FortiCNAPP Reviews

The biggest draw was being able to have a report that would tell me if my AWS cloud environment was in compliance or not. So, the biggest use case was that I needed something that I could just plug in, and it would go through all of my resources in AWS and find all those nooks and crannies, every little thing, and tell me if I'm in compliance or not.

It gives me the insight and transparency that I didn't have before. It tells me exactly how compliant I am. It also gives me peace of mind by monitoring behavior within my AWS accounts and then notifying me. It has changed our organization in that we can focus on other pressing items that will help drive sales more, which is what really matters. It eliminates that part of your brain that's always worried about compliance and regulation. 

It does exactly what you expect it to do. It detects user behavior that is not normal. For example, I might test out a new service in AWS, and I'll get a notification from Lacework saying, "Hey, this user with username logged into this service for the first time." It is detecting that already just because we implemented it. It monitors all the users. It monitors what the users typically do. So, anytime a user goes outside of that normal behavior, it notifies me. If you're worried about remote workers or intrusion, it's such a good feature to have.

Its ability to continuously monitor configurations is phenomenal. It's instant. We have it set up. So, it notifies us via Slack as soon as an environment goes out of compliance. It also notifies us as soon as it goes back into compliance. It's instant. This ability to continuously monitor configurations for the organization is critical if that's something that you care about. When you think about how many different configurations or services or how many different ways you can set up AWS, and then you compound that across accounts and different geographies, you would have to hire a massive team to be able to do that manually. You might even need a massive team to maintain that or a different system that's doing that. Installing the Lacework agent and having that monitored by Lacework is a great return on your investment.

It has allowed us to focus on other pressing priorities. Nobody wants to go through compliance and alerts. It provides the ability to reduce that overall and hit SOC 2 Type 2 compliance, incident management, and having all of that taken care of. We're doing less and less of it, and it has enabled us to move faster as an organization.

It has helped us free up existing resources. We also didn't have to hire additional resources.

It has had a major effect on our breach risk assessment. When there is an anomaly detected with a user's behavior, such as a password gets compromised or somebody gains access to a user account, it notifies me right away. It also notifies me right away when a new user is created. It's also a third-party system that is storing these logs. In a worst-case event, if somebody did breach into our system because nobody was paying attention to the alerts for whatever reason, I can go back and look at the logs within Lacework to see exactly what happened. So, I can do a very good postmortem after the fact. It has helped in more ways than I could have thought of in terms of breach detection and also postmortem on any breach.

The compliance reports are definitely most valuable because they save time and are accurate. So, instead of relying on a human going through and checking or providing me with a report, I could just log into Lacework and see for myself.

It was very easy, and also a surprise, in terms of getting started and ingesting data. They have documentation on how to set it all up. Once we had it set up, it was seamless. I don't ever have to worry about maintaining it. I can just log in and see, or I can set up an alert. I can get alerts through Slack or email. It has been a great process overall.

The configuration and setup of alerts should be easier. They should make it easier to integrate with systems like Slack and Datadog. I didn't spend too much time on it, but to me, it wasn't as simple as the alerting that I've seen on other systems.

We implemented it in May of this year. So, it has been six or seven months.

I've never had any issues with its stability. So, it's not even something I think about.

I have zero doubt about its scalability. It can scale to as many hosts as you want it to and as many agents as you want to install. They'd be more than happy to do that. I've never had any concerns about its scalability.

It's exactly where you want it to be. I can just send them a Slack message. They check in with me quarterly. So, every three months, they'll check in and go over some statistics on how we use it. They're also constantly iterating and improving their product. They tell me about new features or some of their new training available to us. It's great because they're proactive like that. It's not something that I have to follow up with them on, but they're also there via Slack or email when I need them. I would rate them a 10 out of 10.

Positive

I've dabbled in a few different ones. SolCyber was one, but I've never implemented and integrated with one from start to finish.

I and another person on my team set it up. Its initial setup was very straightforward. If you're familiar with containers, it's a walk in the park.

In terms of maintenance, it doesn't need any maintenance. There was a large security vulnerability. I forgot what it was exactly, but with how we were using Lacework, it didn't impact us at all. We haven't done any sort of maintenance on it at all since we implemented it.

We didn't use an integrator, reseller, or consultant. We went straight with Lacework. Our experience with them was phenomenal. Wesley, the main person I was working with, streamlined everything for us. He was very easy to work with. He could tell I knew exactly what I wanted. There are classic sales processes, but he could tell I knew exactly what I wanted. So, he streamlined everything for me. It was a great process.

They held our hand through it, which was great. They provided documentation on how to deploy it. It was straightforward. It used, if I remember, Docker and Terraform. It was all documented. They jumped on a meeting with us while we did it. It was even to the point where we're like, "Hey, we can do this on our own." They hooked into Slack with us so that we could Slack them if we ran into anything, but I don't remember running into any issues at all. It was straightforward.

We looked at a couple of Managed Security Providers or MSPs. We evaluated some of the top ones. Wesley was the salesperson from Lacework with whom we were working. He is no longer with Lacework, but he reached out to me on LinkedIn at the perfect time. So, I was able to connect with him and get started that way.

The biggest thing about Lacework was that it was very to the point. It was exactly what we needed, and it was easy to implement. My use case was that I need to know if my AWS accounts are in compliance or not. Their response was, "Hey, we can do that. Here's an example report of what we do." They showed it to me, and I was like, "That is exactly what I need." The icing on the cake is that if a resource is out of compliance, in the report, you can click on it, and then it takes you to their documentation on how to fix that. Exactly line by line, they tell you what you need to do to fix that. So, when I saw that, it was a no-brainer. It doesn't only tell me if I'm in compliance or not. If I'm not in compliance, someone on my team can easily go into their help desk or documentation, and they would know exactly how to fix it. They don't have to research anything. They can just go in and fix it. That was incredible. That alone was what sold me on the product.

Lacework hasn't helped reduce our alerts. That's because we weren't alerting before Lacework in terms of security and compliance. If anything, it has increased our alerts, but that's just because we didn't have it before. So, overall, through time, after we implemented it and started addressing those alerts, for sure, they've been reduced. We've reduced our alerts by 70% to 80%, and there is more and more reduction.

I would rate it a 10 out of 10.

We use Lacework for cloud security.

The ability to collect the information, analyze it, and then correlate it against the configured policy has helped us. It is easily integrated with security frameworks such as AWS, and CIS benchmarks.

Lacework, by its nature, maintains a low level of noise. Through its intelligent backend data aggregation and correlation, it effectively minimizes less relevant alerts, and instead alert on crucial matters or authentic instances of behavioral risks and concerns. However, what stands out is that having the capability to review configurations empowers us to enact adjustments internally, possibly resulting in a reduction of alerts needing attention.

Cloud Security Management is a valuable feature. In our perspective, it delivers significant benefits. The clarity it offers, along with the ability to identify misconfigurations, is invaluable. When such issues arise, we promptly acknowledge and take action, effectively collaborating with our teams and the responsible parties for those assets. This enables us to promptly manage problems as soon as they arise.               

Lacework ranks high, primarily due to its role in alerting on unexpected behavior,  potential vulnerabilities, and misconfiguration against policies. 

Currently, a view of all policies is available within the console. However, At some point in the past, I wanted a more tailored display of my compliance posture, focusing specifically on policies relevant to me. For instance, if I'm not subject to HIPAA regulations, I'd prefer not to see the HIPAA compliance details. It's worth noting that even with this request, there exists a filtering mechanism to control the type of compliance information visible. This flexibility provides a workaround to my preference, which is why it's challenging for me to definitively state my exact improvement request.

I have been using Lacework for two years. 

Its a matter of forwarding logs and data for ingestion. The solution can be scaled based on needs to c 

The support is quite good. We encountered an issue when attempting to integrate Alerting Channels. Specifically, we aimed to send alerts to our communication platform, but encountered an issue that hindered this process. I submitted a request, and the response was swift. The support team addressed the matter promptly, resulting in an immediate resolution. 

Positive

I have not seen many other similar solutions. I have a genuine appreciation for Lacework. Comparing it to other products wouldn't be equitable, as my experience with those alternatives is limited. Thus, it wouldn't be justifiable to make a definitive judgment about one product being superior to Lacework or vice versa. I can affirm, however, that Lacework is highly commendable and is delivering substantial benefits for our needs.

It is deployed on the cloud. Regarding maintenance, certain tasks must be done, including policy maintenance and alert review. However, beyond these responsibilities, there's not much to manage, given its complete Software as a Service (SaaS) nature. There's no need for involvement in tasks like storage management or endpoint maintenance.

I believe that quantifying the tangible gains from deploying a security solution is a challenge. Especially in the realm of security, the implemented solutions work to avert potential significant losses that might be hard to measure. The return on investment is evident in the form of enhanced security and prevention of major security incidents. While the value gained isn't easily quantifiable in a monetary sense, it's clear that the expense is justified. Essentially, purchasing and implementing such solutions incurs a cost without direct monetary returns. However, if we were without such solutions, the alternative would involve hiring additional staff, particularly SOC engineers, to manage anomalies, issue investigations, and alert correlation. 

The overall solution can be rated 10 out of 10.

I would recommend that while utilizing the product, it's vital to actively engage in configuring your environment appropriately and adopting the right procedures, both technical and administrative. This approach ensures the realization of value from Lacework or any security solution.

Lacework is a sales platform.

Because Kubernetes had a number of important processes that used EKS, we needed Lacework to protect the cloud environment in general and Kubernetes in particular. We required it to defend both the overall cloud posture and to offer protection. And then our container environment's detecting capabilities.

The best feature, in my opinion, is the ease of use. As well as some levels of machine learning anomaly detection that they have that can detect pivotal anomalies faster.

Visibility is lacking, and both compliance-related metrics and IAM security control could be improved. This is what Ermetic does. IAM security management controls, as well as detection of deviations and misconfigurations, are critical but not fully developed in Lacework.

There is no data governance or data visibility. It's a little bit different, in the vector of cloud security management, but Lacework does not yet support this.

I would like to see some sort of data mapping or detection. The ability to pinpoint the exact location of data. Something similar to what Flow Security is currently doing. And that is what some other companies are attempting to do with data detection capabilities. Cloud Data Detection.

I used Lacewok more than 12 months ago. I evaluated it a year and a half ago, I believe, approximately 15 months ago.

I am not sure of the exact version.

It was used in the AWS environment.

It appears to be functioning in terms of stability. 

The impression is less that it has a lot of false positives in terms of detection and capability. There are some detections that are not particularly accurate. This is the general perception regarding data models. It needs to be improved.

I didn't notice any scalability or people-related issues because it's not a platform for widespread use. 

If you try to populate a very large environment in Lacework and there is a lot of traffic, you may encounter some difficulties. 

The system may struggle, but users, or operators, are not supposed to seriously disrupt or interfere with the platform.

We didn't experience any problems.

This solution was used by no more than 20 people in our organization.

But it is rarely used. You are supposed to get alerts from it from other places, such as Select PagerDuty.

The SIM system. You are not supposed to use it continuously.

We contacted technical support briefly, but not too much. We contacted them during the initial integration phase, but after that, communication was minimal.

Technical support was fine.  I would rate them a four out of five.

Several other vendors approached us. Dome9, which Check Point purchased, and Cloud Guard were both used in the past. However, when we decided to relocate, I believe I met some Lacework employees at a conference. And after reviewing the solution, we made the decision to put it to try.

They are starting to use Ermetic .

The initial setup is relatively straightforward.

The deployment was completed in two weeks. You will then have some additional time to configure everything.

We purchase the license here. 

The licensing fee was approximately $80,000 USD, per year.

There may be some discounts available. However, it is a one-time fee with no additional charges.

Currently, it is determined by your capabilities and the size of your environment.

In general, I would not recommend Lacework right now. There are more mature solutions that would be a better fit. 

It is very dependent on the specific environment in which you operate. Lacework isn't necessarily bad; it's just that the more mature solutions on the market have significantly more capabilities. Prisma Cloud, for example, or Rapid7 Clouds, I believe, have more capabilities and support. In the cloud environment, better support and different security use cases are available.

However, it is similar to the situation with automobiles. You are not required to drive a Ferrari. You could buy, a simpler car and seat it for your needs. It depends on what you want to accomplish.

I would rate Lacework an eight out of ten.

It has some technical capabilities, which are not bad, but it is currently lacking some technical features. It's also prone to false positives, which I believe is due to an over-reliance on some AI detection models. But the precision of those things isn't always good.