Lacework FortiCNAPP Reviews

We use it for monitoring of security vulnerabilities in the cloud.

Lacework has given us more information to use. We have more visibility into the whole pie, instead of just pieces. It has also helped us save time when it comes to manual compliance tasks.

It's also given us information on vulnerabilities, made us more aware of them, and helped us to know where to focus.

The most valuable aspects are 

• identifying vulnerabilities, things that are out there that we aren't aware of
• finding what path of access attackers could use
• being able to see open SSL or S3 buckets and the like.

For detecting anomalous activities, as well as known threats, it's good. It is definitely a decent platform for doing that. It is also good for helping us see our environment from an attacker’s perspective.

It also does a good job of continuously monitoring configurations. You can set up alerts around that monitoring and know whether or not there have been any kinds of changes. It's good, especially with automation. The way that things are happening in the cloud, there is a need for security teams to see vulnerabilities as they come up and address them as quickly as possible.

When it comes to helping us view the environment from an attacker’s perspective, I would like to see more work on their side to make that more descriptive, more usable in that context; to make it more obvious. There are a lot of things within the data that they provide but, unfortunately, it's not easily understood at first look.

It's a decent platform, but it's a little complicated and not very intuitive. They need to make things a little simpler to understand so that we can create actionable items. 

Also, Lacework has not reduced the number of alerts we get. We've actually had to add resources as a result of using it because the application requires a lot of people to understand it to get the value out of it properly.

Another point is that we have found that the scanning of some of our AWS instances is extremely slow and that has been a big challenge in our organization.

We've been using Lacework for about a year.

It seems to be pretty stable.

I haven't contacted their tech support but, as a customer, we have.

We did not have a previous solution.

We have not really seen ROI. 

We're evaluating other solutions. There is a possibility we will switch from Lacework. 

Evaluate all other options to know what you are looking for, and you should already have a process in place to take findings from a particular platform and put them into actionable changes.

Lacework is a sales platform.

Because Kubernetes had a number of important processes that used EKS, we needed Lacework to protect the cloud environment in general and Kubernetes in particular. We required it to defend both the overall cloud posture and to offer protection. And then our container environment's detecting capabilities.

The best feature, in my opinion, is the ease of use. As well as some levels of machine learning anomaly detection that they have that can detect pivotal anomalies faster.

Visibility is lacking, and both compliance-related metrics and IAM security control could be improved. This is what Ermetic does. IAM security management controls, as well as detection of deviations and misconfigurations, are critical but not fully developed in Lacework.

There is no data governance or data visibility. It's a little bit different, in the vector of cloud security management, but Lacework does not yet support this.

I would like to see some sort of data mapping or detection. The ability to pinpoint the exact location of data. Something similar to what Flow Security is currently doing. And that is what some other companies are attempting to do with data detection capabilities. Cloud Data Detection.

I used Lacewok more than 12 months ago. I evaluated it a year and a half ago, I believe, approximately 15 months ago.

I am not sure of the exact version.

It was used in the AWS environment.

It appears to be functioning in terms of stability. 

The impression is less that it has a lot of false positives in terms of detection and capability. There are some detections that are not particularly accurate. This is the general perception regarding data models. It needs to be improved.

I didn't notice any scalability or people-related issues because it's not a platform for widespread use. 

If you try to populate a very large environment in Lacework and there is a lot of traffic, you may encounter some difficulties. 

The system may struggle, but users, or operators, are not supposed to seriously disrupt or interfere with the platform.

We didn't experience any problems.

This solution was used by no more than 20 people in our organization.

But it is rarely used. You are supposed to get alerts from it from other places, such as Select PagerDuty.

The SIM system. You are not supposed to use it continuously.

We contacted technical support briefly, but not too much. We contacted them during the initial integration phase, but after that, communication was minimal.

Technical support was fine.  I would rate them a four out of five.

Several other vendors approached us. Dome9, which Check Point purchased, and Cloud Guard were both used in the past. However, when we decided to relocate, I believe I met some Lacework employees at a conference. And after reviewing the solution, we made the decision to put it to try.

They are starting to use Ermetic .

The initial setup is relatively straightforward.

The deployment was completed in two weeks. You will then have some additional time to configure everything.

We purchase the license here. 

The licensing fee was approximately $80,000 USD, per year.

There may be some discounts available. However, it is a one-time fee with no additional charges.

Currently, it is determined by your capabilities and the size of your environment.

In general, I would not recommend Lacework right now. There are more mature solutions that would be a better fit. 

It is very dependent on the specific environment in which you operate. Lacework isn't necessarily bad; it's just that the more mature solutions on the market have significantly more capabilities. Prisma Cloud, for example, or Rapid7 Clouds, I believe, have more capabilities and support. In the cloud environment, better support and different security use cases are available.

However, it is similar to the situation with automobiles. You are not required to drive a Ferrari. You could buy, a simpler car and seat it for your needs. It depends on what you want to accomplish.

I would rate Lacework an eight out of ten.

It has some technical capabilities, which are not bad, but it is currently lacking some technical features. It's also prone to false positives, which I believe is due to an over-reliance on some AI detection models. But the precision of those things isn't always good.