• Home
  • Lacework vs. XM Cyber

Lacework vs XM Cyber comparison

Cancel
You must select at least 2 products to compare!
Wiz Logo
Wiz
Read 11 Wiz reviews
15,070 views|11,203 comparisons
100% willing to recommend
Lacework Logo
Lacework
Read 9 Lacework reviews
3,887 views|2,658 comparisons
90% willing to recommend
XM Cyber Logo
XM Cyber
Read 2 XM Cyber reviews
671 views|355 comparisons
100% willing to recommend
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
Lacework vs. XM Cyber
May 2024
Executive Summary

We performed a comparison between Lacework and XM Cyber based on real PeerSpot user reviews.

Find out in this report how the two Cloud Security Posture Management (CSPM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed Lacework vs. XM Cyber Report (Updated: May 2024).
Download the complete report
771,170 professionals have used our research since 2012.
Featured Review
Anonymous User
Researched Lacework but chose Wiz: The dashboards are easy to read and visually pleasing, so you can understand everything quickly
Wiz helps us reduce and manage our issues. Six months ago, we had no idea where we had problems in the cloud. We used another tool, but we still... Read more →
Robert Croteau
It provides a good overview of our security posture
Lacework provides a good overview of our security posture. We also use the Kubernetes agent because our software is a Kubernetes-based application.... Read more →
HolgerHeimann
Reliable with no false-positives and helpful support
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"Our most important features are those around entitlement, external exposure, vulnerabilities, and container security.""I like Wiz's reporting, and it's easy to do queries. For example, it's pretty simple to find out how many servers we have and the applications installed on each. I like Wiz's security graph because you can use it to see the whole organization even if you have multiple accounts.""The product supports out-of-the-box reporting with context about the asset and allows us to perform complex custom queries on UI.""With Wiz, we get timely alerts for leaked data or any vulnerabilities already existing in our environment.""The security baseline and vulnerability assessments is the valuable feature.""The CSPM module has been the most effective. It was easy to deploy and covered all our accounts through APIs, requiring no agents. Wiz provides instant visibility into high-level risks that we need to address.""The automation roles are essential because we ultimately want to do less work and automate more. The dashboards are easy to read and visually pleasing. You can understand things quickly, which makes it easy for our other teams. The network and infrastructure teams don't know as much about security as we do, so it helps to have a tool that's accessible and nice to look at.""The vulnerability management modules and the discovery and inventory are the most valuable features. Before using Wiz, it was a very manual process for both. After implementing it, we're able to get all of the analytics into a single platform that gives us visibility across all the systems in our cloud. We're able to correspond and understand what the vulnerability landscape looks like a lot faster."

More Wiz Pros →

"The most valuable feature is Lacework's ability to distill all the security and audit logs. I recommend it to my customers. Normally, when I consult for other customers that are getting into the cloud, we use native security tools. It's more of a rule-based engine.""The most valuable feature, from a compliance perspective, is the ability to use Lacework as a platform for multiple compliance standards. We have to meet multiple standards like PCI, SOC 2, CIS, and whatever else is out there. The ability to have reports generated, per security standard, is one of the best features for me.""Lacework is helping a lot in reducing the noise of the alerts. Usually, whenever you have a tool in place, you have a lot of noise in terms of alerts, but the time for an engineer to look into those alerts is limited. Lacework is helping us to consolidate the information that we are getting from the agents and other sources. We are able to focus only on the things that matter, which is the most valuable thing for us. It saves time, and for investigations, we have the right context to take action.""For the most part, out-of-the-box, it tells you right away about the things you need to work on. I like the fact that it prioritizes alerts based on severity, so that you can focus your efforts on anything that would be critical/high first, moderate second, and work your way down, trying to continue to improve your security posture.""The most valuable aspects are identifying vulnerabilities—things that are out there that we aren't aware of—as well as finding what path of access attackers could use, and being able to see open SSL or S3 buckets and the like.""Polygraph compliance is a valuable feature. In our perspective, it delivers significant benefits. The clarity it offers, along with the ability to identify and address misconfigurations, is invaluable. When such issues arise, we promptly acknowledge and take action, effectively collaborating with our teams and the responsible parties for those assets. This enables us to promptly manage problems as soon as they arise.""There are many valuable features that I use in my daily work. The first are alerts and the event dossier that it generates, based on the severity. That is very insightful and helps me to have a security cap in our infrastructure. The second thing I like is the agent-based vulnerability management, which is the most accurate information.""The compliance reports are definitely most valuable because they save time and are accurate. So, instead of relying on a human going through and checking or providing me with a report, I could just log into Lacework and see for myself."

More Lacework Pros →

"The platform's most valuable feature is attack simulation.""What I personally like very much, from my experience, is that it is very reliable."

More XM Cyber Pros →

Cons
"Wiz's reporting capabilities could be refined a bit. They are making headway on that, but more executive-style dashboards would be nice. They just implemented a community aspect where you can share documents and feedback. This was something users had been requesting for a while. They are listening to customer feedback and making changes.""The only thing that needs to be improved is the number of scans per day.""We wish there were a way, beyond providing visibility and automated remediation, to wait on a given remediation, due to a critical aspect, such as the cost associated with a particular upgrade... We would like to see preventive controls that can be applied through Wiz to protect against vulnerabilities that we're not going to be able to remediate immediately.""We would like to see improvements to executive-level reporting and data reporting in general, which we understand is being rolled out to the platform.""The reporting isn't that great. They have executive summaries, but it's only a compliance report that maps all current issues to specific controls. Whether you look at one subscription or project, regardless of the size, you will get a multipage report on how the issues in that account map to that control. Our CSO isn't going to read through that. He won't filter that out or show that to his leadership and say, "Here's what we're doing." It isn't a helpful report. They're working on it, but it's a poor executive summary.""The only small pain point has been around some of the logging integrations. Some of the complexities of the script integrations aren't supported with some of the more automated infrastructure components. So, it's not as universal. For example, they have great support for cloud formation and other services, but if you're using another type of management utility or governance language for your infrastructure-as-code automation components, it becomes a little bit trickier to navigate that.""One significant issue is that the searches are case-sensitive, so finding a misconfigured resource can become very challenging.""The solution's container security could be improved."

More Wiz Cons →

"Visibility is lacking, and both compliance-related metrics and IAM security control could be improved.""The biggest thing I would like to see improved is for them to pursue and obtain a FedRAMP moderate authorization... I don't believe they have any immediate plans to get FedRAMP moderate authorized, which is a bit of a challenge for us because we can only use Lacework in our commercial environment.""Lacework lacks remediation features, but I believe they're working on that. They're focused on the reporting aspect, but other features need to improve. They're also adding some compliance features, so it's not worth saying they need to get better at it.""Lacework has not reduced the number of alerts we get. We've actually had to add resources as a result of using it because the application requires a lot of people to understand it to get the value out of it properly.""The configuration and setup of alerts should be easier. They should make it easier to integrate with systems like Slack and Datadog. I didn't spend too much time on it, but to me, it wasn't as simple as the alerting that I've seen on other systems.""A feature that I have requested from them is the ability to sort alerts and policies based on a security framework. Right now, when you go into alerts, you have hundreds and hundreds of them that you have to manually pick. It would be useful to have categories for CIS Benchmark or SOC 2 and be able to display all the alerts and policies for one security framework.""Its integrations with third-party SIEMs can be better. That is one of the things that we discussed with them.""I would like to see a remote access assistance feature. And the threat-hunting platform could be better."

More Lacework Cons →

"XM Cyber could identify all areas of vulnerability. They could expand the identification span for different areas.""We'd like to see a cheaper price."

More XM Cyber Cons →

Pricing and Cost Advice
  • "The pricing seems pretty simple. We don't have to do a lot of calculations to figure out what the components are. They do it by enabling specific features, either basics or advanced, which makes it easy to select."
  • "The pricing is fair. Some of the more advanced features and functionalities and how the tiers are split can be somewhat confusing."
  • "The pricing is fair and comparable to their competitors. The cost seems to be going up, which is a concern. There are potential savings from consolidating tools, but we're uncertain how Wiz's pricing will change over time."
  • "I wish the pricing was more transparent."
  • "The cost of the other solutions is comparable to Wiz."
  • "Wiz is a moderately priced solution, where it is neither cheap nor costly."

    • More Wiz Pricing and Cost Advice →

  • "The licensing fee was approximately $80,000 USD, per year."
  • "The pricing has gotten better. That scenario was somewhat unstable. They have a rather interesting licensing structure. I believe you get 200 resources per "Lacework unit." It was difficult, in the beginning, to figure out exactly what a "resource" was... That was a problem until about a year or so ago. They have improved it and it has stabilized quite a bit."
  • "It is slightly expensive. It depends on how big your environment is, but it is expensive. Right now, we are spending a lot of money. We have covered all of the cloud providers and most of our colocation facilities as well, so we cannot complain, but it is slightly expensive. It is not super expensive."

    • More Lacework Pricing and Cost Advice →

  • "We have to pay standard licensing fees."

    • More XM Cyber Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Cloud Security Posture Management (CSPM) solutions are best for your needs.
    See Recommendations
    771,170 professionals have used our research since 2012.
    Questions from the Community
    How would you compare Wiz vs Lacework?
    Top Answer:Wiz and Lacework sucks... Buy Orca. 
    AWS Cloud Security Posture tool - has anyone used either Wiz or Ermetic ...
    Top Answer:Whether or not the cost of third-party Cloud Security tools is justified would depend on your specific needs and budget… more »
    What do you like most about Wiz?
    Top Answer:With Wiz, we get timely alerts for leaked data or any vulnerabilities already existing in our environment.
    Read all 7 answers   →
    What do you like most about Lacework?
    Top Answer:Polygraph compliance is a valuable feature. In our perspective, it delivers significant benefits. The clarity it offers… more »
    Read all 5 answers   →
    What is your experience regarding pricing and costs for Lacework?
    Top Answer:It is slightly expensive. It depends on how big your environment is, but it is expensive. Right now, we are spending a… more »
    Read all 3 answers   →
    What needs improvement with Lacework?
    Top Answer:Lacework ranks high, primarily due to its role in alerting on unexpected behavior, potential vulnerabilities, and… more »
    Read all 5 answers   →
    What do you like most about XM Cyber?
    Top Answer:The platform's most valuable feature is attack simulation.
    Read all 2 answers   →
    What is your experience regarding pricing and costs for XM Cyber?
    Top Answer:We have to pay standard licensing fees. There are no additional costs. It is an expensive product. I rate the pricing a… more »
    Read all 2 answers   →
    What needs improvement with XM Cyber?
    Top Answer:XM Cyber could identify all areas of vulnerability. They could expand the identification span for different areas.
    Read all 2 answers   →
    Comparisons
    Orca Security logo
    Orca Security vs. Wiz
    Compared 13% of the time.
    Microsoft Defender for Cloud logo
    Microsoft Defender for Cloud vs. Wiz
    Compared 9% of the time.
    AWS Security Hub logo
    AWS Security Hub vs. Wiz
    Compared 5% of the time.
    Aqua Cloud Security Platform logo
    Aqua Cloud Security Platform vs. Wiz
    Compared 4% of the time.
    More Wiz Competitors   →
    AWS GuardDuty logo
    AWS GuardDuty vs. Lacework
    Compared 9% of the time.
    Snyk logo
    Snyk vs. Lacework
    Compared 9% of the time.
    Orca Security logo
    Orca Security vs. Lacework
    Compared 6% of the time.
    More Lacework Competitors   →
    Pentera logo
    Pentera vs. XM Cyber
    Compared 30% of the time.
    Cymulate logo
    Cymulate vs. XM Cyber
    Compared 16% of the time.
    SafeBreach logo
    SafeBreach vs. XM Cyber
    Compared 8% of the time.
    Tenable Security Center logo
    Tenable Security Center vs. XM Cyber
    Compared 7% of the time.
    Picus Security logo
    Picus Security vs. XM Cyber
    Compared 7% of the time.
    More XM Cyber Competitors   →
    Also Known As
    Polygraph
    Learn More
    Wiz
    Lacework
    Video Not Available
    XM Cyber
    Overview

    Wiz is a highly efficient solution for data security posture management (DSPM), with a 100% API-based approach that provides quick connectivity and comprehensive scans of platform configurations and workloads. The solution allows companies to automatically correlate sensitive data with relevant cloud context, such as public exposure, user identities, entitlements, and vulnerabilities.This integration enables them to understand data accessibility, configuration, usage, and movement within their internal environments.

    Wiz's Security Graph delivers automated alerts whenever risks emerge, allowing teams to prioritize and address the most critical issues before they escalate into breaches. Furthermore, Wiz ensures rapid and agentless visibility into critical data across various repositories, enabling organizations to easily determine the location of their data assets.

    Wiz Features

    Wiz provides various features in the following categories:

    • Agentless Scanning: The solution can scan every layer of a cloud environment without requiring agents, managing the entire process and providing comprehensive visibility.

    • Workflow Integration: Users can create customized workflows within Wiz to identify and assign actions based on urgency, integrating them with ticketing systems for quick and efficient remediation.

    • Vulnerability Management: Wiz's vulnerability management modules provide detailed analytics and visibility across cloud systems, streamlining the manual process of vulnerability discovery. The automated attack path analysis helps identify risks and trace potential points of exposure, allowing users to understand and mitigate them effectively and proactively.

    • CSPM (Cloud Security Posture Management): Wiz's CSPM module offers instant visibility into high-level risks to an enterprise’s cloud environment, covering all accounts without the need for agents.

    • Out-of-the-Box Reporting and Custom Queries: The service supports comprehensive reporting with asset context, allowing users to perform complex custom queries on the solution’s user-friendly interface.

    • Automation Roles and Dashboards: The solution facilitates automation by providing essential roles and dedicated dashboards that enable teams to understand security information quickly, even those with limited expertise.

    • Contextual Risk Evaluation: The service contextualizes the various components contributing to an issue, providing a risk evaluation framework that helps prioritize remediation efforts.

    • Security Graph and Visibility: Wiz's security graph offers visibility across the entire organization, even with multiple accounts, enabling users to understand their environment and assets effectively.

    The Benefits of Wiz

    Wiz offers the following benefits:


    • Comprehensive agentless scanning

    • Effective identification and mitigation of vulnerabilities

    • Streamlined vulnerability management

    • Robust reporting capabilities and customizable queries

    • Enhanced automation and role-based access control

    • Prioritized risk evaluation for efficient remediation

    • Security posture across multiple accounts

    Reviews from Real Users

    Kamran Siddique, VP Information Security at boxed.com, remarks his company has seen a ROI while using Wiz, as it simplifies the process by integrating multiple useful tools into one solution.

    According to a Senior Security Architect at Deliveroo, Wiz has given their company a fresh approach to vulnerability management, as Wiz's native integrations are extremely useful and paramount to the operational success of their platform.



    Get a demo | Wiz

    Lacework is a cloud security platform whose Polygraph Data Platform automates cloud security at scale so customers can innovate with speed and safety. Lacework is the only security platform that can collect, analyze, and accurately correlate data across an organization’s AWS, Azure, GCP, and Kubernetes environments, and narrow it down to the handful of security events that matter. As a breach detection and investigation tool, Lacework provides information on when and how a breach happened, including the users, machines, and applications involved in the breach. By using machine learning and behavioral analytics, the solution can automatically learn what's normal for your environment and reveal any abnormal behavior. In addition, Lacework gives you continuous visibility to find vulnerabilities, misconfigurations, and malicious activity across your cloud environment.

    Lacework Features

    Lacework has many valuable key features. Some of the most useful ones include:

    • Dashboards
    • Reports
    • Workflow management
    • Administration console
    • Governance
    • Policy enforcement
    • Auditing
    • Access control
    • Workflow management
    • Compliance monitoring
    • Anomaly detection
    • Data loss prevention
    • Cloud gap analytics
    • Host compliance

    Lacework Benefits

    There are many benefits to implementing Lacework. Some of the biggest advantages the solution offers include:

    • Security visibility: Get deep observability into your cloud accounts, workloads, and microservices to give you tighter security control.
    • Threat detection: By using Lacework, your organization can identify common security events that target your cloud servers, containers, and infrastructure-as-a-service (IaaS) accounts so you can take action on them quickly.
    • Flexible deployment: With Lacework, you have the option to deploy the way you prefer - either agent or agentless - which provides the visibility needed to have maximum security for cloud accounts and systems. Because Lacework offers an easy-to-deploy layered approach, you gain quick time to value.
    • Configuration compliance: With the Lacework solution, you can easily spot IaaS account configurations that are non-compliant and identify opportunities to apply security best practices.
    • Synced teams: Lacework allows your teams to operate smarter and bridge the gap between security, Dev, and Ops regardless of your team's size or experience level.
    • Gain meaningful security insights: Lacework provides meaningful security insights, alerting you of issues before they reach production from your existing workflows. This way you can build apps quickly and confidently.
    • Increased revenue streams: Because the solution has built-in security from the first line of code early on, it helps users unlock higher revenue streams.
    • Helps avoid development delays: The Lacework solution helps you better prioritize security fixes by making security information accessible to DevOps and security teams for earlier risk mitigation that speeds innovation.
    • Increased productivity: Lacework provides alerts with all the context you need and eliminates data silos and costly investigations, enabling you to boost productivity.
    • Correlate and contextualize behaviors: Lacework can take attributes and data points from your unique environment and correlate them together into behaviors.
    • Simplified cloud security posture and compliance: With the Lacework platform, you can get comprehensive visibility and continuous tracking to reduce risks and meet compliance requirements so you can improve your bottom line.
    • Address vulnerabilities before it is too late: Lacework enables you to limit your attack surface so you can address the riskiest vulnerabilities early in the development cycle.

    XM Cyber is a leading hybrid cloud security company that’s changing the way innovative organizations approach cyber risk. Our attack path management platform continuously uncovers hidden attack paths to your critical assets across cloud and on-prem environments, so you can cut them off at key junctures and eradicate risk with a fraction of the effort. This overcomes the big disconnect that security teams experience when they’re presented with endless alerts, yet can’t see which exposures impact risk the most, how they come together to be exploited by an attacker, or how to efficiently eliminate them. This approach is a complete game-changer, which is why some of the world’s largest, most complex organizations choose XM Cyber to help eradicate risk. Founded by top executives from the Israeli cyber intelligence community, XM Cyber has offices in North America, Europe, and Israel.

    Sample Customers
    Wiz is the fastest growing software company ever - $100M ARR in 18 months: Wiz becomes the fastest-growing software company ever | Wiz Blog  Discover why companies, including Salesforce, Morgan Stanley, Fox, and Bridgewater choose Wiz as their cloud security partner. Read their success stories here: Customers | Wiz
    J.Crew, AdRoll, Snowflake, VMWare, Iterable, Pure Storage, TrueCar, NerdWallet, and more.
    Hamburg Port Authority, Plymouth Rock Corporation
    Top Industries
    REVIEWERS
    Computer Software Company33%
    Retailer11%
    Outsourcing Company11%
    Manufacturing Company11%
    VISITORS READING REVIEWS
    Computer Software Company16%
    Financial Services Firm14%
    Manufacturing Company9%
    Government6%
    VISITORS READING REVIEWS
    Computer Software Company20%
    Financial Services Firm12%
    Manufacturing Company6%
    Retailer5%
    VISITORS READING REVIEWS
    Computer Software Company15%
    Financial Services Firm13%
    Government8%
    Manufacturing Company8%
    Company Size
    REVIEWERS
    Small Business15%
    Midsize Enterprise23%
    Large Enterprise62%
    VISITORS READING REVIEWS
    Small Business21%
    Midsize Enterprise15%
    Large Enterprise65%
    REVIEWERS
    Small Business30%
    Midsize Enterprise40%
    Large Enterprise30%
    VISITORS READING REVIEWS
    Small Business28%
    Midsize Enterprise18%
    Large Enterprise55%
    VISITORS READING REVIEWS
    Small Business26%
    Midsize Enterprise14%
    Large Enterprise60%
    Buyer's Guide
    Lacework vs. XM Cyber
    May 2024
    Free Report: Lacework vs. XM Cyber
    Find out what your peers are saying about Lacework vs. XM Cyber and other solutions. Updated: May 2024.
    DOWNLOAD NOW
    771,170 professionals have used our research since 2012.

    Lacework is ranked 9th in Cloud Security Posture Management (CSPM) with 9 reviews while XM Cyber is ranked 26th in Cloud Security Posture Management (CSPM) with 2 reviews. Lacework is rated 8.8, while XM Cyber is rated 8.0. The top reviewer of Lacework writes "Makes us aware of vulnerabilities and provides a lot of data but it's not easily understood at first look". On the other hand, the top reviewer of XM Cyber writes "Reliable with no false-positives and helpful support". Lacework is most compared with Prisma Cloud by Palo Alto Networks, AWS GuardDuty, Snyk, Microsoft Defender for Cloud and Orca Security, whereas XM Cyber is most compared with Pentera, Cymulate, SafeBreach, Tenable Security Center and Picus Security. See our Lacework vs. XM Cyber report.

    See our list of best Cloud Security Posture Management (CSPM) vendors and best Vulnerability Management vendors.

    We monitor all Cloud Security Posture Management (CSPM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.