Sold by: Fortinet Inc.
Deployed on AWS
Free Trial
AWS Free Tier
FortiCNAPP offers unmatched visibility and context to simplify and strengthen security, empowering teams to make the biggest impact with minimal effort and time.
4.4
Overview
FortiCNAPP (formerly Lacework) empowers teams to quickly identify, prioritize, and remediate code vulnerabilities, cloud misconfigurations, and overprivileged identities more efficiently, safeguard business continuity through rapid detection, investigation, and resolution of active threats like compromised credentials, streamline security operations, to do more with less, while maintaining the highest security standards and continuously comply with evolving regulations and industry best practices.
Our data-driven platform never stops learning. It automatically visualizes complex relationships between entities, events, and vulnerabilities, correlates build and runtime data for deeper insights and uses patented analytics to understand normal behavior within your environment. It notifies you to significant changes and provides highly actionable alerts, all without requiring you to create and maintain static, rigid rules.
Whether your applications run in a single cloud, across multiple clouds, in a hybrid environment, or use containers and Kubernetes, FortiCNAPP delivers the right alerts to the right people at the right time to protect your applications, data and business.
FortiCNAPP is a more comprehensive alternative to products from companies like Palo Alto Networks, Wiz, Aqua, Orca, Snyk, Sysdig, and CrowdStrike and offers key features such as:
CODE SECURITY - FortiCNAPP offers integrated code security with SCA, SAST, and IaC security. It continuously monitors runtime application behavior to identify active, exploitable vulnerable packages versus inactive ones with lower risk.
CSPM/KSPM - FortiCNAPP provides robust CSPM and KSPM to ensure cloud service usage aligns with regulatory guidelines and best practices like CIS Benchmarks for AWS and AWS FSBP. To help prioritize risks, FortiCNAPP attack path analysis visualizes how attackers could exploit misconfigurations, showing the interconnected risks of a host or container, such as internet exposure, critical vulnerabilities, misconfigurations, exposed secrets, and privileged IAM roles.
CIEM - FortiCNAPP provides Cloud Infrastructure Entitlement Management (CIEM) for complete visibility into AWS IAM users, groups, roles, policies, entitlements, and machines (EC2). It automatically discovers identities, assesses net-effective permissions, and highlights excessive ones by comparing granted and used permissions.
BEHAVIOR ANALYTICS - FortiCNAPP continuously monitors AWS workloads for unusual behaviors, like compromises by comparing past and present states to detect anomalies. With over 100 patents, our approach ensures faster detection, quicker responses, and improved security.
COMPOSITE ALERTS - FortiCNAPP is unique in detecting early signs of active attacks by automatically correlating various alerts into a single, high-confidence composite alert. This alert provides detailed context and evidence of suspected attacks for further investigation. FortiCNAPP uses behavioral analytics, anomaly detection, in-house threat intelligence, and insights from AWS CloudTrail and GuardDuty to identify active attacks, including compromised credentials, ransomware and cryptojacking.
Contact AWSsales@fortinet.com for more information, a demo, or to discuss a private offer.
Are you concerned about the security of your cloud environment? Our expert cloud consulting services can help you implement security best practices, identify vulnerabilities, ensure compliance and protect your data from potential threats.
https://aws.amazon.com/marketplace/pp/prodview-bnqdxtusyye5q
https://aws.amazon.com/marketplace/pp/prodview-ua74gq5f72fcq
Highlights
- Gain comprehensive, continuous visibility into your AWS assets, applications, and users, enabling you to identify, measure, prioritize, and address associated risks faster and more efficiently
- Ensure business continuity by rapidly detecting, investigating, and resolving active attacks - such as compromised credentials, ransomware, and crypto-jacking to protect critical applications, services, and data
- Do more with less by streamlining security processes while maintaining high standards. Reduce cloud security costs by consolidating multiple siloed tools into a single platform and improve time-to-value with automated, easy-to-deploy and DevOps-friendly cloud security at scale
Details
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Free trial
Try this product free according to the free trial terms set by the vendor.
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/12 months |
|---|---|---|
Lacework Standard starter pack | Standard starter pack. Up to 500 vCPUs | $25,000.00 |
Lacework Pro starter pack | Pro starter pack. Up to 334 vCPUs | $25,000.00 |
Lacework Enterprise starter pack | Enterprise starter pack. Up to 250 vCPUs | $25,000.00 |
Vendor refund policy
No refunds
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Support
Vendor support
Fortinet FortiCare support offerings provide global support and deliver best-in-class support services. With FortiCare support, customers can be assured that their Fortinet security products are performing optimally and protecting their corporate assets. https://support.fortinet.com
Let Fortinet cloud experts help you successfully adopt and operationalize Lacework FortiCNAPP to secure your hybrid and public cloud environments.
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By Fortinet Inc.
By One Identity
By Transmit Security
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Code Security Analysis
Integrated code security with Software Composition Analysis (SCA), Static Application Security Testing (SAST), and Infrastructure as Code (IaC) security with runtime application behavior monitoring to identify active, exploitable vulnerable packages.
Cloud Security Posture Management
Cloud Security Posture Management (CSPM) and Kubernetes Security Posture Management (KSPM) with attack path analysis visualization and compliance validation against CIS Benchmarks for AWS and AWS Foundational Security Best Practices.
Cloud Infrastructure Entitlement Management
Cloud Infrastructure Entitlement Management (CIEM) providing visibility into AWS IAM users, groups, roles, policies, entitlements, and EC2 instances with automatic identity discovery and net-effective permissions assessment.
Behavioral Analytics and Anomaly Detection
Continuous monitoring of AWS workloads for unusual behaviors through comparison of past and present states using patented analytics with over 100 patents to detect anomalies and compromises.
Composite Alert Correlation
Automatic correlation of multiple alerts into single, high-confidence composite alerts using behavioral analytics, anomaly detection, in-house threat intelligence, AWS CloudTrail and GuardDuty data to identify active attacks including compromised credentials, ransomware, and cryptojacking.
Single Sign-On (SSO)
Automatically synchronizes users across multiple directories to enable one-click access to corporate applications on-premises and in the cloud with enforced security policies and self-service password reset capabilities.
Multi-Factor Authentication (MFA)
Supports multiple authentication methods including passwordless authentication, passkeys, one-time passcodes, push notifications, biometric data, and security keys with real-time reporting and monitoring of authentication events.
Adaptive Authentication
Delivers multi-layer, context-aware and risk-based protection to minimize common attacks and enforce contextual access security policies based on user behavior and risk assessment.
Identity Lifecycle Management
Provides role-based user provisioning engine with granular access permissions, least-privileged access controls, and automated user account provisioning across applications and AWS services.
Directory Integration
Acts as a secure cloud-based directory with integration capabilities for Active Directory, LDAP, G Suite and other external directories, plus pre-built connectors with thousands of third-party web applications and AWS services including AWS IAM, AWS SSO, Amazon Cognito, and Amazon EventBridge.
Multifactor Authentication
Support for biometric authentication, FIDO standards (passkey/WebAuthn), social login, magic links, one-time passwords (OTPs), and single sign-on (SSO) using open protocols such as OIDC and SAML.
Real-time Fraud Detection
Contextual policy engine analyzing hundreds of risk signals with machine learning-powered threat detection to prevent account takeover, session hijacking, device spoofing, malicious bots, and phishing attacks.
Identity Verification
Facial scan verification with liveness detection and government document proofing for identity assurance and fraud prevention.
Risk-based Authorization
Integration with external authorization services to externalize access decisions and conditionally prompt re-authentication or identity verification based on real-time risk assessment across the identity lifecycle.
Cloud-native CIAM Integration
Modular, plug-and-play services designed to integrate with existing identity environments such as Amazon Cognito through pre-built user flows via APIs and SDKs.
Standard contract
No
No
Customer reviews
Mark Freeborough
Network segmentation has strengthened access control and now streamlines automated threat response
Reviewed on Feb 19, 2026
Review from a verified AWS customer
What is our primary use case?
FortiCNAPP is typically used for network access control. The standard use cases for FortiCNAPP center around reporting and automated responses, particularly in IoT environments and workflow automation. Various environments require these tools, and SOC users may utilize them as well. FortiCNAPP serves as a gateway to numerous other products and services in the Fortinet portfolio.
What is most valuable?
The most valuable features in FortiCNAPP include robust network segmentation and restricting access to network assets. It also supports security measures by leveraging security fabrics for better enforcement and policy enforcement. FortiCNAPP integrates with SIEM solutions, and we offer different SIEM options that work with Fortinet and AlienVault , among others, providing multiple scenarios.
FortiCNAPP's automated policy recommendations significantly help improve security measures as part of an overall service wrap. When deploying a Fortinet SD-WAN or network, these tools provide greater visibility to vulnerabilities and enhanced security on the network. It functions as a proactive tool, enabling me to identify threats quickly and automate responses.
What needs improvement?
FortiCNAPP performs well in terms of threat notification and response times. However, the solution could be more user-friendly and intuitive. When managing the platform, navigating to certain details can sometimes feel clunky, so the interface needs to be more accessible.
For how long have I used the solution?
I have been at MLL for five years, and the organization has been a Fortinet partner for at least that long, probably longer. I have been aware of Fortinet for considerably longer, as I have worked at other organizations that provided Fortinet.
What do I think about the stability of the solution?
Fortinet provides very strong technical support. They respond within the service level agreements and are proactive in their approach. We also have a skilled in-house team that is highly knowledgeable about Fortinet and accomplishes tasks that Fortinet has not done, with innovative people on the team. Overall, they are effective at responding and fulfilling their responsibilities.
What do I think about the scalability of the solution?
FortiCNAPP deployment timeframes vary depending on customer size and the complexity of requirements. For small to medium customers, deployment does not take an extended period. For complex large customers, global deployments, or large public sector customers, the process can take longer. The duration depends on various factors including compliance requirements and other considerations.
How are customer service and support?
I provide deployment services, supplying, installing, and maintaining the entire service.
Some of my colleagues may utilize FortiCNAPP's integration with DevOps tools, though I am not extensively familiar with this capability. My technical teams do utilize integration with DevOps tools, as it performs significantly with automation regarding sophisticated challenges. We have an in-house development team that works on this, focusing on how it integrates primarily with the security fabric. Fortinet has their own developer networks, and we also explore what they may have accomplished previously. In terms of integration, FortiCNAPP performs substantially with DevOps tools, though this would depend on what our teams choose to implement.
How would you rate customer service and support?
Positive
How was the initial setup?
Approximately five to ten people from my organization participate in deployment, and their skill levels vary.
What was our ROI?
My experience with FortiCNAPP's pricing demonstrates that we conduct extensive work with Fortinet and minimal work elsewhere. We focus on selling the value of the solution, which I find to be highly competitive within the Fortinet world. Overall total cost of ownership is critical; we demonstrate ROI by showing how it saves time and optimizes roles for staff to focus on more important tasks. The pricing is competitive, further supported by special pricing based on our engagement level with Fortinet, which is advantageous. FortiCNAPP is a competitive and robust solution, the only one in the IT sphere that addresses all quadrants in the Gartner Quadrants.
What other advice do I have?
Some of my colleagues may utilize FortiCNAPP's integration with DevOps tools, though I am not extensively familiar with this capability. I would rate this review as a nine out of ten.
Ashenafi M.
Unified Cloud Security Visibility with Smart Risk Prioritization
Reviewed on Feb 18, 2026
Review provided by G2
What do you like best about the product?
What I like best about FortiCNAPP is its unified visibility across cloud infrastructure, workloads, and identities in a single platform. Instead of using separate tools for CSPM, CIEM, and vulnerability management, everything is integrated, which makes monitoring and remediation much more efficient. I also appreciate the real-time risk prioritization. It doesn’t just show vulnerabilities, but helps correlate misconfigurations, exposed workloads, and identity risks to highlight what actually matters. The automation capabilities for compliance checks and policy enforcement are another strong point, especially in dynamic cloud environments.
What do you dislike about the product?
One area that could be improved is the user interface, especially for new users. While the platform is powerful, the number of features and dashboards can feel overwhelming at first, and it takes some time to fully understand how everything connects. The initial configuration and policy tuning also require a solid understanding of cloud security concepts, which may be challenging for smaller teams without dedicated cloud security expertise. Additionally, more detailed documentation and practical implementation examples would make onboarding smoother.
What problems is the product solving and how is that benefiting you?
FortiCNAPP helps solve the challenge of fragmented cloud security visibility. In modern cloud environments, risks often come from multiple areas such as misconfigurations, excessive identity permissions, vulnerable workloads, and exposed containers. Managing these risks across different tools can create blind spots and slow down response times.
By consolidating CSPM, CIEM, vulnerability management, and runtime protection into a single platform, FortiCNAPP reduces complexity and improves risk prioritization. Instead of reacting to hundreds of low-impact alerts, it correlates findings to highlight the most critical attack paths. This has benefited me by improving efficiency in identifying high-risk issues, reducing manual investigation time, and strengthening overall cloud security posture. It also supports compliance monitoring, which makes reporting and audits much more manageable.
By consolidating CSPM, CIEM, vulnerability management, and runtime protection into a single platform, FortiCNAPP reduces complexity and improves risk prioritization. Instead of reacting to hundreds of low-impact alerts, it correlates findings to highlight the most critical attack paths. This has benefited me by improving efficiency in identifying high-risk issues, reducing manual investigation time, and strengthening overall cloud security posture. It also supports compliance monitoring, which makes reporting and audits much more manageable.
Food Production
Neutral Cloud Visibility and Compliance, but Setup and Alert Tuning Take Time
Reviewed on Feb 17, 2026
Review provided by G2
What do you like best about the product?
Good visibility across cloud resources
Helpful posture management and compliance reporting
Easy-to-understand dashboards
Integrates well with other Fortinet security products
Good alerting for misconfigurations and risky cloud permissions
Helpful posture management and compliance reporting
Easy-to-understand dashboards
Integrates well with other Fortinet security products
Good alerting for misconfigurations and risky cloud permissions
What do you dislike about the product?
Initial setup and onboarding can take time
Some reports and dashboards could be more customizable
Occasionally too many alerts without proper tuning..
Some reports and dashboards could be more customizable
Occasionally too many alerts without proper tuning..
What problems is the product solving and how is that benefiting you?
FortiCNAPP helps detect cloud misconfigurations, weak security controls, and risky permissions. It improves cloud security posture and reduces the risk of breaches by continuously monitoring cloud environments and providing actionable remediation recommendations.
Internet
Diverse Apps, Trustworthy Security, and a Simple, Easy-to-Use Interface
Reviewed on Feb 05, 2026
Review provided by G2
What do you like best about the product?
the diversity of applications and softwares is very helpfull, also the platform security is very trustworthy, the website interface is also very simple and easy to use.
What do you dislike about the product?
the setup qnd configuration process is hard to understand, the lavk of documentation is also an issue specially for new users of the platform, also it would be a great change if the prices were a bit lower
What problems is the product solving and how is that benefiting you?
It provides a single dashboard for viewing and managing our security posture across all cloud service providers. It’s been a big help in spotting misconfigurations early, and it saves a lot of time overall.
Karan B.
Effortless Setup with Stellar Features
Reviewed on Oct 29, 2025
Review provided by G2
What do you like best about the product?
I found Lacework FortiCNAPP incredibly smooth to set up, which was neither tricky nor difficult at all. This ease of installation was something I deeply appreciated. During my hackathon experience, it effectively helped me in publishing my app and mimicking a production-level scenario for my project. This showed me its potential to be a great tool for application development and project presentation. I also loved the peer review feature, which provided authentic previews that were immensely helpful in decision-making. The platform’s associations with reputed partners like G2, HubSpot, and Salesforce highlighted its well-established and trustworthy nature. Additionally, I remember the features like vulnerability management and the alerting and prioritizing capabilities as excellent facets of Lacework FortiCNAPP. The single entity dashboard offering comprehensive visibility across multi-cloud environments, including AWS, Azure, and Kubernetes, was remarkable, helping greatly in monitoring the security posture. These aspects were impressive and beneficial, making it easy to use and efficient for its purposes.
What do you dislike about the product?
{"I find that the integration experience with Lacework FortiCNAPP could be enhanced. The process of linking it up with specific software tools like Terraform, remediation code, or a normal CI/CD system could feel more comprehensive and streamlined. Improving this aspect could make these integrations more efficient and less cumbersome."}
What problems is the product solving and how is that benefiting you?
Lacework FortiCNAPP helped me with app deployment and mimicking production scenarios during a hackathon, facilitating authentic peer reviews and decision-making.