FortiCNAPP Reviews

We use Lacework for cloud security.

The ability to collect the information, analyze it, and then correlate it against the configured policy has helped us. It is easily integrated with security frameworks such as AWS, and CIS benchmarks.

Lacework, by its nature, maintains a low level of noise. Through its intelligent backend data aggregation and correlation, it effectively minimizes less relevant alerts, and instead alert on crucial matters or authentic instances of behavioral risks and concerns. However, what stands out is that having the capability to review configurations empowers us to enact adjustments internally, possibly resulting in a reduction of alerts needing attention.

Cloud Security Management is a valuable feature. In our perspective, it delivers significant benefits. The clarity it offers, along with the ability to identify misconfigurations, is invaluable. When such issues arise, we promptly acknowledge and take action, effectively collaborating with our teams and the responsible parties for those assets. This enables us to promptly manage problems as soon as they arise.               

Lacework ranks high, primarily due to its role in alerting on unexpected behavior,  potential vulnerabilities, and misconfiguration against policies. 

Currently, a view of all policies is available within the console. However, At some point in the past, I wanted a more tailored display of my compliance posture, focusing specifically on policies relevant to me. For instance, if I'm not subject to HIPAA regulations, I'd prefer not to see the HIPAA compliance details. It's worth noting that even with this request, there exists a filtering mechanism to control the type of compliance information visible. This flexibility provides a workaround to my preference, which is why it's challenging for me to definitively state my exact improvement request.

I have been using Lacework for two years. 

Its a matter of forwarding logs and data for ingestion. The solution can be scaled based on needs to c 

The support is quite good. We encountered an issue when attempting to integrate Alerting Channels. Specifically, we aimed to send alerts to our communication platform, but encountered an issue that hindered this process. I submitted a request, and the response was swift. The support team addressed the matter promptly, resulting in an immediate resolution. 

Positive

I have not seen many other similar solutions. I have a genuine appreciation for Lacework. Comparing it to other products wouldn't be equitable, as my experience with those alternatives is limited. Thus, it wouldn't be justifiable to make a definitive judgment about one product being superior to Lacework or vice versa. I can affirm, however, that Lacework is highly commendable and is delivering substantial benefits for our needs.

It is deployed on the cloud. Regarding maintenance, certain tasks must be done, including policy maintenance and alert review. However, beyond these responsibilities, there's not much to manage, given its complete Software as a Service (SaaS) nature. There's no need for involvement in tasks like storage management or endpoint maintenance.

I believe that quantifying the tangible gains from deploying a security solution is a challenge. Especially in the realm of security, the implemented solutions work to avert potential significant losses that might be hard to measure. The return on investment is evident in the form of enhanced security and prevention of major security incidents. While the value gained isn't easily quantifiable in a monetary sense, it's clear that the expense is justified. Essentially, purchasing and implementing such solutions incurs a cost without direct monetary returns. However, if we were without such solutions, the alternative would involve hiring additional staff, particularly SOC engineers, to manage anomalies, issue investigations, and alert correlation. 

The overall solution can be rated 10 out of 10.

I would recommend that while utilizing the product, it's vital to actively engage in configuring your environment appropriately and adopting the right procedures, both technical and administrative. This approach ensures the realization of value from Lacework or any security solution.

Lacework is a cloud security platform. We have multiple cloud providers, and we're ingesting the logs from each. About six people at my company use Lacework. 

Lacework provides a good overview of our security posture. We also use the Kubernetes agent because our software is a Kubernetes-based application. The Lacework polygraph offers nice visibility into the workloads on Kubernetes.

There are no applications out there that let you look at the workload in Kubernetes from the cluster to the namespace, pod, and images. From that image, you can see any connections going out. 

The most valuable feature is Lacework's ability to distill all the security and audit logs. I recommend it to my customers. Normally, when I consult for other customers that are getting into the cloud, we use native security tools. It's more of a rule-based engine. 

They have to go in and put their policies in place. It's hard for them to implement that, especially if they don't have a real security team. The team's policymakers don't do anything. Lacework takes out all the noise and gives them bits of things that actually matter with the application after it learns the behavior.

Lacework lacks remediation features, but I believe they're working on that.  They're focused on the reporting aspect, but other features need to improve. They're also adding some compliance features, so it's not worth saying they need to get better at it.

Also, they do image scanning for security vulnerabilities. They would have a full cloud security package if they could compete with Snyk or Qualys by providing vulnerability scanning for VMs.

I've been affiliated with Lacework for three or four years.

I've never experienced an outage or a hangup or even anything in the UI that says, "Still processing, give us a moment." 

I rate Lacework 10 out of 10 for scalability. I haven't run into any scaling issues.

Lacework support is awesome. They get right back to me. The account guys are also superresponsive.

 I've used all the cloud platforms, including GCP and AWS, so we used CloudWatch and Security Command Center.

Setting up Lacework was straightforward. I've deployed it both ways. I did it manually, which took a little time to go through the documentation. I used Terraform scripts the second time. Deployment took me 15 minutes. It's on the cloud. I'm using Google and AWS. 

You get a return from Lacework.

Lacework's price isn't too bad. I would rate it seven out of 10 for affordability.

As a consultant, I've seen all the products, and I was working with Lacework when it came out. They only supported AWS at the time, so I didn't what they could do. I recommend Lacework to other customers because I have customers who generate 30,000 alerts daily on GCP. I recommended Lacework, and we ripped out Security Command Center. With Lacework, they were getting maybe 15 alerts instead of 25,000.

I'm a fan, so I rate Lacework 10 out of 10. I recommend implementing it immediately. If you have a security team writing rules and trying to enforce them the old-fashioned way, that's a lot of man-hours. If they were to have a breach, not only the security team would be impacted but also the administrators. They have to go through the logs and parse them to figure out how many things were touched. You have to look through the VMs, load balancers, and other pieces of the infrastructure. You would need to put it in a spreadsheet and write a script to go through it. It's a pain.

With Lacework, it's all there in one fell swoop, and you can go through all the logs. However, if you are a rules-based person, Lacework has the features to do that too. You can add some specific rules that aren't part of the normal CIS benchmarks and stuff that is already in the posture. You're getting scanned across the CIS benchmarks whether or not you implement them or not. You can also go in there and switch those values around to meet whatever your organizational goals are.

Lacework is a sales platform.

Because Kubernetes had a number of important processes that used EKS, we needed Lacework to protect the cloud environment in general and Kubernetes in particular. We required it to defend both the overall cloud posture and to offer protection. And then our container environment's detecting capabilities.

The best feature, in my opinion, is the ease of use. As well as some levels of machine learning anomaly detection that they have that can detect pivotal anomalies faster.

Visibility is lacking, and both compliance-related metrics and IAM security control could be improved. This is what Ermetic does. IAM security management controls, as well as detection of deviations and misconfigurations, are critical but not fully developed in Lacework.

There is no data governance or data visibility. It's a little bit different, in the vector of cloud security management, but Lacework does not yet support this.

I would like to see some sort of data mapping or detection. The ability to pinpoint the exact location of data. Something similar to what Flow Security is currently doing. And that is what some other companies are attempting to do with data detection capabilities. Cloud Data Detection.

I used Lacewok more than 12 months ago. I evaluated it a year and a half ago, I believe, approximately 15 months ago.

I am not sure of the exact version.

It was used in the AWS environment.

It appears to be functioning in terms of stability. 

The impression is less that it has a lot of false positives in terms of detection and capability. There are some detections that are not particularly accurate. This is the general perception regarding data models. It needs to be improved.

I didn't notice any scalability or people-related issues because it's not a platform for widespread use. 

If you try to populate a very large environment in Lacework and there is a lot of traffic, you may encounter some difficulties. 

The system may struggle, but users, or operators, are not supposed to seriously disrupt or interfere with the platform.

We didn't experience any problems.

This solution was used by no more than 20 people in our organization.

But it is rarely used. You are supposed to get alerts from it from other places, such as Select PagerDuty.

The SIM system. You are not supposed to use it continuously.

We contacted technical support briefly, but not too much. We contacted them during the initial integration phase, but after that, communication was minimal.

Technical support was fine.  I would rate them a four out of five.

Several other vendors approached us. Dome9, which Check Point purchased, and Cloud Guard were both used in the past. However, when we decided to relocate, I believe I met some Lacework employees at a conference. And after reviewing the solution, we made the decision to put it to try.

They are starting to use Ermetic .

The initial setup is relatively straightforward.

The deployment was completed in two weeks. You will then have some additional time to configure everything.

We purchase the license here. 

The licensing fee was approximately $80,000 USD, per year.

There may be some discounts available. However, it is a one-time fee with no additional charges.

Currently, it is determined by your capabilities and the size of your environment.

In general, I would not recommend Lacework right now. There are more mature solutions that would be a better fit. 

It is very dependent on the specific environment in which you operate. Lacework isn't necessarily bad; it's just that the more mature solutions on the market have significantly more capabilities. Prisma Cloud, for example, or Rapid7 Clouds, I believe, have more capabilities and support. In the cloud environment, better support and different security use cases are available.

However, it is similar to the situation with automobiles. You are not required to drive a Ferrari. You could buy, a simpler car and seat it for your needs. It depends on what you want to accomplish.

I would rate Lacework an eight out of ten.

It has some technical capabilities, which are not bad, but it is currently lacking some technical features. It's also prone to false positives, which I believe is due to an over-reliance on some AI detection models. But the precision of those things isn't always good.