FortiCNAPP Reviews & Product Details

FortiCNAPP (formerly Lacework) is an AI-powered Cloud-Native Application Protection Platform that delivers unified security across your multi-cloud and hybrid environments. Built to protect the entire application lifecycle—from development to runtime—it combines posture management, workload protection, identity security, and threat detection into one integrated platform. By leveraging machine learning and behavioral analytics, FortiCNAPP helps security teams detect unknown threats, reduce noise, and accelerate response. Integrated with the Fortinet Security Fabric, it provides full-stack visibility across cloud, network, and endpoint environments—empowering teams to operate with confidence, reduce complexity, and scale securely.

Product Website

Seller

Fortinet

Discussions

FortiCNAPP Community

Languages Supported

English

Product Description

FortiCNAPP is a comprehensive Cloud-Native Application Protection Platform (CNAPP) that consolidates Cloud Security Posture Management (CSPM), Cloud Workload Protection (CWPP), Cloud Infrastructure Entitlement Management (CIEM), Kubernetes security, and compliance into a single solution. Using AI-based anomaly detection and behavioral analytics, FortiCNAPP continuously monitors cloud environments to identify misconfigurations, vulnerabilities, and active threats in real time. The platform supports agentless and agent-based deployment models, ensuring flexible coverage across diverse architectures. FortiCNAPP also integrates with the Fortinet Security Fabric, correlating cloud data with network and endpoint insights from FortiGuard, FortiSOAR, and more, delivering full-stack threat context, faster remediation, and unified risk management.

Overview by

Frederick Harris

Value at a Glance

Averages based on real user reviews.

Time to Implement

2 months

View More Pricing Information

FortiCNAPP Integrations

(8)

Verified by FortiCNAPP

FortiCNAPP Media

This is the first view someone sees when entering the Polygraph Data Platform. From the dashboard, you can see total alerts by severity, newly detected vulnerabilities, cloud compliance by provider, and more.

FortiCNAPP Demo - High-Severity Event Card

This screenshot is of an event card associated with a Critical alert. From this card, we can determine that this alert was triggered by an anomalous activity, that it's internet exposed, and that it's already connected to a Jira ticket (LWAL-3955) for remediation. You can also explore why the ale...

FortiCNAPP Demo - High-Severity Event Polygraph Visualization

Within every event card is a visualization, mapping out the exposure path. Here, we see that the initial Critical alert mentioned in the previous screenshot (a bad external host connection) stemmed from a log4j vulnerability.

FortiCNAPP Demo - Environment-wide Polygraph Visualization

At any point, users can get a view of all application communications across an entire cloud environment, over a set period of time. In this situation, we can see how a known bad IP address connected to multiple cloud properties, including the log4j vulnerability tied to the alert in the prior 2 s...

FortiCNAPP Demo - Vulnerability Dashboard

This screenshot shows the vulnerability dashboard, which provides both a high-level view of all containers scanned and active vulnerabilities present along with the specifics for each image — which can be further explored for more information.

From the Compliance dashboard, users can get a view of compliance standing for all connected cloud accounts. This scenario shows 4 total cloud accounts across AWS, Google Cloud, and Microsoft Azure.

Introducing Fortinet's Lacework FortiCNAPP, the most comprehensive cloud-native application protection platform available. Lacework FortiCNAPP helps quickly manage risk, rapidly detect, and respond to active threats.

Official Downloads

(3)

edit

The CISO Playbook for Cloud Security

CNAPP For Dummies

Interactive Demo

edit

Try an interactive demo created by the software seller (right here on G2).

Try demo

G2 reviews are authentic and verified.

Here's how.

Noufissa A.

Cloud security engineer

Education Management

Small-Business (50 or fewer emp.)

5/30/2024

"We enhanced security and compliance"

4/5

What do you like best about FortiCNAPP?

I like Lacework because its interface is very intuitive and can plug directly into the tools we are already using, such as AWS and Azure. Many features that have proven to be a great benefit to our company include the real time threat detection, which gives alert and comprehensive report. Another thing that needs a mention is the customer support, the service is always willing to help with various problems. Lacework has more than likely helped save time in our security aspects. Review collected by and hosted on G2.com.

What do you dislike about FortiCNAPP?

A disadvantage of Lacework is that it can be somewhat complicated to set up at the beginning. This consumed more time and resources that could have been used in our work thus affecting it. Also the number of features available can be quite confusing and may take time to get used to, thus reducing the initial productivity rates. However, after some time, it was possible to notice the features that made the software useful. Review collected by and hosted on G2.com.

What problems is FortiCNAPP solving and how is that benefiting you?

Lacework has been helpful in improving the cloud security since it has helped in the identification of threats and other inconsistencies. It aids in the management of security in various clouds in order to enhance on the performance that we do in our task. The frequent alerts and the comprehensive reports are more helpful in detecting and correcting the problem before the breach can be made. This has assisted in this aspect of security and also created some space for other things as well. Review collected by and hosted on G2.com.

Verified User in Information Technology and Services

Enterprise (> 1000 emp.)

5/23/2024

"Good product but dont like the UI experience much"

3/5

What do you like best about FortiCNAPP?

Mainly like the different set of standards it provides like SOC2, PCIDSS, HIPAA etc. where we can generate reports directly against each compliance framework which is very helpful during an audit.

I really like the findings it provides using agents with our kubernetes platform where lacework can give us more granular findings on the container behavior in the platform where we struggled to find what was happening within the kubernetes infrastructure. Review collected by and hosted on G2.com.

What do you dislike about FortiCNAPP?

The dashboard is difficult to navigate, making it challenging to quickly find specific information or insights.

Also creating custom dashboards for our requirement is not straightforward.

Automation with the AWS control tower is not working time to time where they have not considered large scale setups where the architecture does not scale for hundreds of accounts migration. Review collected by and hosted on G2.com.

What problems is FortiCNAPP solving and how is that benefiting you?

We are very concerned about our compliance and governance in our platform and lacework provide us the tools to stay compliant and find any deviations

Also since we are currently migrating to kubernetes platform it provide necessary information on any issues inside the platform including the images it runs Review collected by and hosted on G2.com.

Md F.

Salesforce Developer

Enterprise (> 1000 emp.)

1/23/2025

"Platform is good"

4/5

What do you like best about FortiCNAPP?

Security container and Integration with 3rd party applications Review collected by and hosted on G2.com.

What do you dislike about FortiCNAPP?

Integration documentation not available widely Review collected by and hosted on G2.com.

Francesca D.

Cloud security analyst

Small-Business (50 or fewer emp.)

5/15/2024

"Our cloud data is strongly protected by this modern software"

4/5

What do you like best about FortiCNAPP?

The main feature of Lacework is its strong cloud security compared with others. The way it perfectly harmonizes with our cloud headings has made a tremendous impact in our cyber security. It enables us to uncover any activities instantly and conduct in-depth threat analysis, making us to be always in front of the possible threats. The AI-driven analytics are the source of good insights allowing early identification of the risk issues. Also the simplicity of its interface makes security management quick thus it boosts our team effectiveness. Review collected by and hosted on G2.com.

What do you dislike about FortiCNAPP?

Of course Lacework, without a doubt, also has some aspects where it could improve. Although it provides a great range of features, it is not as capable as certain other similar softwares. Although it is perfect on its main functions related to reporting, notifying anomalies, and impact scanning, sometimes we need such extra features that Lacework doesn't deliver. This restriction makes it necessary to find the circular solutions or integrate our system with other tools to meet all our needs, which increases the complexity of our process. Review collected by and hosted on G2.com.

What problems is FortiCNAPP solving and how is that benefiting you?

For us, the principal issue Lacework solves is the cloud infrastructure security vulnerabilities which increases business capacity remarkably. Before we had Lacework, we were dealing with the visibility problem of our cloud assets and also the control problem which exposed us to the risk of security breaches and compliance issues. We can now actively monitor and protect our cloud environment with Lacework, and prevent security incidents from happening while also meeting the requirements of regulatory compliance. Review collected by and hosted on G2.com.

Response from Emily Chin of FortiCNAPP

edit

We love the detailed feedback and are thrilled to hear that our features have positively impacted your cybersecurity efforts. Please reach out to me directly at emily.chin@lacework.net with any additional questions or details to share back with the team. Thank you so much.

Veeresh P.

Cloud Security Consultant

Enterprise (> 1000 emp.)

2/21/2024

"The best Cloud Security Assessment Tool"

4/5

What do you like best about FortiCNAPP?

We are the security consultants and we provide Lacework Tool as the Cloud Security Assessment Tool as a Service to the Customers.

Lacework has helped to find all the cloud misconfigurations as well as vulnerabilities in the azure,aws and gcp clouds. This tool also helps a lot as the security administrators as the tool is very easy to use and also generates very high level reports according the the CISO requirements.

The security administrators can easily find the vulnerabilities, and threats very easily by the lacework's best feature i.e Polygraph feature(also known as graphical/ flowchart view of the threats) which also helps in preventing the issue before happening.

We have already helped the customers in providing Lacework cloud Security Assessment service and they are pretty much satisfied.

The Customer Support is also very decent.

The one thing which I personally like is that Lacework always tries to expand new features in their tool. Review collected by and hosted on G2.com.

What do you dislike about FortiCNAPP?

1] The implementation as well as the Cloud Onboarding into Lacework Platform is very complex and it requires very high level of effort.

2] the Integration of the other security products such as SIEM, Tcketing Tools are also very complex process.

3] to generate cloud security alerts lacework requires some of the prerequisites of the cloud services.

example :- the get AWS Cloud Security Alerts in Lacework, the AWS Config Service must be enabled in the AWS Cloud. Review collected by and hosted on G2.com.

What problems is FortiCNAPP solving and how is that benefiting you?

1] We are using lacework as the Cloud Security Assessment Tool for the customers because they wants their Cloud to be assessed by the potential misconfigurations and vulnerabilities.

2] THe customers also wanted to assess their cloud containers and cloud kubernetes so we have used lacework and integrated their containers and kubernetes envirenment with lacework and lacework has totally nailed it in that.

3] one customer wanted their entire organization to be complied with the specific PCI-DSS and luckily their entire data is in the cloud. We have used lacework and it had helped that organizations to assess full PCI-DSS Compliance. Review collected by and hosted on G2.com.

Response from Emily Chin of FortiCNAPP

edit

We appreciate your detailed feedback on how Lacework has helped you.We’re pleased to hear that Lacework has effectively helped you manage cloud misconfigurations, vulnerabilities, compliance, and integrations with containers and Kubernetes environments.. We appreciate your insights on your implementation and integration, and would be happy to connect you directly with the team if we can further streamline your experience, please reach out any time! emily.chin@lacework.net

Verified User in Legal Services

Enterprise (> 1000 emp.)

5/30/2024

"Good product with high fidelity alerting"

4.5/5

What do you like best about FortiCNAPP?

Good UX and provides great visibility into cloud environments with intuitive and actionable insights. Also provides good contextual benefits for detections (events) that might amount to incidents, which is helpful if you need to triage and respond quickly. I also find the ability to easily deploy and integrate with various cloud services incredibly helpful for me and my team, especially when we're under tight time constraints to provide assurance back to the business on levels of visibility. Review collected by and hosted on G2.com.

What do you dislike about FortiCNAPP?

I think the ability to build out automation workflows for more granular types of alerting could be helpful for organisations that have Lacework but don't yet have a SIEM and/or SOAR platform. Review collected by and hosted on G2.com.

Verified User in Financial Services

Mid-Market (51-1000 emp.)

1/16/2025

"It used to best but not anymore!"

4/5

What do you like best about FortiCNAPP?

easy to implement.

Good with alert handling.

Vulnerability & compliance scanning Review collected by and hosted on G2.com.

What do you dislike about FortiCNAPP?

UI can be more user-friendly.

No free trails to educate new customers.

Can improve alert handling. Review collected by and hosted on G2.com.

Sergey M.

Security Engineering (Tools & Automations; Threat and Vulnerability Management)

Enterprise (> 1000 emp.)

5/28/2024

"Lacework CNAPP tool"

4/5

What do you like best about FortiCNAPP?

Easy to deploy and navigate. Clear CIS and SOC2 reoports. Deployment ahents to EC2 is simple with agent intregration into goldem AMI. Customer support ppl are always on time and helpfull. We are using Lacewirk daily on real time bu multile teams, starting with IR, CSPM, Vulnerabilities ... Review collected by and hosted on G2.com.

What do you dislike about FortiCNAPP?

We need to use third party tool to push auto remediation Review collected by and hosted on G2.com.

Verified User in Information Technology and Services

Mid-Market (51-1000 emp.)

5/24/2024

"Great to get up and running quickly; Difficult for advanced security teams to get details"

2/5

What do you like best about FortiCNAPP?

How fast it is to deploy, integrate and implement and start protecting the cloud. Contact with Customer support has been limited but positive to date. Review collected by and hosted on G2.com.

What do you dislike about FortiCNAPP?

How difficult it is to search, often involves just going to other products to find the logs and details for alerts. Has never produced a true positive, which is fine, but for AI it never seems to learn from it's mistakes. It feels just like I have outsourced my rules writing Review collected by and hosted on G2.com.

Mahir A.

SecOps Analyst

Mid-Market (51-1000 emp.)

6/3/2024

"Great Tool To Find Out Unusual Activity"

5/5

What do you like best about FortiCNAPP?

Saves so much time to analyze something & we found a lot alerts on the environment which was unlnown to us. Don't think manucally this is something can be found Review collected by and hosted on G2.com.

What do you dislike about FortiCNAPP?

Reporting might be sometimes confusing & lack of Azure integration but they are getting better Review collected by and hosted on G2.com.