FortiCNAPP is typically used for network access control. The standard use cases for FortiCNAPP center around reporting and automated responses, particularly in IoT environments and workflow automation. Various environments require these tools, and SOC users may utilize them as well. FortiCNAPP serves as a gateway to numerous other products and services in the Fortinet portfolio.
Fortinet FortiCNAPP
Fortinet Inc.External reviews
384 reviews
from
External reviews are not included in the AWS star rating for the product.
Network segmentation has strengthened access control and now streamlines automated threat response
What is our primary use case?
What is most valuable?
The most valuable features in FortiCNAPP include robust network segmentation and restricting access to network assets. It also supports security measures by leveraging security fabrics for better enforcement and policy enforcement. FortiCNAPP integrates with SIEM solutions, and we offer different SIEM options that work with Fortinet and AlienVault, among others, providing multiple scenarios.
FortiCNAPP's automated policy recommendations significantly help improve security measures as part of an overall service wrap. When deploying a Fortinet SD-WAN or network, these tools provide greater visibility to vulnerabilities and enhanced security on the network. It functions as a proactive tool, enabling me to identify threats quickly and automate responses.
What needs improvement?
FortiCNAPP performs well in terms of threat notification and response times. However, the solution could be more user-friendly and intuitive. When managing the platform, navigating to certain details can sometimes feel clunky, so the interface needs to be more accessible.
For how long have I used the solution?
I have been at MLL for five years, and the organization has been a Fortinet partner for at least that long, probably longer. I have been aware of Fortinet for considerably longer, as I have worked at other organizations that provided Fortinet.
What do I think about the stability of the solution?
Fortinet provides very strong technical support. They respond within the service level agreements and are proactive in their approach. We also have a skilled in-house team that is highly knowledgeable about Fortinet and accomplishes tasks that Fortinet has not done, with innovative people on the team. Overall, they are effective at responding and fulfilling their responsibilities.
What do I think about the scalability of the solution?
FortiCNAPP deployment timeframes vary depending on customer size and the complexity of requirements. For small to medium customers, deployment does not take an extended period. For complex large customers, global deployments, or large public sector customers, the process can take longer. The duration depends on various factors including compliance requirements and other considerations.
How are customer service and support?
I provide deployment services, supplying, installing, and maintaining the entire service.
Some of my colleagues may utilize FortiCNAPP's integration with DevOps tools, though I am not extensively familiar with this capability. My technical teams do utilize integration with DevOps tools, as it performs significantly with automation regarding sophisticated challenges. We have an in-house development team that works on this, focusing on how it integrates primarily with the security fabric. Fortinet has their own developer networks, and we also explore what they may have accomplished previously. In terms of integration, FortiCNAPP performs substantially with DevOps tools, though this would depend on what our teams choose to implement.
How would you rate customer service and support?
Positive
How was the initial setup?
Approximately five to ten people from my organization participate in deployment, and their skill levels vary.
What was our ROI?
My experience with FortiCNAPP's pricing demonstrates that we conduct extensive work with Fortinet and minimal work elsewhere. We focus on selling the value of the solution, which I find to be highly competitive within the Fortinet world. Overall total cost of ownership is critical; we demonstrate ROI by showing how it saves time and optimizes roles for staff to focus on more important tasks. The pricing is competitive, further supported by special pricing based on our engagement level with Fortinet, which is advantageous. FortiCNAPP is a competitive and robust solution, the only one in the IT sphere that addresses all quadrants in the Gartner Quadrants.
What other advice do I have?
Some of my colleagues may utilize FortiCNAPP's integration with DevOps tools, though I am not extensively familiar with this capability. I would rate this review as a nine out of ten.
Unified Cloud Security Visibility with Smart Risk Prioritization
What do you like best about the product?
What I like best about FortiCNAPP is its unified visibility across cloud infrastructure, workloads, and identities in a single platform. Instead of using separate tools for CSPM, CIEM, and vulnerability management, everything is integrated, which makes monitoring and remediation much more efficient. I also appreciate the real-time risk prioritization. It doesn’t just show vulnerabilities, but helps correlate misconfigurations, exposed workloads, and identity risks to highlight what actually matters. The automation capabilities for compliance checks and policy enforcement are another strong point, especially in dynamic cloud environments.
What do you dislike about the product?
One area that could be improved is the user interface, especially for new users. While the platform is powerful, the number of features and dashboards can feel overwhelming at first, and it takes some time to fully understand how everything connects. The initial configuration and policy tuning also require a solid understanding of cloud security concepts, which may be challenging for smaller teams without dedicated cloud security expertise. Additionally, more detailed documentation and practical implementation examples would make onboarding smoother.
What problems is the product solving and how is that benefiting you?
FortiCNAPP helps solve the challenge of fragmented cloud security visibility. In modern cloud environments, risks often come from multiple areas such as misconfigurations, excessive identity permissions, vulnerable workloads, and exposed containers. Managing these risks across different tools can create blind spots and slow down response times.
By consolidating CSPM, CIEM, vulnerability management, and runtime protection into a single platform, FortiCNAPP reduces complexity and improves risk prioritization. Instead of reacting to hundreds of low-impact alerts, it correlates findings to highlight the most critical attack paths. This has benefited me by improving efficiency in identifying high-risk issues, reducing manual investigation time, and strengthening overall cloud security posture. It also supports compliance monitoring, which makes reporting and audits much more manageable.
By consolidating CSPM, CIEM, vulnerability management, and runtime protection into a single platform, FortiCNAPP reduces complexity and improves risk prioritization. Instead of reacting to hundreds of low-impact alerts, it correlates findings to highlight the most critical attack paths. This has benefited me by improving efficiency in identifying high-risk issues, reducing manual investigation time, and strengthening overall cloud security posture. It also supports compliance monitoring, which makes reporting and audits much more manageable.
Neutral Cloud Visibility and Compliance, but Setup and Alert Tuning Take Time
What do you like best about the product?
Good visibility across cloud resources
Helpful posture management and compliance reporting
Easy-to-understand dashboards
Integrates well with other Fortinet security products
Good alerting for misconfigurations and risky cloud permissions
Helpful posture management and compliance reporting
Easy-to-understand dashboards
Integrates well with other Fortinet security products
Good alerting for misconfigurations and risky cloud permissions
What do you dislike about the product?
Initial setup and onboarding can take time
Some reports and dashboards could be more customizable
Occasionally too many alerts without proper tuning..
Some reports and dashboards could be more customizable
Occasionally too many alerts without proper tuning..
What problems is the product solving and how is that benefiting you?
FortiCNAPP helps detect cloud misconfigurations, weak security controls, and risky permissions. It improves cloud security posture and reduces the risk of breaches by continuously monitoring cloud environments and providing actionable remediation recommendations.
Diverse Apps, Trustworthy Security, and a Simple, Easy-to-Use Interface
What do you like best about the product?
the diversity of applications and softwares is very helpfull, also the platform security is very trustworthy, the website interface is also very simple and easy to use.
What do you dislike about the product?
the setup qnd configuration process is hard to understand, the lavk of documentation is also an issue specially for new users of the platform, also it would be a great change if the prices were a bit lower
What problems is the product solving and how is that benefiting you?
It provides a single dashboard for viewing and managing our security posture across all cloud service providers. It’s been a big help in spotting misconfigurations early, and it saves a lot of time overall.
Effortless Setup with Stellar Features
What do you like best about the product?
I found Lacework FortiCNAPP incredibly smooth to set up, which was neither tricky nor difficult at all. This ease of installation was something I deeply appreciated. During my hackathon experience, it effectively helped me in publishing my app and mimicking a production-level scenario for my project. This showed me its potential to be a great tool for application development and project presentation. I also loved the peer review feature, which provided authentic previews that were immensely helpful in decision-making. The platform’s associations with reputed partners like G2, HubSpot, and Salesforce highlighted its well-established and trustworthy nature. Additionally, I remember the features like vulnerability management and the alerting and prioritizing capabilities as excellent facets of Lacework FortiCNAPP. The single entity dashboard offering comprehensive visibility across multi-cloud environments, including AWS, Azure, and Kubernetes, was remarkable, helping greatly in monitoring the security posture. These aspects were impressive and beneficial, making it easy to use and efficient for its purposes.
What do you dislike about the product?
{"I find that the integration experience with Lacework FortiCNAPP could be enhanced. The process of linking it up with specific software tools like Terraform, remediation code, or a normal CI/CD system could feel more comprehensive and streamlined. Improving this aspect could make these integrations more efficient and less cumbersome."}
What problems is the product solving and how is that benefiting you?
Lacework FortiCNAPP helped me with app deployment and mimicking production scenarios during a hackathon, facilitating authentic peer reviews and decision-making.
Improving security insights has been helpful but inconsistent vulnerability tracking needs attention
What is our primary use case?
The major use case for Lacework FortiCNAPP is for security.
I'm using it for security internally for my company.
What is most valuable?
The machine learning capability in Lacework FortiCNAPP is used for threat detection.
Automated policy recommendation helps to improve my security measures in general.
I usually use certain policies in my workspace, like if there are some alerts or something.
Continuous compliance and security monitoring are good, but they need more improvement in the vulnerabilities part.
What needs improvement?
The vulnerability part is not systematically organized; it is all clumsy in the web UI, and it is not user-friendly.
Regarding improvements, the vulnerability part, recent changes with user management, and Fortinet IM coming into place, which is not helpful at all because it cuts out the automation part, are the most important things.
Lacework FortiCNAPP should have a new clean UI and ease of access for the users as that should be the main concern.
There are limitations regarding the scalability of Lacework FortiCNAPP.
There are also more limitations with integrations like GitHub or any other pipeline, CI/CD, or ISD.
It is glitchy and works well only sometimes, and most of the time, the reports or other things are not properly calculated or circulated with the teams.
For how long have I used the solution?
I have been using Lacework FortiCNAPP for about two years.
What do I think about the stability of the solution?
The threat response time is good; we haven't faced any major threats as of now.
What do I think about the scalability of the solution?
There are limitations regarding the scalability of Lacework FortiCNAPP.
How are customer service and support?
Technical support from Fortinet is good; I get feedback and responses quickly.
How was the initial setup?
The installation of Lacework FortiCNAPP is quite complicated, especially regarding the settings.
We face some issues with troubleshooting the settings.
Which other solutions did I evaluate?
I see some big differences between Lacework FortiCNAPP and Microsoft.
The ease of access is better with Lacework FortiCNAPP, while Microsoft is more complex.
What other advice do I have?
I'm not aware of the pricing because I've seen it with my lead.
If I do these integrations, I see some impact on the DevSecOps workflow.
The integrations, like with GitHub, help with alerts directly over there.
The positive impacts I see from Lacework FortiCNAPP are majorly regarding security itself, but it has a long way to improve; there are many things to improve, and I have had many connects with the team to provide my feedback and requirements.
The review rating for Lacework FortiCNAPP is 6.
Useful Data and Easy Navigation, but Setup Can Be Tedious
What do you like best about the product?
The provided data is very useful, and the GUI is easy to navigate. Another great feature is the monitoring system, which enables quick detection of issues.
What do you dislike about the product?
The initial setup process requires some time and effort which can be tedious. Additionally l, the large volume of data presented at the start might seem overwhelming for new users.
What problems is the product solving and how is that benefiting you?
It really helped in maintaining the alerts for security issues and provides a secured platform.
Excellent security solution for the cloud
What do you like best about the product?
Lacework offers complete visibility over our entire cloud infrastructure, thus facilitating threat detection and compliance with security standards.
What do you dislike about the product?
The initial setup can be a bit complex for new users, but once in place, the platform works perfectly.
What problems is the product solving and how is that benefiting you?
Lacework helps us solve visibility and compliance issues in our cloud and container environments. Thanks to its automated threat detection, we can quickly identify vulnerabilities and ensure that our infrastructure is always secure, allowing us to reduce the risk of cyberattacks while adhering to compliance standards.
A lot to improve considering enterprise tools like SonarQube and Snyk, way below Prowler.
What do you like best about the product?
I like the multi cloud feature of Lacework including its high reporting standards.
What do you dislike about the product?
If I am a business owner, I wouldn't only think of cloud security, and then there are many other respects to look into for proper security posture management or vulnerability management. So spending on such a new tool which is yet to make a mark would be a tough choice.
What problems is the product solving and how is that benefiting you?
Currently it helps in compliance reporting/integrations wherever required.
Platform is good
What do you like best about the product?
Security container and Integration with 3rd party applications
What do you dislike about the product?
Integration documentation not available widely
What problems is the product solving and how is that benefiting you?
Security related problems are managed very well , thus I would recommend it.
showing 1 - 10