FortiCNAPP Reviews & Product Details

FortiCNAPP (formerly Lacework) is an AI-powered Cloud-Native Application Protection Platform that delivers unified security across your multi-cloud and hybrid environments. Built to protect the entire application lifecycle—from development to runtime—it combines posture management, workload protection, identity security, and threat detection into one integrated platform. By leveraging machine learning and behavioral analytics, FortiCNAPP helps security teams detect unknown threats, reduce noise, and accelerate response. Integrated with the Fortinet Security Fabric, it provides full-stack visibility across cloud, network, and endpoint environments—empowering teams to operate with confidence, reduce complexity, and scale securely.

Product Website

Seller

Fortinet

Discussions

FortiCNAPP Community

Languages Supported

English

Product Description

FortiCNAPP is a comprehensive Cloud-Native Application Protection Platform (CNAPP) that consolidates Cloud Security Posture Management (CSPM), Cloud Workload Protection (CWPP), Cloud Infrastructure Entitlement Management (CIEM), Kubernetes security, and compliance into a single solution. Using AI-based anomaly detection and behavioral analytics, FortiCNAPP continuously monitors cloud environments to identify misconfigurations, vulnerabilities, and active threats in real time. The platform supports agentless and agent-based deployment models, ensuring flexible coverage across diverse architectures. FortiCNAPP also integrates with the Fortinet Security Fabric, correlating cloud data with network and endpoint insights from FortiGuard, FortiSOAR, and more, delivering full-stack threat context, faster remediation, and unified risk management.

Overview by

Frederick Harris

Value at a Glance

Averages based on real user reviews.

Time to Implement

2 months

View More Pricing Information

FortiCNAPP Integrations

(8)

Verified by FortiCNAPP

FortiCNAPP Media

This is the first view someone sees when entering the Polygraph Data Platform. From the dashboard, you can see total alerts by severity, newly detected vulnerabilities, cloud compliance by provider, and more.

FortiCNAPP Demo - High-Severity Event Card

This screenshot is of an event card associated with a Critical alert. From this card, we can determine that this alert was triggered by an anomalous activity, that it's internet exposed, and that it's already connected to a Jira ticket (LWAL-3955) for remediation. You can also explore why the ale...

FortiCNAPP Demo - High-Severity Event Polygraph Visualization

Within every event card is a visualization, mapping out the exposure path. Here, we see that the initial Critical alert mentioned in the previous screenshot (a bad external host connection) stemmed from a log4j vulnerability.

FortiCNAPP Demo - Environment-wide Polygraph Visualization

At any point, users can get a view of all application communications across an entire cloud environment, over a set period of time. In this situation, we can see how a known bad IP address connected to multiple cloud properties, including the log4j vulnerability tied to the alert in the prior 2 s...

FortiCNAPP Demo - Vulnerability Dashboard

This screenshot shows the vulnerability dashboard, which provides both a high-level view of all containers scanned and active vulnerabilities present along with the specifics for each image — which can be further explored for more information.

From the Compliance dashboard, users can get a view of compliance standing for all connected cloud accounts. This scenario shows 4 total cloud accounts across AWS, Google Cloud, and Microsoft Azure.

Introducing Fortinet's Lacework FortiCNAPP, the most comprehensive cloud-native application protection platform available. Lacework FortiCNAPP helps quickly manage risk, rapidly detect, and respond to active threats.

Official Downloads

(3)

edit

The CISO Playbook for Cloud Security

CNAPP For Dummies

Interactive Demo

edit

Try an interactive demo created by the software seller (right here on G2).

Try demo

G2 reviews are authentic and verified.

Here's how.

Mohim A.

Security Specialist

Mid-Market (51-1000 emp.)

6/11/2024

"Amazing Product To Find Out Hidden Vulnerability on Cloud"

5/5

What do you like best about FortiCNAPP?

Saves a lot of time to find out something unusual which is not possible with manual finding on cloud Review collected by and hosted on G2.com.

What do you dislike about FortiCNAPP?

Less integration on Azure I would say but recently they made good progress on it Review collected by and hosted on G2.com.

Martyn T.

Security Operations Team Lead

Mid-Market (51-1000 emp.)

1/24/2023

"Everyone needs Lacework!"

5/5

What do you like best about FortiCNAPP?

Central, multi-purpose but single pane of glass technoogy, covering esstentail and deep dive information about cloud based technologies such AWS, delivering comprechensive security insights, best practices and actionable itesms supported by risk based approach.

The communocation with support teams acc mamangers etc are flowless and immediate enhancoing the entire experience. Review collected by and hosted on G2.com.

What do you dislike about FortiCNAPP?

Some of the elements about the product documentation are still a bit lacking and could have been improved Review collected by and hosted on G2.com.

What problems is FortiCNAPP solving and how is that benefiting you?

Cloud security observability and consolidation of technologies into one reliable technology. Reduction in waiting times for support responses and continiuots expansion of capabilites. Allow for instant assesment of cloud posture and immediate actioning with well defined and structed data at glance. Review collected by and hosted on G2.com.

Verified User in Information Technology and Services

Enterprise (> 1000 emp.)

5/23/2024

"Great Product and outstanding customer experience!"

4/5

What do you like best about FortiCNAPP?

The customer experience is outstanding, whenever a question comes up the team is always quick to get back with a response. The tooling works as expected and provides what the data in a way that is easy to manage. Review collected by and hosted on G2.com.

What do you dislike about FortiCNAPP?

The interface can be a little bit overwhelming at first, this is normal for most new tools though. It does also feel cluttered if you are sure exactly where to look. API bottlenecking does occur every so often. Review collected by and hosted on G2.com.

Verified User in Information Technology and Services

Mid-Market (51-1000 emp.)

3/1/2024

"Lacework provides us insight in a systematic way"

4.5/5

What do you like best about FortiCNAPP?

My team utilised Lacework to achieve our SOC2 compliance goals. It provides insight into our security posture and automates some of our SOC 2 control testing. I rely on Lacework for quarterly KPI report generation and regular control testing evidence. From a users perspective it is easy to use, and provides quick overviews of the different environments that are in scope. Review collected by and hosted on G2.com.

What do you dislike about FortiCNAPP?

I think the reporting for audit purposes could be improved. It would be useful if the report for SOC2 would be more visual, for regular KPI reporting, if they would include management friendly charts and an executive summary. It would also be useful if I could generate reports for a bundle of environments - for example, bundle up multiple in-scope AWS enronments and see the overall status for SOC2 compliance. Review collected by and hosted on G2.com.

Response from Emily Chin of FortiCNAPP

edit

We appreciate you taking the time to leave us a review and for your feedback on the reporting capabilities. The team will be introducing a new set of visuals and graph trends to the expanded dashboards releasing soon. We hope to migrate many of these visuals to our overview pages and report templates. Should you wish to speak further about your experience with reporting, the team welcomes the opportunity to discuss. You can email me anytime at emily.chin@lacework.net.

Verified User in Financial Services

Small-Business (50 or fewer emp.)

5/22/2024

"Good product, UX needs polishing"

4/5

What do you like best about FortiCNAPP?

It's great to have insights about network connectivity, TCP connections, being able to search for applications and domains that are being used/contacted accross the environment. I like how we can create custom detections and how alerts correlate. Review collected by and hosted on G2.com.

What do you dislike about FortiCNAPP?

User experience is not the most intuitive, some things appear to be clickable while they're not, the table view doesn't allow sorting and pagination makes the information harder to read. The fact that Lacework captures the internal hostname of a machine makes it hard to find by asset name (for example, not being able to catch the name assigned in AWS) so it makes the search function harder to use. The polygraph makes sense but it can get crowded hence making the view useless. Review collected by and hosted on G2.com.

Verified User in Transportation/Trucking/Railroad

Enterprise (> 1000 emp.)

5/29/2024

"I think it is a good tool to maintain security"

4/5

What do you like best about FortiCNAPP?

I really like the way the tool manages alerts so that every time a security alert arrives I can manage it and maintain a secure environment. Review collected by and hosted on G2.com.

What do you dislike about FortiCNAPP?

I use the tools to maintain security on AWS and from my use I have not found anything really wrong with it. The interface is very well thought out and is easy and intuitive. As a possible improvement we could consider adding more closing cases when closing an alert. Review collected by and hosted on G2.com.

Ilan B.

CTO

Mid-Market (51-1000 emp.)

5/22/2024

"Lacework provides excellent insights into our infrastructure configuration and compliance"

5/5

What do you like best about FortiCNAPP?

I like the monitoring aspects, the integration with ticket systems such as JIRA and the ease by which we can access information about how to resolve out of compliance issues. Review collected by and hosted on G2.com.

What do you dislike about FortiCNAPP?

I think that as the platform is evolving its challenging to keep up with the changes and updates unless you are working with it all the time. Review collected by and hosted on G2.com.

Response from Emily Chin of FortiCNAPP

edit

Thanks for sharing your thoughts on our platform, IIan. Hearing that you find our monitoring capability and Jira integration helpful is awesome. I'd love to hear more about the features you're looking for and the integrations your team needs. Please reach out to me directly at emily.chin@lacework.net.

Verified User in Financial Services

Mid-Market (51-1000 emp.)

11/1/2023

"Using Lacework as a single pane of glass for CNAPP, Container vulnerabilities and infracode"

4.5/5

What do you like best about FortiCNAPP?

- Easy to implement and add new clusters / resources

- Ease of use on the UI to find issues or items

- integration with other tools and adding to workflows

- new features are always being added Review collected by and hosted on G2.com.

What do you dislike about FortiCNAPP?

- Search should be based on Natural Language processing so we can query in plain English instead of LQL

- more robust APIs to integrate to CI/CD - right now we have to work around the API to search for latest scans Review collected by and hosted on G2.com.

Verified User in Financial Services

Mid-Market (51-1000 emp.)

6/28/2023

"So far, so good."

3.5/5

What do you like best about FortiCNAPP?

It's very useful to have all my alerts showing up in one place, with filters provided to make sure I'm seeing what I want to see. The alerts are comprehensive and beneficial, giving me a great at-a-glance understanding of what's going on. Review collected by and hosted on G2.com.

What do you dislike about FortiCNAPP?

It has been slightly difficult to filter out noise. It seems to require more effort on my end to ensure that devices and networks are configured to eliminate this. It would be nice to see more ways to filter that out from within Lacework itself. Review collected by and hosted on G2.com.

Verified User in Financial Services

Mid-Market (51-1000 emp.)

6/14/2024

"Cloud Security Management simplified"

4.5/5

What do you like best about FortiCNAPP?

Its diverse service offerings and ability to adapt to market needs - it's like the swiss army knife of cloud security tools, allowing us to consolidate different functions and needs all in one place Review collected by and hosted on G2.com.

What do you dislike about FortiCNAPP?

Account management team has seen some flux in the last year Review collected by and hosted on G2.com.