FortiCNAPP Reviews

FortiCNAPP is typically used for network access control. The standard use cases for FortiCNAPP center around reporting and automated responses, particularly in IoT environments and workflow automation. Various environments require these tools, and SOC users may utilize them as well. FortiCNAPP serves as a gateway to numerous other products and services in the Fortinet portfolio.

The most valuable features in FortiCNAPP include robust network segmentation and restricting access to network assets. It also supports security measures by leveraging security fabrics for better enforcement and policy enforcement. FortiCNAPP integrates with SIEM solutions, and we offer different SIEM options that work with Fortinet and AlienVault, among others, providing multiple scenarios.

FortiCNAPP's automated policy recommendations significantly help improve security measures as part of an overall service wrap. When deploying a Fortinet SD-WAN or network, these tools provide greater visibility to vulnerabilities and enhanced security on the network. It functions as a proactive tool, enabling me to identify threats quickly and automate responses.

FortiCNAPP performs well in terms of threat notification and response times. However, the solution could be more user-friendly and intuitive. When managing the platform, navigating to certain details can sometimes feel clunky, so the interface needs to be more accessible.

I have been at MLL for five years, and the organization has been a Fortinet partner for at least that long, probably longer. I have been aware of Fortinet for considerably longer, as I have worked at other organizations that provided Fortinet.

Fortinet provides very strong technical support. They respond within the service level agreements and are proactive in their approach. We also have a skilled in-house team that is highly knowledgeable about Fortinet and accomplishes tasks that Fortinet has not done, with innovative people on the team. Overall, they are effective at responding and fulfilling their responsibilities.

FortiCNAPP deployment timeframes vary depending on customer size and the complexity of requirements. For small to medium customers, deployment does not take an extended period. For complex large customers, global deployments, or large public sector customers, the process can take longer. The duration depends on various factors including compliance requirements and other considerations.

I provide deployment services, supplying, installing, and maintaining the entire service.

Some of my colleagues may utilize FortiCNAPP's integration with DevOps tools, though I am not extensively familiar with this capability. My technical teams do utilize integration with DevOps tools, as it performs significantly with automation regarding sophisticated challenges. We have an in-house development team that works on this, focusing on how it integrates primarily with the security fabric. Fortinet has their own developer networks, and we also explore what they may have accomplished previously. In terms of integration, FortiCNAPP performs substantially with DevOps tools, though this would depend on what our teams choose to implement.

Positive

Approximately five to ten people from my organization participate in deployment, and their skill levels vary.

My experience with FortiCNAPP's pricing demonstrates that we conduct extensive work with Fortinet and minimal work elsewhere. We focus on selling the value of the solution, which I find to be highly competitive within the Fortinet world. Overall total cost of ownership is critical; we demonstrate ROI by showing how it saves time and optimizes roles for staff to focus on more important tasks. The pricing is competitive, further supported by special pricing based on our engagement level with Fortinet, which is advantageous. FortiCNAPP is a competitive and robust solution, the only one in the IT sphere that addresses all quadrants in the Gartner Quadrants.

Some of my colleagues may utilize FortiCNAPP's integration with DevOps tools, though I am not extensively familiar with this capability. I would rate this review as a nine out of ten.

My main use case for FortiCNAPP is majorly for AWS, specifically for security posture management and auditing so that the user and whoever is using this can capture what is necessary.

A specific example of how I use FortiCNAPP for AWS security posture management is that we created resources manually, which sometimes led to misconfigurations in the customer requirements, and we have used FortiCNAPP to detect services that are publicly exposed and security groups with wide ranges of open IPs for ingress or egress, along with checking unencrypted databases and tightening IAM permissions.

I also have a unique use case of FortiCNAPP for one of Asia's largest growing country government projects where we identified users with excessive permissions not required by them, due to many users being onboarded in the government sector, so we used FortiCNAPP to identify all cloud identities and recommended the right permission sets for them.

FortiCNAPP has positively impacted my organization by providing centralized visibility and consolidating our cloud security posture management, helping us identify misconfigurations and public accessibility issues, which allowed us to enhance IAM governance and visibility on vulnerabilities.

Although I don't have specific metrics, I can say it has reduced our operational overhead significantly by providing a centralized view, highlighting critical issues, and helping us tighten configurations that have reduced operational costs and time.

The best features FortiCNAPP offers, in my opinion, include compliance and audit capabilities, IAM identity management, and security rectification in configurations, along with vulnerability management, which helped us rectify thousands of overwhelmingly security vulnerabilities. I find myself relying on all of them day-to-day, including threat detection, which is really good.

Regarding how FortiCNAPP can be improved, I would say there are a few things.

For improvements, I believe integrating FortiCNAPP with ITSM tools to reduce manual ticket creation and allowing more customization in reports could be beneficial, as well as providing knowledge-sharing articles for remediation playbooks.

I have been using FortiCNAPP for almost three years.

FortiCNAPP is stable.

FortiCNAPP's scalability is open, and we can change instances easily as needed.

The customer support for FortiCNAPP is fine, though it can take time as we need to engage with AWS first, but I would rate it around 7 or 8 out of 10.

Previously, we have only used it as an add-on solution.

While I don't have specific metrics for ROI, I know that we save time on operations and manpower while improving our security posture.

Regarding pricing, setup cost, and licensing, since it's a marketplace, I find the pay-as-you-go model convenient and fair.

We did not evaluate other options before choosing FortiCNAPP, as it completed our use case right away.

For others looking into FortiCNAPP, I recommend it for tightening security in public clouds as it has worked well for us compared to other options such as Palo Alto Prisma and CrowdStrike. I would rate this product 8.5 out of 10.

Public Cloud

Amazon Web Services (AWS)

The major use case for Lacework FortiCNAPP is for security.

I'm using it for security internally for my company.

The machine learning capability in Lacework FortiCNAPP is used for threat detection.

Automated policy recommendation helps to improve my security measures in general.

I usually use certain policies in my workspace, like if there are some alerts or something.

Continuous compliance and security monitoring are good, but they need more improvement in the vulnerabilities part.

The vulnerability part is not systematically organized; it is all clumsy in the web UI, and it is not user-friendly.

Regarding improvements, the vulnerability part, recent changes with user management, and Fortinet IM coming into place, which is not helpful at all because it cuts out the automation part, are the most important things.

Lacework FortiCNAPP should have a new clean UI and ease of access for the users as that should be the main concern.

There are limitations regarding the scalability of Lacework FortiCNAPP.

There are also more limitations with integrations like GitHub or any other pipeline, CI/CD, or ISD.

It is glitchy and works well only sometimes, and most of the time, the reports or other things are not properly calculated or circulated with the teams.

I have been using Lacework FortiCNAPP for about two years.

The threat response time is good; we haven't faced any major threats as of now.

There are limitations regarding the scalability of Lacework FortiCNAPP.

Technical support from Fortinet is good; I get feedback and responses quickly.

The installation of Lacework FortiCNAPP is quite complicated, especially regarding the settings.

We face some issues with troubleshooting the settings.

I see some big differences between Lacework FortiCNAPP and Microsoft.

The ease of access is better with Lacework FortiCNAPP, while Microsoft is more complex.

I'm not aware of the pricing because I've seen it with my lead.

If I do these integrations, I see some impact on the DevSecOps workflow.

The integrations, like with GitHub, help with alerts directly over there.

The positive impacts I see from Lacework FortiCNAPP are majorly regarding security itself, but it has a long way to improve; there are many things to improve, and I have had many connects with the team to provide my feedback and requirements.

The review rating for Lacework FortiCNAPP is 6.

Private Cloud

Microsoft Azure

FortiCNAPP is mainly used from a security point of view. Some VPNs charge for their solutions, but Fortinet provides a free-of-cost VPN solution, making it more reliable and cost-effective for clients.

FortiCNAPP definitely brings time-saving benefits, and security is the main concern for the company.

Policy implementation is quite complex, and the stability will take more time for the solutions. There is definitely room for improvement in policy implementation.

I have been working with Fortinet FortiCNAPP for the last five to ten years.

Fortinet's technical support is definitely helpful and responsive. The response time for solutions or support is quick compared to other UTMs, which is beneficial.

Negative

I do deployment as well for my customers.

The pricing is a mediator compared to other products; it is not that much higher and not much lower than other products, making it a very affordable price.

Policy implementation is one part of the solution; every customer needs particular policies for groups or department-wise needs, which takes time. I am not currently using FortiCNAPP's integration with DevOps tools; some inquiries are running, but it will take time to close, and I hope it will be done in the future.

The time for implementation of this product depends on the network and users; it varies based on how many users and networks are involved, as well as what downtimes are allowed. The maximum number of users I have encountered is approximately 300 or 400.

It took me weeks to deploy, gradually applying the policies and all of that, and it depends on the circumstances. FortiCNAPP's continuous compliance and security monitoring are gradually upgraded, which is why the solutions also get upgraded, and it depends on the UTMs.

I would rate this product 9 out of 10.

On-premises

Other

Deploying FortiCNAPP is easy for us because our technicians know FortiGate, which is the solution, and they are familiar with how to implement it.

I believe continuous compliance and security monitoring in this solution meet our standards.

Regarding the firewalls, I think it is good to have a comprehensive security software in place, and I believe they provide crucial protection for our network.

What I personally appreciate about FortiCNAPP is that I think it is a good product and a good firewall because it usually offers many options for the company. I believe my partners, who are technicians, often prefer this kind of product because it is better for the end-user.

Automated policy recommendations with this solution do help to improve security.

When considering improvements for FortiCNAPP, I think there could be enhancements regarding the license, possibly adding more options to it.

I think that more options in the license would be beneficial.

At the moment, I am not using the Lacework feature with this product.

Currently, we are not using machine learning or artificial intelligence with FortiCNAPP.

I would rate the technical support of FortiGate an eight.

The deployment time for the solution usually depends on the specific requirements. I would estimate it might take one day or two to four hours depending on those requirements.

We are a partner of FortiGate, but we have to buy from a distributor to acquire FortiGate products. This is necessary for us, and I think this process is probably the same in England, but I am not certain.

I think it is easy to integrate FortiCNAPP with other tools, including DevOps tools and products such as Cisco and Palo Alto.

I would rate this review an eight overall.

We are covering cloud security posture management and run-time detection as well, so there are two flavors. It is also used for inventory purposes. We are probably using all the capacity of the tool. We have the agents deployed in our environment, and we are also covering all of the cloud environments with the Cloud Security Posture Management version.

First of all, alert reduction is helping us to be focused on other things that matter. The other thing is in regards to visibility. What we found is that Lacework is super easy to deploy in Kubernetes environments and other environments. You can get super quick visibility into what is going on in your environment. Even though it has a behavioral engine, and it takes a couple of hours to consolidate the information and present that to you, it is pretty quick. We have a huge environment, it is great for us.

Lacework saves us a lot of money because in terms of the ingestion of data or in terms of the way AWS, GCP, and other cloud providers are sending logs into Lacework, if we have to ingest the data in our SIEM, for instance, it is going to cost us a lot of money. Having Lacework in the middle, ingesting the data, processing the data, and providing us with the right information is super valuable, at least from a cost perspective. I know every company would like to have all the logs in the SIEM or store them somewhere in their environment, but that is an advantage that I recognize in Lacework. The data is good. We can see the data that we want.

It is good for helping us view our environment from an attacker’s perspective. One of the things that they introduced recently is Attack Path. Previously, we needed to go to two or three places to figure out what was going on in our environment. Even though we had alerts from Lacework that gave us a lot of information, we sometimes needed to go to other places to make sure that we fully understood the context of the data alert. Lacework has introduced Attack Path which helps us a lot to identify the activity from the beginning to the end.

It has the ability to monitor configurations continuously. This capability is important, but we have complementary tools that monitor the configuration of certain files.

We have reduced the alert noise by 60% to 70%. We needed an opportunity to focus on projects and improve our controls elsewhere. We also wanted to focus on improving our detection capabilities because the network is providing a subset of alerts that are helpful, but we also need to think about all those things that we need to do in our environment, such as make a list of some use cases from an attacker's perspective and see if we can catch the event. We have threat intelligence as well. We can see whether we have a particular type of threat in our environment. There is vulnerability management as well. The combination of those factors is what we are currently doing. We can focus on these things.

Lacework helped save time by reducing our manual tasks. Lacework is providing us with comprehensive data or some set of data to see what is going on. In the past, we were doing that manually. We had to go to other places to understand what was going on, so Lacework helped us on that front. That was the most important saving of manual tasks.

It also has helped us to free up existing resources. The number of people that I had initially on the on-call rotation is less because of it. I could take out those people for other projects. That is the huge value that I saw from Lacework. As long as we reduce alerts, we will have time to focus on other things. In terms of human resources, people are more focused on other things.

Lacework has absolutely helped to reduce our organization's breach risk. Our company is super focused on protecting customer data. We are storing data in several cloud providers' object storage. With Lacework, especially with Cloud Security Posture Management, there is a compliance part where we can see how many object storages are exposed to the Internet. Whenever we have any event, we can identify that properly and immediately take action. That is how we reduce the risk in cloud providers. We take customer data super seriously, and we were able to identify all the alerts for the public object storage or for those that we had already but did not know.

Lacework has been helpful for spotting critical weaknesses. The most important thing is our customer data. It has helped us a lot, and it is super valuable.

Lacework is helping a lot in reducing the noise of the alerts. Usually, whenever you have a tool in place, you have a lot of noise in terms of alerts, but the time for an engineer to look into those alerts is limited. Lacework is helping us to consolidate the information that we are getting from the agents and other sources. We are able to focus only on the things that matter, which is the most valuable thing for us. It saves time, and for investigations, we have the right context to take action. 

Its integrations with third-party SIEMs can be better. That is one of the things that we discussed with them. We have integrations, for instance, with Splunk. The data that we are receiving in Splunk is huge, and it is valid because Lacework has a bunch of data that they can provide to you. However, to be able to import the data and create alerts, we needed to do some work, so integration is one of the things that they can improve. 

For container security, how they scan images and how they provide results is something that they need to continue improving in terms of visibility. We already have visibility to several artifacts, but they can take that to the next level and see what else they can do. There can be better integrations with CI/CD pipelines. There can be improvements in terms of how we can take action or how we can report from the number of inventories they are providing to us.

I have been using Lacework for about four years.

It is stable. We sometimes experienced slowness when the objects were loading in the console, but it was related to something internal. Overall, it is good.

It is scalable. We have multiple locations. We have about 10 data centers on-premises. We have deployed agents in all of them. We also have cloud providers such as AWS, GCP, Azure, and OCI. It is a pretty big environment with more than 8,000 assets to monitor, more than 45 cloud provider accounts, and about 10 on-prem data centers. It is only used by the security team. There are 10 to 15 people.

Their technical support is good. We have a Slack channel. We have monthly meetings. We have a dedicated customer success manager. He is taking care of all of the tickets that we are creating. We have probably opened five cases so far, and they were able to resolve them all. It might not have been at the pace that we were expecting, but in the end, they are supportive. I would rate them an eight out of ten.

Positive

We have used a lot of solutions. We had Sysdig. We had something from Rapid7. We had Prisma Cloud as well. Lacework stands out in reducing the alert noise, having the right context for investigations, and saving time. That was the main driver for us to switch to Lacework.

If I have to compare Lacework with other tools, it covers the basis, but from the detection perspective, when you combine different portions of the data that you are receiving and create a comprehensive alert for your analysis, that is the advantage that we have from Lacework against others. That is great because we are only focused on the things that we need to fix.

It is a cloud solution. I was involved in its deployment from the beginning. I started with the definitions of the success criteria that I was going to use with the team. I had the team implement it, and I was supervising. I was practically aware of every single aspect of this work.

Its initial deployment was super straightforward. It was super easy. It also depends on how your infrastructure is managed. In our case, it was easy to deploy the agents. For the entire environment, it took us four days. There were three to four people involved.

In terms of maintenance, from our side, only the agents need to be maintained. It requires us to download the new version of the agent and deploy it. Cloud Security Posture Management does not require any maintenance from our side. They are doing that by themselves.

We have seen an ROI. It has been three to four years since we have been using the tool. If we had gone to another tool in the past, we would have been spending a lot of money and resources as well.

It is slightly expensive. It depends on how big your environment is, but it is expensive. Right now, we are spending a lot of money. We have covered all of the cloud providers and most of our colocation facilities as well, so we cannot complain, but it is slightly expensive. It is not super expensive.

To those evaluating this solution, I would advise identifying the requirements of the company and having a clear understanding of the success criteria and the use cases that they want to cover. After that, they can do a PoC. Identify the right number of systems that you want to go over the cloud environments and then move to production. Take Lacework's support for production deployment. It is important.

I would rate Lacework a nine out of ten.

We use it for anomaly detection and security compliance.

Lacework has helped us in a couple of areas. The first is that it helps us with compliance and third-party risk assessment. We do a lot of third-party risk assessments for other people that ask us questions about how we monitor our environment and who want to know what our security posture looks like. Lacework gives us the ability to respond favorably to those kinds of questions and we rely on the tool for that a lot. In terms of breach risk assessment, it helps us improve the confidence of third-party risk assessors and stakeholders. When they know that we're using Lacework or some other tool like that to help with anomaly detection and compliance to known standards, that is certainly a big benefit.

With regards to vulnerabilities, we can point to the Lacework reporting for some of that information to demonstrate compliance with NIST 800-53, CIS, and other security standards. It's very helpful from that perspective.

It also helps us from a day-to-day monitoring perspective, to know where we are in time with our security posture and if anything new has come in or something has changed in the environment that warrants some kind of immediate action.

And because it helps us focus on the severity of alerts, it has helped us bring down the number of alerts. If you work on trying to understand the cause of each of the alerts, and you then identify the appropriate actions to clear them, that will help you reduce the number of alerts. We've been able to leverage the tool to help us gain insights into some of the more nuanced challenges and vulnerabilities. 

If you take action on the alerts it's telling you about, it will help save time on manual compliance tasks. Like any tool though, if you're not understanding the alerts in the context of your architecture, and then taking the action needed to clear those alerts, it probably isn't saving you much time. But it is saving me time in helping me understand exactly what those alerts are about. It helps us focus on the right things. I would give it credit there, for sure.

It also helps free up staff a little bit because it doesn't take as many people to keep tabs on the environment as it used to. I don't feel we're spending as much time on that.

The most valuable features are the anomaly detection and security compliance, both, that the product does pretty well.

For anomaly detection, it parses things using a severity scale of low, moderate, and high, and that helps provide context to the urgency and prioritization of the alerts that you get in the tool. And on the compliance side, it supports several benchmarks, including CIS, NIST 800-53, as well as other security standards. It will give you insights into compliance against those standards so you can see how your product is configured and if it complies with the best security practices of those standards.

Where it really shines is in helping you detect anomalous activities and known threats, assuming that you have it properly configured. Out-of-the-box, it's not difficult to configure. You do need to do some minor configuration work depending on how you deployed your application. But for the most part, out-of-the-box, it tells you right away about the things you need to work on. I like the fact that it prioritizes alerts based on severity, so that you can focus your efforts on anything that would be critical/high first, moderate second, and work your way down, trying to continue to improve your security posture. That part works very well.

Also, to the extent that attackers are trying to take advantage of vulnerabilities that you may have in your system, Lacework is very good at giving you a view of your environment from an attacker's perspective. It provides context to help understand how easy or difficult, and how likely or unlikely, it is for an adversary to exploit the vulnerabilities that you may have.

In addition, it's really good at continuously monitoring, 24/7, 365. It's designed to do that. It's constantly working in the background to protect our AWS workloads, and I feel good about that. It's very important because it's one of the things we rely upon the most to give us insights into our security posture at any given point in time.

I also like a lot of the dashboards and reports. They're fairly user-friendly and easy to understand.

The biggest thing I would like to see improved is for them to pursue and obtain a FedRAMP moderate authorization. I think they have an ISO 27001 or SOC 2 or maybe both, but they don't have any kind of FedRAMP security authorization. The challenge that creates for us is that we have products in the FedRAMP environment, and to use Lacework in such an environment, it has to be FedRAMP authorized. I don't believe they have any immediate plans to get FedRAMP moderate authorized, which is a bit of a challenge for us because we can only use Lacework in our commercial environment.

We have one government product, and a second one on the way right behind it, that require a FedRAMP authorization. We're unable to use Lacework for the government work that we have because it doesn't have a FedRAMP moderate authorization. We're at a point where if they don't get FedRAMP authorization, sometime in the future, we may be forced to look in another direction, unless we want to continue using more than one tool for the same thing. Doing so is a little bit frustrating from an administrative perspective.

We have been using Lacework for a little over two years.

The overall stability of Lacework is good. They're obviously a growing organization and they continue to expand. I've seen that they've hired some leaders from other organizations, and they have put together plans to continue to scale and grow the company, and that's encouraging.

We haven't had any issues with scaling. The biggest concern you have is the licensing structure, where one Lacework unit is 200 resources and AWS resources. But it's easy to scale and they're pretty flexible in that department.

We have contacted their tech support on multiple occasions. They're very good, very timely in terms of responding. Generally speaking, they give us good feedback and help us work through most of our problems. There have been a couple of stickier and more challenging problems that have taken some more time to work through, but generally speaking, they've been pretty good about working through issues in a timely manner.

They have a method of escalating when an issue doesn't get resolved in a timely manner, which is good. Sometimes, it takes a little bit longer to engage the supplemental support, get them up to speed on a problem, and get them engaged because that may not be their primary responsibility. But they do help get you through an issue if you give them enough time.

Positive

We have it rolled out across multiple AWS accounts that are associated with several of our commercial products.

We have definitely seen ROI with Lacework. We used to have more people monitoring things in a more manual way. Lacework has reduced the amount of effort and time applied to monitoring.

We've also leveraged some of the integrations, for example with Jira, so that when an anomaly or alert comes in, we automatically generate a Jira record, which somebody then has an assigned action to go look at. Those are examples of where it's really saved some time. Instead of having someone say, "Yep, there's an alert. I need to create a ticket," it automatically creates a ticket, assigns it to someone on our team, and then they look at it, investigate, and disposition it accordingly.

The pricing has gotten better. That scenario was somewhat unstable. They have a rather interesting licensing structure. I believe you get 200 resources per "Lacework unit." It was difficult, in the beginning, to figure out exactly what a "resource" was. That was not well defined. When I first started working with Lacework, that was something that we provided feedback to them about, that it was something they needed to improve. That was a problem until about a year or so ago.

They have improved it and it has stabilized quite a bit. And I will give them credit as well for being somewhat flexible, especially for their early adopters and customers, as they worked through some of their licensing and pricing-related challenges.

If you have a lot of ephemeral resources, that can throw off your numbers a little bit. But again, they average those to try to keep it balanced. That's pretty reasonable.

Lacework is pretty good at ingesting data to correlate workloads and account behaviors. As long as you have the tool properly configured, it will give you correlation information. It's not as much information as you might get out of some other products, potentially, but it does give you good correlation information against some of those standards that I mentioned. To the extent that there's overlap in those standards, we do see the same kind of compliance or other issues pop up more than once.

My advice is to understand what it's going to do for you and what it's not going to do for you. It's very good at highlighting vulnerabilities in your architecture or your system, and it's very good at identifying non-compliance and anomalies. It's not going to do anything outside of that. Those are the things it's intended to do and that it focuses on.

In terms of our time and effort spent on security incidents and threat-hunting, the reduced alerting that has resulted from using Lacework is a mixed bag. I look at Lacework as being part of an overall suite of tools that help us look at the environment. I wouldn't rely upon it too much for threat intelligence. That's not its primary wheelhouse. But, as I mentioned, it does offer us a whole lot in terms of looking at our security posture at a point in time.

We need to be more careful when we roll out new services because we often don't have them properly vetted. Sometimes, when we do that, Lacework will tell us there are a lot of issues with them. But if you use the tool for monitoring those things in a development or staging environment, and it tells you that you have those issues, it will be very helpful in identifying the vulnerabilities and bringing focus to clearing them before you roll something out into production.

The only thing that we do from a maintenance perspective is that we periodically review alerts that are suppressed. Sometimes, you'll run across alerts that don't have value or context in your architecture, based on how you're designed. We will look at those and validate that they should continue to be suppressed, based on our architecture or a similar valid reason for suppressing them. That's pretty much the extent of the maintenance.

Public Cloud

Amazon Web Services (AWS)

The biggest draw was being able to have a report that would tell me if my AWS cloud environment was in compliance or not. So, the biggest use case was that I needed something that I could just plug in, and it would go through all of my resources in AWS and find all those nooks and crannies, every little thing, and tell me if I'm in compliance or not.

It gives me the insight and transparency that I didn't have before. It tells me exactly how compliant I am. It also gives me peace of mind by monitoring behavior within my AWS accounts and then notifying me. It has changed our organization in that we can focus on other pressing items that will help drive sales more, which is what really matters. It eliminates that part of your brain that's always worried about compliance and regulation. 

It does exactly what you expect it to do. It detects user behavior that is not normal. For example, I might test out a new service in AWS, and I'll get a notification from Lacework saying, "Hey, this user with username logged into this service for the first time." It is detecting that already just because we implemented it. It monitors all the users. It monitors what the users typically do. So, anytime a user goes outside of that normal behavior, it notifies me. If you're worried about remote workers or intrusion, it's such a good feature to have.

Its ability to continuously monitor configurations is phenomenal. It's instant. We have it set up. So, it notifies us via Slack as soon as an environment goes out of compliance. It also notifies us as soon as it goes back into compliance. It's instant. This ability to continuously monitor configurations for the organization is critical if that's something that you care about. When you think about how many different configurations or services or how many different ways you can set up AWS, and then you compound that across accounts and different geographies, you would have to hire a massive team to be able to do that manually. You might even need a massive team to maintain that or a different system that's doing that. Installing the Lacework agent and having that monitored by Lacework is a great return on your investment.

It has allowed us to focus on other pressing priorities. Nobody wants to go through compliance and alerts. It provides the ability to reduce that overall and hit SOC 2 Type 2 compliance, incident management, and having all of that taken care of. We're doing less and less of it, and it has enabled us to move faster as an organization.

It has helped us free up existing resources. We also didn't have to hire additional resources.

It has had a major effect on our breach risk assessment. When there is an anomaly detected with a user's behavior, such as a password gets compromised or somebody gains access to a user account, it notifies me right away. It also notifies me right away when a new user is created. It's also a third-party system that is storing these logs. In a worst-case event, if somebody did breach into our system because nobody was paying attention to the alerts for whatever reason, I can go back and look at the logs within Lacework to see exactly what happened. So, I can do a very good postmortem after the fact. It has helped in more ways than I could have thought of in terms of breach detection and also postmortem on any breach.

The compliance reports are definitely most valuable because they save time and are accurate. So, instead of relying on a human going through and checking or providing me with a report, I could just log into Lacework and see for myself.

It was very easy, and also a surprise, in terms of getting started and ingesting data. They have documentation on how to set it all up. Once we had it set up, it was seamless. I don't ever have to worry about maintaining it. I can just log in and see, or I can set up an alert. I can get alerts through Slack or email. It has been a great process overall.

The configuration and setup of alerts should be easier. They should make it easier to integrate with systems like Slack and Datadog. I didn't spend too much time on it, but to me, it wasn't as simple as the alerting that I've seen on other systems.

We implemented it in May of this year. So, it has been six or seven months.

I've never had any issues with its stability. So, it's not even something I think about.

I have zero doubt about its scalability. It can scale to as many hosts as you want it to and as many agents as you want to install. They'd be more than happy to do that. I've never had any concerns about its scalability.

It's exactly where you want it to be. I can just send them a Slack message. They check in with me quarterly. So, every three months, they'll check in and go over some statistics on how we use it. They're also constantly iterating and improving their product. They tell me about new features or some of their new training available to us. It's great because they're proactive like that. It's not something that I have to follow up with them on, but they're also there via Slack or email when I need them. I would rate them a 10 out of 10.

Positive

I've dabbled in a few different ones. SolCyber was one, but I've never implemented and integrated with one from start to finish.

I and another person on my team set it up. Its initial setup was very straightforward. If you're familiar with containers, it's a walk in the park.

In terms of maintenance, it doesn't need any maintenance. There was a large security vulnerability. I forgot what it was exactly, but with how we were using Lacework, it didn't impact us at all. We haven't done any sort of maintenance on it at all since we implemented it.

We didn't use an integrator, reseller, or consultant. We went straight with Lacework. Our experience with them was phenomenal. Wesley, the main person I was working with, streamlined everything for us. He was very easy to work with. He could tell I knew exactly what I wanted. There are classic sales processes, but he could tell I knew exactly what I wanted. So, he streamlined everything for me. It was a great process.

They held our hand through it, which was great. They provided documentation on how to deploy it. It was straightforward. It used, if I remember, Docker and Terraform. It was all documented. They jumped on a meeting with us while we did it. It was even to the point where we're like, "Hey, we can do this on our own." They hooked into Slack with us so that we could Slack them if we ran into anything, but I don't remember running into any issues at all. It was straightforward.

We looked at a couple of Managed Security Providers or MSPs. We evaluated some of the top ones. Wesley was the salesperson from Lacework with whom we were working. He is no longer with Lacework, but he reached out to me on LinkedIn at the perfect time. So, I was able to connect with him and get started that way.

The biggest thing about Lacework was that it was very to the point. It was exactly what we needed, and it was easy to implement. My use case was that I need to know if my AWS accounts are in compliance or not. Their response was, "Hey, we can do that. Here's an example report of what we do." They showed it to me, and I was like, "That is exactly what I need." The icing on the cake is that if a resource is out of compliance, in the report, you can click on it, and then it takes you to their documentation on how to fix that. Exactly line by line, they tell you what you need to do to fix that. So, when I saw that, it was a no-brainer. It doesn't only tell me if I'm in compliance or not. If I'm not in compliance, someone on my team can easily go into their help desk or documentation, and they would know exactly how to fix it. They don't have to research anything. They can just go in and fix it. That was incredible. That alone was what sold me on the product.

Lacework hasn't helped reduce our alerts. That's because we weren't alerting before Lacework in terms of security and compliance. If anything, it has increased our alerts, but that's just because we didn't have it before. So, overall, through time, after we implemented it and started addressing those alerts, for sure, they've been reduced. We've reduced our alerts by 70% to 80%, and there is more and more reduction.

I would rate it a 10 out of 10.

Private Cloud

Amazon Web Services (AWS)

We use the tool for two main purposes: vulnerability management and monitoring. We utilize it to scan all of our IAC scripts and configurations across our AWS and GCP environments. Additionally, we employ its agent to scan our compute nodes. This covers three main areas: cloud configuration, host systems, and IAC code, all essential for vulnerability management. We primarily focus on monitoring AWS CloudTrail to detect anomalous activities and risky behavior.

I find the cloud configuration compliance scanning mature. It generates a lot of data and supports major frameworks like ISO 27001 or SOC 2, providing reports and datasets. Another feature I appreciate is setting custom alerts for specific events. Additionally, I value the agent-based monitoring and scanning for compute nodes. It gives us deeper insights into our workloads and helps identify vulnerabilities across our deployed assets.

One key aspect of the agent that stands out is its capability to distinguish between active and inactive packages on compute nodes. This feature reduces the number of actionable vulnerabilities by focusing on packages actively running in the environment rather than all installed packages.

I noticed that it was quite noisy, with many alerts about things I wasn't particularly concerned about. However, over time, Lacework's anomaly detection improved by establishing baselines of normal activity. It now alerts us only when there are deviations from these baselines. Integrating with Slack was especially beneficial—I set up a dedicated Slack channel just for Lacework alerts. This allowed me to focus on the alerts that required attention.

The solution lacks a cohesive data model, making extracting the necessary data from the platform challenging. It uses its own LQL query language, and each database across different layers and modules is structured differently, complicating correlation efforts. Consequently, I had to create extensive custom reports outside Lacework because their default dashboards didn't communicate risk metrics. They're addressing these issues by redesigning their tools, including introducing the dashboard, which is a step closer to actionable insights but still needs refinement.

Regarding reporting features, the ability to create granular custom alerts remains limited. For instance, I could only filter alerts by source or type rather than selecting alerts based on specific IDs. This lack of granularity in alert management and reporting customization is a notable drawback.

I have been using the product for one and a half years. 

The solution is scalable. I rate it a nine out of ten. 

One thing I appreciated about Lacework was the support I received from their team. I regularly met with them to provide feedback on what worked well and what didn't in their modules. They took my feedback seriously, often implementing it into features, hotfixes, and interface changes. Part of the reason for this was my clear and detailed communication style.

While some customers might say, "This sucks," I made sure to explain exactly why and how I would suggest fixing it. This approach was well-received by their product managers, who valued my input. As a premium customer, I have access to account managers. Its support is very good. 

Sometimes, the support process was quite slow. While they acknowledged my tickets promptly, resolving issues could take weeks as they liaised back and forth with engineering to diagnose and determine solutions. However, the support I received from my account management and technical account management teams was very good. 

Neutral

Lacework's advantage is its ability to differentiate between active and inactive packages through the agent. Most other CNAPP solutions don't offer this capability, and competitors like Wiz don't implement it as effectively.

I've used several other platforms, such as Wiz and Prisma, and they all cover similar functionalities, such as scanning for misconfigurations in the cloud against compliance standards, monitoring IAM configurations for risks, logging and anomaly detection, host-based vulnerability scanning, and IAC code scanning. Wiz offers better reporting and ease of data extraction from datasets.

Lacework, on the other hand, is generally more cost-effective and becomes user-friendly once you're accustomed to its UI conventions. However, extracting specific data from Lacework can sometimes be challenging.

The product is very straightforward to deploy across an entire AWS or GCP organization. They offer automation via Terraform and CloudFormation templates, which allow deployment across all accounts with the appropriate permissions. As for Azure, I'm unsure about its compatibility.

You can expect ROI from vulnerability management. 

My smaller deployments cost around 200,000 a year, which is probably not as expensive as Wiz.

I rate the overall product a seven out of ten. 

We use Lacework for cloud security.

The ability to collect the information, analyze it, and then correlate it against the configured policy has helped us. It is easily integrated with security frameworks such as AWS, and CIS benchmarks.

Lacework, by its nature, maintains a low level of noise. Through its intelligent backend data aggregation and correlation, it effectively minimizes less relevant alerts, and instead alert on crucial matters or authentic instances of behavioral risks and concerns. However, what stands out is that having the capability to review configurations empowers us to enact adjustments internally, possibly resulting in a reduction of alerts needing attention.

Cloud Security Management is a valuable feature. In our perspective, it delivers significant benefits. The clarity it offers, along with the ability to identify misconfigurations, is invaluable. When such issues arise, we promptly acknowledge and take action, effectively collaborating with our teams and the responsible parties for those assets. This enables us to promptly manage problems as soon as they arise.               

Lacework ranks high, primarily due to its role in alerting on unexpected behavior,  potential vulnerabilities, and misconfiguration against policies. 

Currently, a view of all policies is available within the console. However, At some point in the past, I wanted a more tailored display of my compliance posture, focusing specifically on policies relevant to me. For instance, if I'm not subject to HIPAA regulations, I'd prefer not to see the HIPAA compliance details. It's worth noting that even with this request, there exists a filtering mechanism to control the type of compliance information visible. This flexibility provides a workaround to my preference, which is why it's challenging for me to definitively state my exact improvement request.

I have been using Lacework for two years. 

Its a matter of forwarding logs and data for ingestion. The solution can be scaled based on needs to c 

The support is quite good. We encountered an issue when attempting to integrate Alerting Channels. Specifically, we aimed to send alerts to our communication platform, but encountered an issue that hindered this process. I submitted a request, and the response was swift. The support team addressed the matter promptly, resulting in an immediate resolution. 

Positive

I have not seen many other similar solutions. I have a genuine appreciation for Lacework. Comparing it to other products wouldn't be equitable, as my experience with those alternatives is limited. Thus, it wouldn't be justifiable to make a definitive judgment about one product being superior to Lacework or vice versa. I can affirm, however, that Lacework is highly commendable and is delivering substantial benefits for our needs.

It is deployed on the cloud. Regarding maintenance, certain tasks must be done, including policy maintenance and alert review. However, beyond these responsibilities, there's not much to manage, given its complete Software as a Service (SaaS) nature. There's no need for involvement in tasks like storage management or endpoint maintenance.

I believe that quantifying the tangible gains from deploying a security solution is a challenge. Especially in the realm of security, the implemented solutions work to avert potential significant losses that might be hard to measure. The return on investment is evident in the form of enhanced security and prevention of major security incidents. While the value gained isn't easily quantifiable in a monetary sense, it's clear that the expense is justified. Essentially, purchasing and implementing such solutions incurs a cost without direct monetary returns. However, if we were without such solutions, the alternative would involve hiring additional staff, particularly SOC engineers, to manage anomalies, issue investigations, and alert correlation. 

The overall solution can be rated 10 out of 10.

I would recommend that while utilizing the product, it's vital to actively engage in configuring your environment appropriately and adopting the right procedures, both technical and administrative. This approach ensures the realization of value from Lacework or any security solution.