Try our new research platform with insights from 80,000+ expert users

FortiCNAPP vs Wiz Code comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Feb 22, 2026

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

FortiCNAPP
Ranking in Vulnerability Management
35th
Average Rating
8.4
Reviews Sentiment
6.7
Number of Reviews
13
Ranking in other categories
Container Security (28th), Cloud Workload Protection Platforms (CWPP) (17th), Cloud Security Posture Management (CSPM) (22nd), Cloud-Native Application Protection Platforms (CNAPP) (16th), Compliance Management (10th)
Wiz Code
Ranking in Vulnerability Management
38th
Average Rating
8.6
Reviews Sentiment
4.4
Number of Reviews
3
Ranking in other categories
Risk-Based Vulnerability Management (13th), Cloud Security Remediation (1st), Application Security Posture Management (ASPM) (8th), Continuous Threat Exposure Management (CTEM) (6th)
 

Mindshare comparison

As of March 2026, in the Vulnerability Management category, the mindshare of FortiCNAPP is 1.8%, up from 1.3% compared to the previous year. The mindshare of Wiz Code is 1.1%, up from 0.6% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Vulnerability Management Mindshare Distribution
ProductMindshare (%)
FortiCNAPP1.8%
Wiz Code1.1%
Other97.1%
Vulnerability Management
 

Featured Reviews

Mark Freeborough - PeerSpot reviewer
Client Manager at MLL Telecom Ltd
Network segmentation has strengthened access control and now streamlines automated threat response
The most valuable features in FortiCNAPP include robust network segmentation and restricting access to network assets. It also supports security measures by leveraging security fabrics for better enforcement and policy enforcement. FortiCNAPP integrates with SIEM solutions, and we offer different SIEM options that work with Fortinet and AlienVault, among others, providing multiple scenarios.FortiCNAPP's automated policy recommendations significantly help improve security measures as part of an overall service wrap. When deploying a Fortinet SD-WAN or network, these tools provide greater visibility to vulnerabilities and enhanced security on the network. It functions as a proactive tool, enabling me to identify threats quickly and automate responses.
reviewer2618736 - PeerSpot reviewer
Security Manager at a consultancy with 10,001+ employees
Continuous code security has reduced vulnerabilities and provides real-time risk visibility
I have a big improvement in mind for Wiz Code, not a small improvement. When I look at tools such as vulnerability detection tools, I focus on how the reporting could help fast-track risk mitigations. I don't want folks to just look at the severity rating, whether it's critical, high, or medium. I would love to see how that presents a risk. Meaning that if a particular vulnerability is compromised, it could be a low severity, but if it's compromised, what business impact does it have? With capabilities we have in AI and other technologies, I think we could do much more than just sharing vulnerability ratings or severity ratings for folks to act on. That approach is outdated. Something that communicates the value would make sense and could help drive or change habits. That's what I'm thinking, and that's why I say it's a big one, not just something small.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Lacework is helping a lot in reducing the noise of the alerts. Usually, whenever you have a tool in place, you have a lot of noise in terms of alerts, but the time for an engineer to look into those alerts is limited. Lacework is helping us to consolidate the information that we are getting from the agents and other sources. We are able to focus only on the things that matter, which is the most valuable thing for us. It saves time, and for investigations, we have the right context to take action."
"The most valuable feature is Lacework's ability to distill all the security and audit logs. I recommend it to my customers. Normally, when I consult for other customers that are getting into the cloud, we use native security tools. It's more of a rule-based engine."
"The most valuable aspects are identifying vulnerabilities—things that are out there that we aren't aware of—as well as finding what path of access attackers could use, and being able to see open SSL or S3 buckets and the like."
"Polygraph compliance is a valuable feature. In our perspective, it delivers significant benefits. The clarity it offers, along with the ability to identify and address misconfigurations, is invaluable. When such issues arise, we promptly acknowledge and take action, effectively collaborating with our teams and the responsible parties for those assets. This enables us to promptly manage problems as soon as they arise."
"I find the cloud configuration compliance scanning mature. It generates a lot of data and supports major frameworks like ISO 27001 or SOC 2, providing reports and datasets. Another feature I appreciate is setting custom alerts for specific events. Additionally, I value the agent-based monitoring and scanning for compute nodes. It gives us deeper insights into our workloads and helps identify vulnerabilities across our deployed assets."
"For the most part, out-of-the-box, it tells you right away about the things you need to work on. I like the fact that it prioritizes alerts based on severity, so that you can focus your efforts on anything that would be critical/high first, moderate second, and work your way down, trying to continue to improve your security posture."
"The most valuable feature, from a compliance perspective, is the ability to use Lacework as a platform for multiple compliance standards. We have to meet multiple standards like PCI, SOC 2, CIS, and whatever else is out there. The ability to have reports generated, per security standard, is one of the best features for me."
"The best feature, in my opinion, is the ease of use."
"The best features with Wiz Code give you a reasonable picture when it comes to vulnerabilities, which means you see the usual severity levels, you also get to see references on how to remediate vulnerabilities, and the fact that it has a visual dashboard helps all stakeholders, especially folks who need to remediate, to get that picture correctly and then take action."
"Wiz Code has positively impacted my organization through the unified platform that gives the ability to shift left in security and detect issues before they go into production."
"In my opinion, all the security features Wiz Code offers are the best."
 

Cons

"I would like to see a remote access assistance feature. And the threat-hunting platform could be better."
"Lacework lacks remediation features, but I believe they're working on that. They're focused on the reporting aspect, but other features need to improve. They're also adding some compliance features, so it's not worth saying they need to get better at it."
"Visibility is lacking, and both compliance-related metrics and IAM security control could be improved."
"Policy implementation is quite complex, and the stability will take more time for the solutions."
"The vulnerability part is not systematically organized; it is all clumsy in the web UI, and it is not user-friendly."
"A feature that I have requested from them is the ability to sort alerts and policies based on a security framework. Right now, when you go into alerts, you have hundreds and hundreds of them that you have to manually pick. It would be useful to have categories for CIS Benchmark or SOC 2 and be able to display all the alerts and policies for one security framework."
"The biggest thing I would like to see improved is for them to pursue and obtain a FedRAMP moderate authorization... I don't believe they have any immediate plans to get FedRAMP moderate authorized, which is a bit of a challenge for us because we can only use Lacework in our commercial environment."
"The solution lacks a cohesive data model, making extracting the necessary data from the platform challenging. It uses its own LQL query language, and each database across different layers and modules is structured differently, complicating correlation efforts. Consequently, I had to create extensive custom reports outside Lacework because their default dashboards didn't communicate risk metrics. They're addressing these issues by redesigning their tools, including introducing the dashboard, which is a step closer to actionable insights but still needs refinement."
"I have a big improvement in mind for Wiz Code, not a small improvement."
 

Pricing and Cost Advice

"The pricing has gotten better. That scenario was somewhat unstable. They have a rather interesting licensing structure. I believe you get 200 resources per "Lacework unit." It was difficult, in the beginning, to figure out exactly what a "resource" was... That was a problem until about a year or so ago. They have improved it and it has stabilized quite a bit."
"The licensing fee was approximately $80,000 USD, per year."
"It is slightly expensive. It depends on how big your environment is, but it is expensive. Right now, we are spending a lot of money. We have covered all of the cloud providers and most of our colocation facilities as well, so we cannot complain, but it is slightly expensive. It is not super expensive."
"My smaller deployments cost around 200,000 a year, which is probably not as expensive as Wiz."
Information not available
report
Use our free recommendation engine to learn which Vulnerability Management solutions are best for your needs.
884,797 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
11%
Computer Software Company
10%
Manufacturing Company
7%
University
6%
Manufacturing Company
12%
Financial Services Firm
10%
Computer Software Company
8%
Retailer
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business6
Midsize Enterprise4
Large Enterprise4
No data available
 

Questions from the Community

What is your experience regarding pricing and costs for Lacework?
My smaller deployments cost around 200,000 a year, which is probably not as expensive as Wiz.
What needs improvement with Lacework?
FortiCNAPP performs well in terms of threat notification and response times. However, the solution could be more user-friendly and intuitive. When managing the platform, navigating to certain detai...
What is your primary use case for Lacework?
FortiCNAPP is typically used for network access control. The standard use cases for FortiCNAPP center around reporting and automated responses, particularly in IoT environments and workflow automat...
What is your experience regarding pricing and costs for Wiz Code?
I have no idea about the pricing, setup cost, and licensing for Wiz Code.
What needs improvement with Wiz Code?
I have a big improvement in mind for Wiz Code, not a small improvement. When I look at tools such as vulnerability detection tools, I focus on how the reporting could help fast-track risk mitigatio...
What is your primary use case for Wiz Code?
Folks deploying infrastructure with Terraform code need to verify that those deployments do not have vulnerability concerns, and if they do, they need to be remediated, which is the main use case f...
 

Also Known As

Polygraph, FortiCNP, Lacework
Dazz.io
 

Overview

 

Sample Customers

J.Crew, AdRoll, Snowflake, VMWare, Iterable, Pure Storage, TrueCar, NerdWallet, and more.
Information Not Available
Find out what your peers are saying about FortiCNAPP vs. Wiz Code and other solutions. Updated: March 2026.
884,797 professionals have used our research since 2012.