Try our new research platform with insights from 80,000+ expert users

AWS Security Hub vs Lacework FortiCNAPP comparison

Amazon Web Services (AWS) and Fortinet are both solutions in the Cloud Security Posture Management (CSPM) category. Amazon Web Services (AWS) is ranked #13 with an average rating of 7.6, while Fortinet is ranked #24 with an average rating of 7.0. Amazon Web Services (AWS) holds a 4.1% mindshare in CSPM, compared to Fortinet’s 2.2% mindshare. Additionally, 89% of Amazon Web Services (AWS) users are willing to recommend the solution, compared to 83% of Fortinet users who would recommend it.
AWS Security Hub
Read 26 AWS Security Hub reviews
  • 7,414 Views
  • 3,262 Comparison Views
89% willing to recommend
Lacework FortiCNAPP
Read 11 Lacework FortiCNAPP reviews
  • 3,233 Views
  • 2,004 Comparison Views
83% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Jun 22, 2025

Lacework FortiCNAPP and AWS Security Hub compete in the cloud security management sector. Lacework FortiCNAPP seems to have an edge due to its strong vulnerability management and cloud integration capabilities, while AWS Security Hub benefits from its native integration within the AWS ecosystem.

Features: Lacework FortiCNAPP offers robust anomaly detection, comprehensive compliance features, and seamless integration. It excels in distilling alerts to highlight critical issues and supports multiple compliance standards like PCI and SOC 2. AWS Security Hub is recognized for its strong integration with AWS native services and third-party tools, providing a unified dashboard for security management. It offers real-time alerts and compliance checks using frameworks like AWS CIS and PCI.

Room for Improvement: Lacework FortiCNAPP requires improvements in data governance, IAM security controls, and integration with third-party SIEM tools. Enhancements in alert configuration and a more user-friendly data model are also needed. AWS Security Hub could enhance cross-cloud adaptability, improve integration with open-source tools, and reduce false positives. Better customizability of dashboards is sought after by users.

Ease of Deployment and Customer Service: Lacework FortiCNAPP users report high satisfaction with responsive customer support and proactive engagement, including a dedicated Slack channel for communication. AWS Security Hub provides average support, with smooth integration processes and minimal setup issues, yet is less personalized compared to Lacework.

Pricing and ROI: Lacework FortiCNAPP is considered expensive but offers ROI through automation and reduced monitoring efforts. Users find the pricing structure confusing initially, but it has improved. AWS Security Hub is seen as cost-effective, using a pay-as-you-go model, and leverages the AWS subscription for better value. Both solutions focus on providing value through operational efficiencies.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed AWS Security Hub vs. Lacework FortiCNAPP Report (Updated: September 2025).
Buyer's Guide
AWS Security Hub vs. Lacework FortiCNAPP
September 2025
Download the complete report
Helped 872,778 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

AWS Security Hub
Ranking in Cloud Security Posture Management (CSPM)
13th
Average Rating
7.6
Reviews Sentiment
6.5
Number of Reviews
26
Ranking in other categories
Security Orchestration Automation and Response (SOAR) (5th)
Lacework FortiCNAPP
Ranking in Cloud Security Posture Management (CSPM)
24th
Average Rating
8.4
Reviews Sentiment
6.9
Number of Reviews
11
Ranking in other categories
Vulnerability Management (37th), Container Security (29th), Cloud Workload Protection Platforms (CWPP) (17th), Cloud-Native Application Protection Platforms (CNAPP) (15th), Compliance Management (9th)
 

Mindshare comparison

As of October 2025, in the Cloud Security Posture Management (CSPM) category, the mindshare of AWS Security Hub is 4.1%, down from 5.0% compared to the previous year. The mindshare of Lacework FortiCNAPP is 2.2%, down from 2.8% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Cloud Security Posture Management (CSPM) Market Share Distribution
ProductMarket Share (%)
AWS Security Hub4.1%
Lacework FortiCNAPP2.2%
Other93.7%
Cloud Security Posture Management (CSPM)
 

Featured Reviews

Karthik Ekambaram - PeerSpot reviewer
Has helped identify misconfigurations and prioritize risks but lacks multi-cloud support and deeper integration features
AWS Security Hub cannot scale up to multiple different cloud environments; it only works for AWS. There are other products in the market for CSPM that can give you multi-cloud environment misconfigurations, even Microsoft for that matter. Regarding the integration of AWS Security Hub with third-party tools, I am not certain whether we can integrate them, but there is no need to do so. However, AWS Security Hub cannot integrate with other cloud providers, so it only supports the AWS environment. The compliance checks within AWS Security Hub are good, but we don't use them much. We utilize compliance frameworks such as CIS compliance frameworks and ISO 27017 framework, which are beneficial, but it can improve in other areas too, such as including NIST and other frameworks beyond just ISO and CIS. Improvements can be applicable for scalability, particularly on integration with multi-cloud environments, and compliance frameworks can be added for more variety as well. The unified dashboard in AWS Security Hub is adequate; I cannot say it is exceptional, but the content available in the dashboards is satisfactory for now.
Read full review
Carlos Vitrano - PeerSpot reviewer
Provides quick visibility and significantly reduces alerts
Its integrations with third-party SIEMs can be better. That is one of the things that we discussed with them. We have integrations, for instance, with Splunk. The data that we are receiving in Splunk is huge, and it is valid because Lacework has a bunch of data that they can provide to you. However, to be able to import the data and create alerts, we needed to do some work, so integration is one of the things that they can improve. For container security, how they scan images and how they provide results is something that they need to continue improving in terms of visibility. We already have visibility to several artifacts, but they can take that to the next level and see what else they can do. There can be better integrations with CI/CD pipelines. There can be improvements in terms of how we can take action or how we can report from the number of inventories they are providing to us.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"AWS Security Hub has very good integration features. It allows for AWS native services integration, and it helps us to integrate some of the services outside of AWS. They have partners, such as Amazon Preferred Network Partners (APN). If you have different security tools around APN, we can integrate those findings with AWS Security Hub reducing the need to refer to different portals or different UIs. You can have AWS Security Hub act as a single common go-to dashboard."
"The advantage is that it is cloud-native, and we do not need to install agents or sensors to find findings."
"Within AWS Security Hub, there is a feature for aggregating and prioritizing security findings which allows for better risk prioritization based on misconfiguration, as they know AWS thoroughly."
"Very good at detection and providing real-time alerts."
"AWS Security Hub's unified dashboard does help streamline my process of identifying vulnerabilities, but we don't use Inspector."
"Finding out if your infrastructure is secure is a valuable feature."
"The most valuable feature of AWS Security Hub is the ability to track when monitoring is not enabled on any of my resources."
"The platform has valuable features for security."
More AWS Security Hub pros
"There are many valuable features that I use in my daily work. The first are alerts and the event dossier that it generates, based on the severity. That is very insightful and helps me to have a security cap in our infrastructure. The second thing I like is the agent-based vulnerability management, which is the most accurate information."
"The most valuable aspects are identifying vulnerabilities—things that are out there that we aren't aware of—as well as finding what path of access attackers could use, and being able to see open SSL or S3 buckets and the like."
"The machine learning capability in Lacework FortiCNAPP is used for threat detection, and automated policy recommendation helps to improve my security measures in general."
"The best feature, in my opinion, is the ease of use."
"I find the cloud configuration compliance scanning mature. It generates a lot of data and supports major frameworks like ISO 27001 or SOC 2, providing reports and datasets. Another feature I appreciate is setting custom alerts for specific events. Additionally, I value the agent-based monitoring and scanning for compute nodes. It gives us deeper insights into our workloads and helps identify vulnerabilities across our deployed assets."
"The most valuable feature, from a compliance perspective, is the ability to use Lacework as a platform for multiple compliance standards. We have to meet multiple standards like PCI, SOC 2, CIS, and whatever else is out there. The ability to have reports generated, per security standard, is one of the best features for me."
"Lacework is helping a lot in reducing the noise of the alerts. Usually, whenever you have a tool in place, you have a lot of noise in terms of alerts, but the time for an engineer to look into those alerts is limited. Lacework is helping us to consolidate the information that we are getting from the agents and other sources. We are able to focus only on the things that matter, which is the most valuable thing for us. It saves time, and for investigations, we have the right context to take action."
"The most valuable feature is Lacework's ability to distill all the security and audit logs. I recommend it to my customers. Normally, when I consult for other customers that are getting into the cloud, we use native security tools. It's more of a rule-based engine."
More Lacework FortiCNAPP pros
 

Cons

"Many findings are too generic or irrelevant to the environment, which can lead to false positives."
"The solution will only give you insight if you have configure rule enabled. It should work more like Prisma Cloud and Dome9 which have a better approach."
"The support must be quicker."
"The telemetry doesn't always go into the control center. When you have multiple instances running in AWS, you need a control tower to take feeds from Security Hub and analyze your results. Sometimes exemptions aren't passed between the control tower and Security Hub. The configuration gets mixed up or you don't get the desired results."
"Shortening the response time for support tickets, particularly in production issues, could make the service more efficient."
"Adding SIEM features would be beneficial because of the limited customization of AWS Security Hub."
"One aspect that could be improved in the solution is its adaptability to different markets and geopolitical restrictions. In certain regions like Thailand, specific services from certain countries or providers, such as AWS or Azure, might be limited or blocked. It also needs improvement in would require configuring the solution more adaptable to AWS infrastructure and function."
"From an improvement perspective, there is a need to add more compliance since, right now, AWS Security Hub only provides four to five compliances to control the tool."
More AWS Security Hub cons
"Lacework has not reduced the number of alerts we get. We've actually had to add resources as a result of using it because the application requires a lot of people to understand it to get the value out of it properly."
"The biggest thing I would like to see improved is for them to pursue and obtain a FedRAMP moderate authorization... I don't believe they have any immediate plans to get FedRAMP moderate authorized, which is a bit of a challenge for us because we can only use Lacework in our commercial environment."
"The vulnerability part is not systematically organized; it is all clumsy in the web UI, and it is not user-friendly."
"Visibility is lacking, and both compliance-related metrics and IAM security control could be improved."
"The solution lacks a cohesive data model, making extracting the necessary data from the platform challenging. It uses its own LQL query language, and each database across different layers and modules is structured differently, complicating correlation efforts. Consequently, I had to create extensive custom reports outside Lacework because their default dashboards didn't communicate risk metrics. They're addressing these issues by redesigning their tools, including introducing the dashboard, which is a step closer to actionable insights but still needs refinement."
"A feature that I have requested from them is the ability to sort alerts and policies based on a security framework. Right now, when you go into alerts, you have hundreds and hundreds of them that you have to manually pick. It would be useful to have categories for CIS Benchmark or SOC 2 and be able to display all the alerts and policies for one security framework."
"Lacework lacks remediation features, but I believe they're working on that. They're focused on the reporting aspect, but other features need to improve. They're also adding some compliance features, so it's not worth saying they need to get better at it."
"The configuration and setup of alerts should be easier. They should make it easier to integrate with systems like Slack and Datadog. I didn't spend too much time on it, but to me, it wasn't as simple as the alerting that I've seen on other systems."
More Lacework FortiCNAPP cons
 

Pricing and Cost Advice

"The price of the solution is not very competitive but it is reasonable."
"Security Hub is not an expensive solution."
"There are multiple subscription models, like yearly, monthly, and packaged."
"The cost is based on the number of compliances, core checks, and services required, and for more than 10,000 recommendations, the charge is just one dollar."
"AWS Security Hub's pricing is pretty reasonable."
"The price of AWS Security Hub is average compared to other solutions."
"AWS Security Hub is not an expensive tool. I would consider it to be a cheap solution. AWS Security Hub follows the PAYG pricing model, meaning you will have to pay for whatever you use."
"The pricing is fine. It is not an expensive tool."
"It is slightly expensive. It depends on how big your environment is, but it is expensive. Right now, we are spending a lot of money. We have covered all of the cloud providers and most of our colocation facilities as well, so we cannot complain, but it is slightly expensive. It is not super expensive."
"The licensing fee was approximately $80,000 USD, per year."
"The pricing has gotten better. That scenario was somewhat unstable. They have a rather interesting licensing structure. I believe you get 200 resources per "Lacework unit." It was difficult, in the beginning, to figure out exactly what a "resource" was... That was a problem until about a year or so ago. They have improved it and it has stabilized quite a bit."
"My smaller deployments cost around 200,000 a year, which is probably not as expensive as Wiz."
report
See which vendors are best for you
Use our free recommendation engine to learn which Cloud Security Posture Management (CSPM) solutions are best for your needs.
See recommendations
872,778 professionals have used our research since 2012.
 

Comparison Review

it_user186927 - PeerSpot reviewer
Feb 16, 2015
Cybereason vs. Interset vs. SQRRL
Capture DB - they all use NoSQL db and hence solve the ad hoc query and 'go back in time' problem with current best of breed SIEM and DLP solutions that rely on real time analysis of incoming logs (and don't store them). This means deeper and quicker iterative threat analysis and assessment…
Read full review
 

Top Industries

By visitors reading reviews
Computer Software Company
13%
Financial Services Firm
12%
Manufacturing Company
10%
Government
6%
Computer Software Company
14%
Financial Services Firm
12%
Manufacturing Company
7%
University
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business10
Midsize Enterprise5
Large Enterprise12
By reviewers
Company SizeCount
Small Business4
Midsize Enterprise4
Large Enterprise4
 

Questions from the Community

Which is better - Azure Sentinel or AWS Security Hub?
We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel is auto-scaling - you will not have to worry about performance impact, you will...
See all answers
What do you like most about AWS Security Hub?
The most valuable features of the solution are the scanning of all the cloud environments and most of the compliances available in the cloud.
See all answers
What needs improvement with AWS Security Hub?
AWS Security Hub cannot scale up to multiple different cloud environments; it only works for AWS. There are other products in the market for CSPM that can give you multi-cloud environment misconfig...
See all answers
What is your experience regarding pricing and costs for Lacework?
My smaller deployments cost around 200,000 a year, which is probably not as expensive as Wiz.
See all answers
What needs improvement with Lacework?
The solution lacks a cohesive data model, making extracting the necessary data from the platform challenging. It uses its own LQL query language, and each database across different layers and modul...
See all answers
What is your primary use case for Lacework?
We use the tool for two main purposes: vulnerability management and monitoring. We utilize it to scan all of our IAC scripts and configurations across our AWS and GCP environments. Additionally, we...
See all answers
 

Comparisons

Microsoft Sentinel vs AWS Security Hub Logo
Microsoft Sentinel vs AWS Security Hub
Compared 37% of the time
Wiz vs AWS Security Hub Logo
Wiz vs AWS Security Hub
Compared 11% of the time
Prisma Cloud by Palo Alto Networks vs AWS Security Hub Logo
Prisma Cloud by Palo Alto Networks vs AWS Security Hub
Compared 7% of the time
Microsoft Defender for Cloud vs AWS Security Hub Logo
Microsoft Defender for Cloud vs AWS Security Hub
Compared 5% of the time
CrowdStrike Falcon Cloud Security vs AWS Security Hub Logo
CrowdStrike Falcon Cloud Security vs AWS Security Hub
Compared 3% of the time
More AWS Security Hub Competitors
Wiz vs Lacework FortiCNAPP Logo
Wiz vs Lacework FortiCNAPP
Compared 15% of the time
Prisma Cloud by Palo Alto Networks vs Lacework FortiCNAPP Logo
Prisma Cloud by Palo Alto Networks vs Lacework FortiCNAPP
Compared 11% of the time
Tenable Cloud Security vs Lacework FortiCNAPP Logo
Tenable Cloud Security vs Lacework FortiCNAPP
Compared 6% of the time
AWS GuardDuty vs Lacework FortiCNAPP Logo
AWS GuardDuty vs Lacework FortiCNAPP
Compared 6% of the time
Aqua Cloud Security Platform vs Lacework FortiCNAPP Logo
Aqua Cloud Security Platform vs Lacework FortiCNAPP
Compared 3% of the time
More Lacework FortiCNAPP Competitors
 

Product Reports

Buyer's Guide
AWS Security Hub
October 2025
AWS Security Hub reportDownload AWS Security Hub product report
Buyer's Guide
Lacework FortiCNAPP
October 2025
Lacework FortiCNAPP reportDownload Lacework FortiCNAPP product report
 

Also Known As

SQRRL
Polygraph, FortiCNP
 

Overview

AWS Security Hub is a comprehensive security service that provides a centralized view of security alerts and compliance status across an AWS environment. It collects data from various AWS services, partner solutions, and AWS Marketplace products to provide a holistic view of security posture. With Security Hub, users can quickly identify and prioritize security issues, automate compliance checks, and streamline remediation efforts. 

The service offers a range of features including continuous monitoring, threat intelligence integration, and customizable dashboards. It also provides automated insights and recommendations to help users improve their security posture. Security Hub integrates with other AWS services like Amazon GuardDuty, AWS Config, and AWS Macie to provide a unified security experience. Additionally, it supports integration with third-party security tools through its API, allowing users to leverage their existing security investments. 

With its user-friendly interface and powerful capabilities, AWS Security Hub is a valuable tool for organizations looking to enhance their security and compliance posture in the cloud.

Amazon Web Services (AWS)

Lacework FortiCNAPP provides robust cloud security, combining vulnerability management and multi-cloud insight with user-friendly controls, machine learning detection, and compliance support.

Lacework FortiCNAPP specializes in cloud security by merging machine learning anomaly detection with agent-based vulnerability management to offer detailed alerts and compliance reports. Its comprehensive approach allows continuous monitoring across AWS and Kubernetes, providing insights from an attacker's perspective. The platform offers automation and seamless Slack integration, facilitating collaborative and efficient cloud security management. Users value its ability to handle multi-cloud environments and scan IAC scripts, configurations, and compute nodes across AWS and GCP.

What are the key features?
  • Machine Learning Detection: Identifies anomalies effectively.
  • Compliance Reports: Provides precise compliance documentation.
  • Vulnerability Management: Supports agent-based vulnerability assessments.
  • Multi-Cloud Support: Manages and secures across multiple cloud providers.
  • Automation and Collaboration: Enables integration with Slack for streamlined communication.
  • Custom Alerts: Allows creation of personalized alerts for better focus.
What benefits do users expect?
  • Reduced Alert Noise: Minimizes distractions with filtered alerts.
  • Efficient Cloud Security: Automates processes for enhanced security management.
  • Collaboration Support: Integrates with tools like Slack.
  • Insightful Perspective: Provides insight from an attacker's viewpoint.

Organizations across sectors leverage Lacework FortiCNAPP for cloud security, focusing on compliance, security posture, and vulnerability management. It is widely used for monitoring AWS and Kubernetes environments, scanning IAC scripts, configurations, and securing compute nodes. It supports multi-cloud security posture management and log ingestion, enabling companies to maintain strong cloud infrastructures without dedicated security layers.

Fortinet
 

Sample Customers

Edmunds, Frame.io, GoDaddy, Realtor.com
J.Crew, AdRoll, Snowflake, VMWare, Iterable, Pure Storage, TrueCar, NerdWallet, and more.
Buyer's Guide
AWS Security Hub vs. Lacework FortiCNAPP
September 2025
Free Report: AWS Security Hub vs. Lacework FortiCNAPP
Find out what your peers are saying about AWS Security Hub vs. Lacework FortiCNAPP and other solutions. Updated: September 2025.
DOWNLOAD NOW
872,778 professionals have used our research since 2012.
See our AWS Security Hub vs. Lacework FortiCNAPP report.
See our list of best Cloud Security Posture Management (CSPM) vendors.

We monitor all Cloud Security Posture Management (CSPM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.