo, or to discuss a private offer.

    Are you concerned about the security of your cloud environment? Our expert cloud consulting services can help you implement security best practices, identify vulnerabilities, ensure compliance and protect your data from potential threats.

    https://aws.amazon.com/marketplace/pp/prodview-bnqdxtusyye5q 

    https://aws.amazon.com/marketplace/pp/prodview-ua74gq5f72fcq 

    Highlights

    • Gain comprehensive, continuous visibility into your AWS assets, applications, and users, enabling you to identify, measure, prioritize, and address associated risks faster and more efficiently
    • Ensure business continuity by rapidly detecting, investigating, and resolving active attacks - such as compromised credentials, ransomware, and crypto-jacking to protect critical applications, services, and data
    • Do more with less by streamlining security processes while maintaining high standards. Reduce cloud security costs by consolidating multiple siloed tools into a single platform and improve time-to-value with automated, easy-to-deploy and DevOps-friendly cloud security at scale

    Details

    Delivery method

    Deployed on AWS

    Unlock automation with AI agent solutions

    Fast-track AI initiatives with agents, tools, and solutions from AWS Partners.
    AI Agents

    Features and programs

    Financing for AWS Marketplace purchases

    AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
    Financing for AWS Marketplace purchases

    Pricing

    Free trial

    Try this product free according to the free trial terms set by the vendor.

    Fortinet Lacework FortiCNAPP

     Info
    Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
    Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator  to estimate your infrastructure costs.

    12-month contract (3)

     Info
    Dimension
    Description
    Cost/12 months
    Lacework Standard starter pack
    Standard starter pack. Up to 500 vCPUs
    $25,000.00
    Lacework Pro starter pack
    Pro starter pack. Up to 334 vCPUs
    $25,000.00
    Lacework Enterprise starter pack
    Enterprise starter pack. Up to 250 vCPUs
    $25,000.00

    Vendor refund policy

    No refunds

    How can we make this page better?

    We'd like to hear your feedback and ideas on how to improve this page.
    We'd like to hear your feedback and ideas on how to improve this page.

    Legal

    Vendor terms and conditions

    Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .

    Content disclaimer

    Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.

    Usage information

     Info

    Delivery details

    Software as a Service (SaaS)

    SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.

    Support

    Vendor support

    Fortinet FortiCare support offerings provide global support and deliver best-in-class support services. With FortiCare support, customers can be assured that their Fortinet security products are performing optimally and protecting their corporate assets. https://support.fortinet.com 

    Let Fortinet cloud experts help you successfully adopt and operationalize Lacework FortiCNAPP to secure your hybrid and public cloud environments.

    AWS infrastructure support

    AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.

    Product comparison

     Info
    Updated weekly
    By Transmit Security

    Accolades

     Info
    Top
    25
    In Cloud Governance
    Top
    100
    In Applications

    Customer reviews

     Info
    Sentiment is AI generated from actual customer reviews on AWS and G2
    Reviews
    Functionality
    Ease of use
    Customer service
    Cost effectiveness
    8 reviews
    Insufficient data
    4 reviews
    Insufficient data
    Insufficient data
    Insufficient data
    Positive reviews
    Mixed reviews
    Negative reviews

    Overview

     Info
    AI generated from product descriptions
    Code Security
    Integrated code security with Software Composition Analysis (SCA), Static Application Security Testing (SAST), and Infrastructure as Code (IaC) security with continuous runtime application behavior monitoring
    Cloud Security Posture Management
    Robust Cloud Service Posture Management (CSPM) and Kubernetes Security Posture Management (KSPM) with attack path analysis and visualization of interconnected infrastructure risks
    Cloud Infrastructure Entitlement Management
    Comprehensive visibility and assessment of AWS IAM users, groups, roles, policies, and machine entitlements with automatic discovery and excessive permission identification
    Behavioral Analytics
    Continuous monitoring of AWS workloads using advanced anomaly detection techniques with comparison of past and present states to identify unusual behaviors
    Threat Correlation
    Automated correlation of multiple security alerts into high-confidence composite alerts using behavioral analytics, anomaly detection, and threat intelligence from AWS CloudTrail and GuardDuty
    Single Sign-On (SSO)
    Supports automatic user synchronization across multiple directories with one-click access to corporate applications across on-premises and cloud environments
    Multi-Factor Authentication
    Provides diverse authentication methods including passwordless, passkeys, one-time passcodes, push notifications, biometric data, and security keys with real-time reporting capabilities
    Identity Lifecycle Management
    Enables role-based user provisioning with least-privileged access controls and automated user management workflows
    Cloud Directory Services
    Offers secure cloud-based directory management with web interface for managing users, authentication policies, and access controls
    Security Integration
    Supports pre-built authentication connectors with third-party web applications and integrations with cloud infrastructure platforms like AWS IAM, AWS SSO, Amazon Cognito, and Amazon EventBridge
    Multi-Factor Authentication
    Support for biometric authentication, FIDO standards, passwordless authentication, social logins, magic links, OTPs, and single sign-on across multiple authentication methods
    Risk Detection Engine
    Real-time fraud protection service analyzing hundreds of signals using machine learning to detect and prevent account takeover, session hijacking, device spoofing, and malicious bot attacks
    Identity Verification
    Advanced identity proofing using facial scans with liveness detection and government document validation for comprehensive identity verification
    Authentication Protocols
    Integration with open authentication protocols including OIDC and SAML for flexible and secure identity management
    Contextual Policy Engine
    Dynamic security profiling that continuously assesses trust levels and applies intelligent risk-based authorization decisions in real-time

    Contract

     Info
    Standard contract
    No
    No

    Customer reviews

    Ratings and reviews

     Info
    4.3
    3 ratings
    5 star
    4 star
    3 star
    2 star
    1 star
    33%
    33%
    33%
    0%
    0%
    3 AWS reviews
    |
    19 external reviews
    Star ratings include only reviews from verified AWS customers. External reviews can also include a star rating, but star ratings from external reviews are not averaged in with the AWS customer star ratings.
    Daniel S.

    The best OOBE and ease of use

    Reviewed on Jul 09, 2025
    Review provided by G2
    What do you like best about the product?
    The straight forward no hustle setup and maintenance
    What do you dislike about the product?
    Too easy to learn! my job will be obsolete soon
    What problems is the product solving and how is that benefiting you?
    one GUI to govern them all!
    Admin Department Rockholm Resort A.

    Firewall administator with FortiGate experience

    Reviewed on May 26, 2025
    Review provided by G2
    What do you like best about the product?
    User friendly
    Easy installation
    Customer Support
    What do you dislike about the product?
    Pricing and license cost
    Mac Binding in WiFi
    What problems is the product solving and how is that benefiting you?
    Load balancing
    Jose S.

    Best User - Friendly Security Features

    Reviewed on Feb 12, 2025
    Review provided by G2
    What do you like best about the product?
    - Even if you are novice on IT, you can manage / configure it
    - Easy to find documentation / forums to find any setting you need
    - Forti has a family of features / devices / services you can integrate it with to be able to expand the capabilities
    What do you dislike about the product?
    - Some advanced settings you must to do it on CLI
    - The logs are not easy to understand at first glance
    What problems is the product solving and how is that benefiting you?
    - IPsec VPN
    - InterVlan Routing
    - DPI
    - WebFilter
    - AD Integrated Security Features
    - DHCP
    - NTP Server
    - Network Policies
    reviewer2505699

    Helps to scan all of IAC scripts and configurations across our AWS and GCP environments

    Reviewed on Jun 17, 2024
    Review from a verified AWS customer

    What is our primary use case?

    We use the tool for two main purposes: vulnerability management and monitoring. We utilize it to scan all of our IAC scripts and configurations across our AWS and GCP environments. Additionally, we employ its agent to scan our compute nodes. This covers three main areas: cloud configuration, host systems, and IAC code, all essential for vulnerability management. We primarily focus on monitoring AWS CloudTrail to detect anomalous activities and risky behavior.

    What is most valuable?

    I find the cloud configuration compliance scanning mature. It generates a lot of data and supports major frameworks like ISO 27001 or SOC 2, providing reports and datasets. Another feature I appreciate is setting custom alerts for specific events. Additionally, I value the agent-based monitoring and scanning for compute nodes. It gives us deeper insights into our workloads and helps identify vulnerabilities across our deployed assets.

    One key aspect of the agent that stands out is its capability to distinguish between active and inactive packages on compute nodes. This feature reduces the number of actionable vulnerabilities by focusing on packages actively running in the environment rather than all installed packages.

    I noticed that it was quite noisy, with many alerts about things I wasn't particularly concerned about. However, over time, Lacework's anomaly detection improved by establishing baselines of normal activity. It now alerts us only when there are deviations from these baselines. Integrating with Slack was especially beneficial—I set up a dedicated Slack channel just for Lacework alerts. This allowed me to focus on the alerts that required attention.

    What needs improvement?

    The solution lacks a cohesive data model, making extracting the necessary data from the platform challenging. It uses its own LQL query language, and each database across different layers and modules is structured differently, complicating correlation efforts. Consequently, I had to create extensive custom reports outside Lacework because their default dashboards didn't communicate risk metrics. They're addressing these issues by redesigning their tools, including introducing the dashboard, which is a step closer to actionable insights but still needs refinement.

    Regarding reporting features, the ability to create granular custom alerts remains limited. For instance, I could only filter alerts by source or type rather than selecting alerts based on specific IDs. This lack of granularity in alert management and reporting customization is a notable drawback.

    For how long have I used the solution?

    I have been using the product for one and a half years. 

    What do I think about the scalability of the solution?

    The solution is scalable. I rate it a nine out of ten. 

    How are customer service and support?

    One thing I appreciated about Lacework was the support I received from their team. I regularly met with them to provide feedback on what worked well and what didn't in their modules. They took my feedback seriously, often implementing it into features, hotfixes, and interface changes. Part of the reason for this was my clear and detailed communication style.

    While some customers might say, "This sucks," I made sure to explain exactly why and how I would suggest fixing it. This approach was well-received by their product managers, who valued my input. As a premium customer, I have access to account managers. Its support is very good. 

    Sometimes, the support process was quite slow. While they acknowledged my tickets promptly, resolving issues could take weeks as they liaised back and forth with engineering to diagnose and determine solutions. However, the support I received from my account management and technical account management teams was very good. 

    How would you rate customer service and support?

    Neutral

    Which solution did I use previously and why did I switch?

    Lacework's advantage is its ability to differentiate between active and inactive packages through the agent. Most other CNAPP solutions don't offer this capability, and competitors like Wiz don't implement it as effectively.

    I've used several other platforms, such as Wiz and Prisma, and they all cover similar functionalities, such as scanning for misconfigurations in the cloud against compliance standards, monitoring IAM configurations for risks, logging and anomaly detection, host-based vulnerability scanning, and IAC code scanning. Wiz offers better reporting and ease of data extraction from datasets.

    Lacework, on the other hand, is generally more cost-effective and becomes user-friendly once you're accustomed to its UI conventions. However, extracting specific data from Lacework can sometimes be challenging.

    How was the initial setup?

    The product is very straightforward to deploy across an entire AWS or GCP organization. They offer automation via Terraform and CloudFormation templates, which allow deployment across all accounts with the appropriate permissions. As for Azure, I'm unsure about its compatibility.

    What was our ROI?

    You can expect ROI from vulnerability management. 

    What's my experience with pricing, setup cost, and licensing?

    My smaller deployments cost around 200,000 a year, which is probably not as expensive as Wiz.

    What other advice do I have?

    I rate the overall product a seven out of ten. 

    Carlos Vitrano

    Provides quick visibility and significantly reduces alerts

    Reviewed on Aug 30, 2023
    Review from a verified AWS customer

    What is our primary use case?

    We are covering cloud security posture management and run-time detection as well, so there are two flavors. It is also used for inventory purposes. We are probably using all the capacity of the tool. We have the agents deployed in our environment, and we are also covering all of the cloud environments with the Cloud Security Posture Management version.

    How has it helped my organization?

    First of all, alert reduction is helping us to be focused on other things that matter. The other thing is in regards to visibility. What we found is that Lacework is super easy to deploy in Kubernetes environments and other environments. You can get super quick visibility into what is going on in your environment. Even though it has a behavioral engine, and it takes a couple of hours to consolidate the information and present that to you, it is pretty quick. We have a huge environment, it is great for us.

    Lacework saves us a lot of money because in terms of the ingestion of data or in terms of the way AWS, GCP, and other cloud providers are sending logs into Lacework, if we have to ingest the data in our SIEM, for instance, it is going to cost us a lot of money. Having Lacework in the middle, ingesting the data, processing the data, and providing us with the right information is super valuable, at least from a cost perspective. I know every company would like to have all the logs in the SIEM or store them somewhere in their environment, but that is an advantage that I recognize in Lacework. The data is good. We can see the data that we want.

    It is good for helping us view our environment from an attacker’s perspective. One of the things that they introduced recently is Attack Path. Previously, we needed to go to two or three places to figure out what was going on in our environment. Even though we had alerts from Lacework that gave us a lot of information, we sometimes needed to go to other places to make sure that we fully understood the context of the data alert. Lacework has introduced Attack Path which helps us a lot to identify the activity from the beginning to the end.

    It has the ability to monitor configurations continuously. This capability is important, but we have complementary tools that monitor the configuration of certain files.

    We have reduced the alert noise by 60% to 70%. We needed an opportunity to focus on projects and improve our controls elsewhere. We also wanted to focus on improving our detection capabilities because the network is providing a subset of alerts that are helpful, but we also need to think about all those things that we need to do in our environment, such as make a list of some use cases from an attacker's perspective and see if we can catch the event. We have threat intelligence as well. We can see whether we have a particular type of threat in our environment. There is vulnerability management as well. The combination of those factors is what we are currently doing. We can focus on these things.

    Lacework helped save time by reducing our manual tasks. Lacework is providing us with comprehensive data or some set of data to see what is going on. In the past, we were doing that manually. We had to go to other places to understand what was going on, so Lacework helped us on that front. That was the most important saving of manual tasks.

    It also has helped us to free up existing resources. The number of people that I had initially on the on-call rotation is less because of it. I could take out those people for other projects. That is the huge value that I saw from Lacework. As long as we reduce alerts, we will have time to focus on other things. In terms of human resources, people are more focused on other things.

    Lacework has absolutely helped to reduce our organization's breach risk. Our company is super focused on protecting customer data. We are storing data in several cloud providers' object storage. With Lacework, especially with Cloud Security Posture Management, there is a compliance part where we can see how many object storages are exposed to the Internet. Whenever we have any event, we can identify that properly and immediately take action. That is how we reduce the risk in cloud providers. We take customer data super seriously, and we were able to identify all the alerts for the public object storage or for those that we had already but did not know.

    Lacework has been helpful for spotting critical weaknesses. The most important thing is our customer data. It has helped us a lot, and it is super valuable.

    What is most valuable?

    Lacework is helping a lot in reducing the noise of the alerts. Usually, whenever you have a tool in place, you have a lot of noise in terms of alerts, but the time for an engineer to look into those alerts is limited. Lacework is helping us to consolidate the information that we are getting from the agents and other sources. We are able to focus only on the things that matter, which is the most valuable thing for us. It saves time, and for investigations, we have the right context to take action. 

    What needs improvement?

    Its integrations with third-party SIEMs can be better. That is one of the things that we discussed with them. We have integrations, for instance, with Splunk. The data that we are receiving in Splunk is huge, and it is valid because Lacework has a bunch of data that they can provide to you. However, to be able to import the data and create alerts, we needed to do some work, so integration is one of the things that they can improve. 

    For container security, how they scan images and how they provide results is something that they need to continue improving in terms of visibility. We already have visibility to several artifacts, but they can take that to the next level and see what else they can do. There can be better integrations with CI/CD pipelines. There can be improvements in terms of how we can take action or how we can report from the number of inventories they are providing to us.

    For how long have I used the solution?

    I have been using Lacework for about four years.

    What do I think about the stability of the solution?

    It is stable. We sometimes experienced slowness when the objects were loading in the console, but it was related to something internal. Overall, it is good.

    What do I think about the scalability of the solution?

    It is scalable. We have multiple locations. We have about 10 data centers on-premises. We have deployed agents in all of them. We also have cloud providers such as AWS, GCP, Azure, and OCI. It is a pretty big environment with more than 8,000 assets to monitor, more than 45 cloud provider accounts, and about 10 on-prem data centers. It is only used by the security team. There are 10 to 15 people.

    How are customer service and support?

    Their technical support is good. We have a Slack channel. We have monthly meetings. We have a dedicated customer success manager. He is taking care of all of the tickets that we are creating. We have probably opened five cases so far, and they were able to resolve them all. It might not have been at the pace that we were expecting, but in the end, they are supportive. I would rate them an eight out of ten.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    We have used a lot of solutions. We had Sysdig. We had something from Rapid7. We had Prisma Cloud as well. Lacework stands out in reducing the alert noise, having the right context for investigations, and saving time. That was the main driver for us to switch to Lacework.

    If I have to compare Lacework with other tools, it covers the basis, but from the detection perspective, when you combine different portions of the data that you are receiving and create a comprehensive alert for your analysis, that is the advantage that we have from Lacework against others. That is great because we are only focused on the things that we need to fix.

    How was the initial setup?

    It is a cloud solution. I was involved in its deployment from the beginning. I started with the definitions of the success criteria that I was going to use with the team. I had the team implement it, and I was supervising. I was practically aware of every single aspect of this work.

    Its initial deployment was super straightforward. It was super easy. It also depends on how your infrastructure is managed. In our case, it was easy to deploy the agents. For the entire environment, it took us four days. There were three to four people involved.

    In terms of maintenance, from our side, only the agents need to be maintained. It requires us to download the new version of the agent and deploy it. Cloud Security Posture Management does not require any maintenance from our side. They are doing that by themselves.

    What was our ROI?

    We have seen an ROI. It has been three to four years since we have been using the tool. If we had gone to another tool in the past, we would have been spending a lot of money and resources as well.

    What's my experience with pricing, setup cost, and licensing?

    It is slightly expensive. It depends on how big your environment is, but it is expensive. Right now, we are spending a lot of money. We have covered all of the cloud providers and most of our colocation facilities as well, so we cannot complain, but it is slightly expensive. It is not super expensive.

    What other advice do I have?

    To those evaluating this solution, I would advise identifying the requirements of the company and having a clear understanding of the success criteria and the use cases that they want to cover. After that, they can do a PoC. Identify the right number of systems that you want to go over the cloud environments and then move to production. Take Lacework's support for production deployment. It is important.

    I would rate Lacework a nine out of ten.

    View all reviews