Try our new research platform with insights from 80,000+ expert users

Lacework FortiCNAPP vs Qualys CyberSecurity Asset Management comparison

Fortinet and Qualys are both solutions in the Vulnerability Management category. Fortinet is ranked #17 with an average rating of 8.2, while Qualys is ranked #10 with an average rating of 9.1. Additionally, 90% of Fortinet users are willing to recommend the solution, compared to 100% of Qualys users who would recommend it.
Sponsored
Zafran Security
Read 2 Zafran Security reviews
  • 321 Views
  • 167 Comparison Views
100% willing to recommend
Lacework FortiCNAPP
Read 10 Lacework FortiCNAPP reviews
  • 1,815 Views
  • 1,294 Comparison Views
90% willing to recommend
Qualys CyberSecurity Asset ...
Read 21 Qualys CyberSecurity Asset Management reviews
  • 479 Views
  • 294 Comparison Views
100% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Jan 16, 2025

Lacework FortiCNAPP and Qualys CyberSecurity Asset Management compete in cloud security and asset management. Lacework FortiCNAPP has an edge in anomaly detection and cloud security insights, while Qualys excels in asset management and discovery.

Features: Lacework FortiCNAPP offers anomaly detection, clear vulnerability insights, and effective alert prioritization. Qualys CyberSecurity Asset Management provides detailed asset management, effective vulnerability scanning, and comprehensive risk assessment capabilities.

Room for Improvement: Lacework FortiCNAPP can improve its IAM controls, alert configuration, and collaborate better with Slack and Datadog. Enhancements in threat-hunting features and FedRAMP authorization are necessary. Qualys CyberSecurity Asset Management should work on improving its UI, scanning speed, and affordable CMDB integration. Improved reporting customization and enhanced dynamic tagging options are also needed.

Ease of Deployment and Customer Service: Lacework FortiCNAPP mainly deploys in public cloud environments and provides proactive customer support via Slack and email. Qualys CyberSecurity Asset Management runs well in both public and hybrid clouds, offering thorough but occasionally slow customer service with a traditional support approach.

Pricing and ROI: Lacework FortiCNAPP, despite being slightly costly, is considered reasonably priced for large environments, offering a good ROI by reducing manual monitoring tasks. Qualys CyberSecurity Asset Management is expensive for smaller organizations but provides competitive pricing for larger setups, especially when bundled with other services, offering comprehensive asset management.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Lacework FortiCNAPP vs. Qualys CyberSecurity Asset Management Report (Updated: March 2025).
Buyer's Guide
Lacework FortiCNAPP vs. Qualys CyberSecurity Asset Management
March 2025
Download the complete report
Helped 845,406 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Zafran Security
Sponsored
Ranking in Vulnerability Management
27th
Average Rating
9.6
Reviews Sentiment
8.1
Number of Reviews
2
Ranking in other categories
Continuous Threat Exposure Management (CTEM) (6th)
Lacework FortiCNAPP
Ranking in Vulnerability Management
17th
Average Rating
8.6
Reviews Sentiment
7.2
Number of Reviews
10
Ranking in other categories
Container Security (17th), Cloud Workload Protection Platforms (CWPP) (13th), Cloud Security Posture Management (CSPM) (16th), Cloud-Native Application Protection Platforms (CNAPP) (11th), Compliance Management (7th)
Qualys CyberSecurity Asset ...
Ranking in Vulnerability Management
10th
Average Rating
9.2
Reviews Sentiment
7.6
Number of Reviews
21
Ranking in other categories
Patch Management (7th), Cyber Asset Attack Surface Management (CAASM) (2nd), Attack Surface Management (ASM) (4th), Software Supply Chain Security (5th)
 

Featured Reviews

Israel Cavazos Landini - PeerSpot reviewer
Weekly insights and risk analysis facilitate informed security decisions
I appreciate the weekly insights Zafran provides, which include critical topics for networks and IT security, allowing us to evaluate which insights apply to our environment. The organization score feature is valuable to keep the leadership team updated on how our infrastructure fares security-wise. The applicable risk level versus base risk level feature is beneficial because prior to Zafran, we only used the base risk level, but now understand that risk depends on the asset itself. Zafran is an excellent tool.
Read full review
Carlos Vitrano - PeerSpot reviewer
Provides quick visibility and significantly reduces alerts
Its integrations with third-party SIEMs can be better. That is one of the things that we discussed with them. We have integrations, for instance, with Splunk. The data that we are receiving in Splunk is huge, and it is valid because Lacework has a bunch of data that they can provide to you. However, to be able to import the data and create alerts, we needed to do some work, so integration is one of the things that they can improve. For container security, how they scan images and how they provide results is something that they need to continue improving in terms of visibility. We already have visibility to several artifacts, but they can take that to the next level and see what else they can do. There can be better integrations with CI/CD pipelines. There can be improvements in terms of how we can take action or how we can report from the number of inventories they are providing to us.
Read full review
Revathi VeeraRaghavan - PeerSpot reviewer
Provides comprehensive visibility and covers the complete attack surface
For some of the software, there was no life cycle or general information. We wanted them to give details in the database as and when the software comes. I raised a ticket for that, and after that, they updated the details for more than one million software. They should address the false positives generated in EASM. It is fetching assets that have Infosys as the keyword. They should fix that. When we click on the web application, it only shows potential web assets. The application details are not there. Overall, CSAM has matured a lot. These are the few enhancements that need to be done.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Zafran has become an indispensable tool in our cybersecurity arsenal."
"Zafran is an excellent tool."
"For the most part, out-of-the-box, it tells you right away about the things you need to work on. I like the fact that it prioritizes alerts based on severity, so that you can focus your efforts on anything that would be critical/high first, moderate second, and work your way down, trying to continue to improve your security posture."
"The most valuable aspects are identifying vulnerabilities—things that are out there that we aren't aware of—as well as finding what path of access attackers could use, and being able to see open SSL or S3 buckets and the like."
"I find the cloud configuration compliance scanning mature. It generates a lot of data and supports major frameworks like ISO 27001 or SOC 2, providing reports and datasets. Another feature I appreciate is setting custom alerts for specific events. Additionally, I value the agent-based monitoring and scanning for compute nodes. It gives us deeper insights into our workloads and helps identify vulnerabilities across our deployed assets."
"The most valuable feature, from a compliance perspective, is the ability to use Lacework as a platform for multiple compliance standards. We have to meet multiple standards like PCI, SOC 2, CIS, and whatever else is out there. The ability to have reports generated, per security standard, is one of the best features for me."
"The most valuable feature is Lacework's ability to distill all the security and audit logs. I recommend it to my customers. Normally, when I consult for other customers that are getting into the cloud, we use native security tools. It's more of a rule-based engine."
"The compliance reports are definitely most valuable because they save time and are accurate. So, instead of relying on a human going through and checking or providing me with a report, I could just log into Lacework and see for myself."
"The best feature, in my opinion, is the ease of use."
"Polygraph compliance is a valuable feature. In our perspective, it delivers significant benefits. The clarity it offers, along with the ability to identify and address misconfigurations, is invaluable. When such issues arise, we promptly acknowledge and take action, effectively collaborating with our teams and the responsible parties for those assets. This enables us to promptly manage problems as soon as they arise."
More Lacework FortiCNAPP pros
"It provides most of the information needed regarding the assets, including the operating system and whether the assets are network devices or servers."
"Authorized and unauthorized software visibility is the best feature for me. It helps me understand security controls on our network and where we lack visibility. With a single security tool, we are able to get an extensive list."
"Overall, I would give Qualys CyberSecurity Asset Management a nine out of ten."
"Qualys CyberSecurity Asset Management has helped to improve the organization's security posture significantly."
"With Qualys CSAM, we can see which assets have critical application vulnerabilities. This feature helps us prioritize and address these vulnerabilities more efficiently."
"The end-of-life and end-of-service software and hardware are some of my favorite features."
"The scanning results are pretty good, and some of the insights are quite valuable."
"Authorized and unauthorized software visibility is the best feature for me."
More Qualys CyberSecurity Asset Management pros
 

Cons

"Initially, we were somewhat concerned about the scalability of Zafran due to our large asset count and the substantial amount of information we needed to process."
"Visibility is lacking, and both compliance-related metrics and IAM security control could be improved."
"The solution lacks a cohesive data model, making extracting the necessary data from the platform challenging. It uses its own LQL query language, and each database across different layers and modules is structured differently, complicating correlation efforts. Consequently, I had to create extensive custom reports outside Lacework because their default dashboards didn't communicate risk metrics. They're addressing these issues by redesigning their tools, including introducing the dashboard, which is a step closer to actionable insights but still needs refinement."
"Lacework lacks remediation features, but I believe they're working on that. They're focused on the reporting aspect, but other features need to improve. They're also adding some compliance features, so it's not worth saying they need to get better at it."
"Lacework has not reduced the number of alerts we get. We've actually had to add resources as a result of using it because the application requires a lot of people to understand it to get the value out of it properly."
"The biggest thing I would like to see improved is for them to pursue and obtain a FedRAMP moderate authorization... I don't believe they have any immediate plans to get FedRAMP moderate authorized, which is a bit of a challenge for us because we can only use Lacework in our commercial environment."
"A feature that I have requested from them is the ability to sort alerts and policies based on a security framework. Right now, when you go into alerts, you have hundreds and hundreds of them that you have to manually pick. It would be useful to have categories for CIS Benchmark or SOC 2 and be able to display all the alerts and policies for one security framework."
"Its integrations with third-party SIEMs can be better. That is one of the things that we discussed with them."
"There are a couple of the difficulties we encounter in the realm of cybersecurity, or security as a whole, that relate to potentially limited clarity. Having the capacity to perceive the configuration aspect and having the ability to contribute to it holds substantial advantages, in my view. It ranks high, primarily due to its role in guaranteeing compliance and the potential to uncover vulnerabilities, which could infiltrate the system and introduce potential risks. I had been exploring a specific feature that captured my interest. However, just yesterday, I participated in a product update session that announced the imminent arrival of this feature. The feature involves real-time alerting. This was something I had been anticipating, and it seems that this capability is now being integrated, possibly as part of threat intelligence. While anomaly events consistently and promptly appear in the console, certain alerts tend to experience delays before being displayed. Yet, with the recent product update, this issue is expected to be resolved. Currently, a comprehensive view of all policies is available within the console. However, I want a more tailored display of my compliance posture, focusing specifically on policies relevant to me. For instance, if I'm not subject to HIPAA regulations, I'd prefer not to see the HIPAA compliance details. It's worth noting that even with this request, there exists a filtering mechanism to control the type of compliance information visible. This flexibility provides a workaround to my preference, which is why it's challenging for me to definitively state my exact request."
More Lacework FortiCNAPP cons
"The only minor issue is occasionally being redirected to multiple teams, causing slight delays."
"Some areas that would be helpful are more comprehensive tagging and the ability to set up better dynamic rules."
"We have had challenges modifying the agent configuration. Particularly, when we want to change the tenant that the agent is pointing to, we have had difficulties making that reliable and working properly."
"In my opinion, the area that needs improvement is the role-based access control (RBAC). The access privilege management needs to be more robust and streamlined to enhance user access management. Additionally, improvements to the user interface could be beneficial."
"In our reporting, we faced a challenge syncing with cloud devices."
"The UI needs improvement as it can become overwhelming after prolonged use."
"Currently, whenever the agent is running, it consumes over ten percent of my CPU, indicating that CPU consumption is another area Qualys needs to address."
"The Qualys CAPS service requires further exploration and improvement, particularly in its handling of protocols and reactivity with MAC and IP addresses for CAP agents."
More Qualys CyberSecurity Asset Management cons
 

Pricing and Cost Advice

Information not available
"The pricing has gotten better. That scenario was somewhat unstable. They have a rather interesting licensing structure. I believe you get 200 resources per "Lacework unit." It was difficult, in the beginning, to figure out exactly what a "resource" was... That was a problem until about a year or so ago. They have improved it and it has stabilized quite a bit."
"The licensing fee was approximately $80,000 USD, per year."
"My smaller deployments cost around 200,000 a year, which is probably not as expensive as Wiz."
"It is slightly expensive. It depends on how big your environment is, but it is expensive. Right now, we are spending a lot of money. We have covered all of the cloud providers and most of our colocation facilities as well, so we cannot complain, but it is slightly expensive. It is not super expensive."
"Qualys offers excellent value for money."
"The pricing for Qualys CSAM is nominal."
"The cost for Qualys CyberSecurity Asset Management is high."
"The Qualys Cybersecurity Asset Management pricing is well-aligned with our usage."
"The pricing is fair. I would love to see the price come down a little bit, but we do get a lot of value out of it. We are squeezing every ounce of value we can out of the tool."
"It is cost-effective because, in a single tool, we are getting everything. All the solutions come in a single license or price."
"Qualys CyberSecurity Asset Management can be expensive, especially if we already have VMDR."
"Though the solution is considered expensive, if bundled with other services such as VMDR or cloud agents, its value would significantly increase. It is currently a bit costly, but with bundling, it could become attractive to more customers."
More Qualys CyberSecurity Asset Management pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Vulnerability Management solutions are best for your needs.
See recommendations
845,406 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
13%
Financial Services Firm
12%
Manufacturing Company
6%
Retailer
6%
Computer Software Company
18%
Financial Services Firm
13%
Manufacturing Company
7%
Healthcare Company
6%
Computer Software Company
22%
Financial Services Firm
14%
Government
9%
Retailer
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

What is your experience regarding pricing and costs for Zafran Security?
Pricing for Zafran Security is not expensive. We have a contract for five years, and the cost is lower than other too...
See all answers
What needs improvement with Zafran Security?
I would like to see an integration with Check Point firewalls. It's essential for us and they are currently working o...
See all answers
What is your primary use case for Zafran Security?
We use Zafran Security for threat prioritization. We establish priority to understand which risks should be patched o...
See all answers
What do you like most about Lacework?
Polygraph compliance is a valuable feature. In our perspective, it delivers significant benefits. The clarity it offe...
See all answers
What is your experience regarding pricing and costs for Lacework?
My smaller deployments cost around 200,000 a year, which is probably not as expensive as Wiz.
See all answers
What needs improvement with Lacework?
The solution lacks a cohesive data model, making extracting the necessary data from the platform challenging. It uses...
See all answers
What is your experience regarding pricing and costs for Qualys CyberSecurity Asset Management?
The pricing is reasonable relative to the features provided, as it collects all module data and operates as a main, c...
See all answers
What needs improvement with Qualys CyberSecurity Asset Management?
Qualys is continually developing, adding new features each year. Previously, there was no on-demand scan feature in a...
See all answers
What is your primary use case for Qualys CyberSecurity Asset Management?
I have been working with Qualys for approximately two and a half years. I have used this module to manage security po...
See all answers
 

Comparisons

Dazz.io vs Zafran Security Logo
Dazz.io vs Zafran Security
Compared 53% of the time
Vulcan Cyber vs Zafran Security Logo
Vulcan Cyber vs Zafran Security
Compared 21% of the time
ServiceNow Security Operations vs Zafran Security Logo
ServiceNow Security Operations vs Zafran Security
Compared 16% of the time
Tenable Vulnerability Management vs Zafran Security Logo
Tenable Vulnerability Management vs Zafran Security
Compared 10% of the time
More Zafran Security Competitors
Wiz vs Lacework FortiCNAPP Logo
Wiz vs Lacework FortiCNAPP
Compared 24% of the time
Prisma Cloud by Palo Alto Networks vs Lacework FortiCNAPP Logo
Prisma Cloud by Palo Alto Networks vs Lacework FortiCNAPP
Compared 17% of the time
AWS GuardDuty vs Lacework FortiCNAPP Logo
AWS GuardDuty vs Lacework FortiCNAPP
Compared 8% of the time
Aqua Cloud Security Platform vs Lacework FortiCNAPP Logo
Aqua Cloud Security Platform vs Lacework FortiCNAPP
Compared 5% of the time
Tenable Cloud Security vs Lacework FortiCNAPP Logo
Tenable Cloud Security vs Lacework FortiCNAPP
Compared 4% of the time
More Lacework FortiCNAPP Competitors
Amazon Inspector vs Qualys CyberSecurity Asset Management Logo
Amazon Inspector vs Qualys CyberSecurity Asset Management
Compared 15% of the time
Armis vs Qualys CyberSecurity Asset Management Logo
Armis vs Qualys CyberSecurity Asset Management
Compared 13% of the time
Microsoft Defender External Attack Surface Management vs Qualys CyberSecurity Asset Management Logo
Microsoft Defender External Attack Surface Management vs Qualys CyberSecurity Asset Management
Compared 11% of the time
CrowdStrike Falcon vs Qualys CyberSecurity Asset Management Logo
CrowdStrike Falcon vs Qualys CyberSecurity Asset Management
Compared 8% of the time
Cortex Xpanse vs Qualys CyberSecurity Asset Management Logo
Cortex Xpanse vs Qualys CyberSecurity Asset Management
Compared 3% of the time
More Qualys CyberSecurity Asset Management Competitors
 

Product Reports

Buyer's Guide
Continuous Threat Exposure Management (CTEM)
March 2025
Zafran Security reportDownload Zafran Security product report
Buyer's Guide
Lacework FortiCNAPP
March 2025
Lacework FortiCNAPP reportDownload Lacework FortiCNAPP product report
Buyer's Guide
Qualys CyberSecurity Asset Management
March 2025
Qualys CyberSecurity Asset Management reportDownload Qualys CyberSecurity Asset Management product report
 

Also Known As

No data available
Polygraph, FortiCNP
No data available
 

Overview

Zafran Security integrates with existing security tools to identify and mitigate vulnerabilities effectively, proving that most critical vulnerabilities are not exploitable, optimizing threat management.

Zafran Security introduces an innovative operating model for managing security threats and vulnerabilities. By leveraging the threat exposure management platform, it pinpoints and prioritizes exploitable vulnerabilities, reducing risk through immediate remediation. This platform enhances your hybrid cloud security by normalizing vulnerability signals and integrating specific IT context data, such as CVE runtime presence and internet asset reachability, into its analysis. No longer reliant on patch windows, Zafran Security allows you to manage risks actively.

What are the key features of Zafran Security?

  • Threat Exposure Management: Utilizes existing tools to prioritize vulnerabilities and manage threats.
  • Integrative Analysis: Combines security data with IT context for precise vulnerability management.
  • Real-time Risk Reduction: Enables immediate risk management without waiting for patches.
  • Hybrid Cloud Compatibility: Functions across diverse cloud environments for comprehensive security.

What benefits can users expect from Zafran Security?

  • Improved Security: Enhances protection by efficiently identifying and mitigating risks.
  • Cost Efficiency: Reduces unnecessary patching expenses by confirming non-exploitable vulnerabilities.
  • Time Savings: Frees developers to focus on root causes by handling immediate threats.
  • Comprehensive Insight: Offers a holistic view of security threats and vulnerabilities.

In industries where security is paramount, such as finance and healthcare, Zafran Security provides invaluable protection by ensuring that only exploitable vulnerabilities are addressed. It allows entities to maintain robust security measures while allocating resources efficiently, fitting seamlessly into existing security strategies.

Zafran Security

Lacework FortiCNAPP provides robust cloud security, combining vulnerability management and multi-cloud insight with user-friendly controls, machine learning detection, and compliance support.

Lacework FortiCNAPP specializes in cloud security by merging machine learning anomaly detection with agent-based vulnerability management to offer detailed alerts and compliance reports. Its comprehensive approach allows continuous monitoring across AWS and Kubernetes, providing insights from an attacker's perspective. The platform offers automation and seamless Slack integration, facilitating collaborative and efficient cloud security management. Users value its ability to handle multi-cloud environments and scan IAC scripts, configurations, and compute nodes across AWS and GCP.

What are the key features?
  • Machine Learning Detection: Identifies anomalies effectively.
  • Compliance Reports: Provides precise compliance documentation.
  • Vulnerability Management: Supports agent-based vulnerability assessments.
  • Multi-Cloud Support: Manages and secures across multiple cloud providers.
  • Automation and Collaboration: Enables integration with Slack for streamlined communication.
  • Custom Alerts: Allows creation of personalized alerts for better focus.
What benefits do users expect?
  • Reduced Alert Noise: Minimizes distractions with filtered alerts.
  • Efficient Cloud Security: Automates processes for enhanced security management.
  • Collaboration Support: Integrates with tools like Slack.
  • Insightful Perspective: Provides insight from an attacker's viewpoint.

Organizations across sectors leverage Lacework FortiCNAPP for cloud security, focusing on compliance, security posture, and vulnerability management. It is widely used for monitoring AWS and Kubernetes environments, scanning IAC scripts, configurations, and securing compute nodes. It supports multi-cloud security posture management and log ingestion, enabling companies to maintain strong cloud infrastructures without dedicated security layers.

Fortinet

Qualys CyberSecurity Asset Management provides advanced real-time asset visibility, dynamic tagging, and External Attack Surface Management. It streamlines asset discovery and management using cloud agents and IP-based scanning, enhancing risk management and software lifecycle tracking.

Qualys CyberSecurity Asset Management offers a comprehensive solution for managing asset inventories and tracking software lifecycle states. It facilitates network visibility and supports zero-day vulnerability solutions, enhancing security posture through efficient monitoring. Users benefit from its cloud-based interface, which provides in-depth asset configurations and insights. Key features include automated vulnerability scanning and unauthorized software management, reducing manual efforts. The platform also emphasizes the importance of timely remediation and ongoing risk mitigation across multiple environments. Despite its strengths, users note the need for enhanced integration with additional CMDBs beyond ServiceNow, as well as cost efficiency improvements. Requests also include better report customization, more scan control, and a simplified UI.

What are the key features of Qualys CyberSecurity Asset Management?
  • Real-time Visibility: Offers continuous insight into asset status and condition.
  • Dynamic Tagging: Allows for flexible organization and assessment of assets.
  • External Attack Surface Management: Identifies potential threats from external sources.
  • Automated Vulnerability Scanning: Reduces manual scanning efforts and identifies vulnerabilities instantly.
  • Unauthorized Software Management: Detects and manages software not approved for use.
  • Asset Purge Rule: Automates the removal of obsolete assets from the inventory.
What benefits should users look for in reviews?
  • Enhanced Security Posture: Gains stronger defense through effective asset monitoring.
  • Efficient Risk Management: Identifies threats quickly, enabling timely resolutions.
  • Improved Compliance: Assists in meeting industry standards and regulations.
  • Reduced Manual Effort: Automates repetitive tasks, saving time and resources.
  • Comprehensive Insight: Provides detailed data for informed decision making.

In industries like finance, healthcare, and manufacturing, Qualys CyberSecurity Asset Management enhances asset control by offering visibility into hardware and software configurations. It aids in maintaining security compliance and identifying unauthorized software, crucial for sectors with strict regulatory requirements.

Qualys
 

Sample Customers

Information Not Available
J.Crew, AdRoll, Snowflake, VMWare, Iterable, Pure Storage, TrueCar, NerdWallet, and more.
Information Not Available
Buyer's Guide
Lacework FortiCNAPP vs. Qualys CyberSecurity Asset Management
March 2025
Free Report: Lacework FortiCNAPP vs. Qualys CyberSecurity Asset Management
Find out what your peers are saying about Lacework FortiCNAPP vs. Qualys CyberSecurity Asset Management and other solutions. Updated: March 2025.
DOWNLOAD NOW
845,406 professionals have used our research since 2012.
See our Lacework FortiCNAPP vs. Qualys CyberSecurity Asset Management report.
See our list of best Vulnerability Management vendors.

We monitor all Vulnerability Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.