Lacework (now FortiCNAPP)

Lacework, now rebranded as FortiCNAPP, is an enterprise-grade AI-powered Cloud-Native Application Protection Platform (CNAPP) in the cloud security category that provides behavioral threat detection, compliance automation, and vulnerability management, with custom pricing typically starting in the mid-five-figure annual range for mid-market deployments. Originally founded in 2015 and acquired by Fortinet in 2024 for an undisclosed sum following $1.3 billion in total venture funding, the platform pioneered the use of machine learning and behavioral analytics to automatically baseline normal cloud activity and detect anomalies indicative of threats. The Polygraph Data Platform ingests over 750 billion cloud events daily across customer environments, building behavioral models for every entity — users, processes, containers, and network flows — to surface deviations that rule-based systems miss entirely.

The platform consolidates five core cloud security disciplines into a single solution: Cloud Security Posture Management (CSPM), Cloud Workload Protection (CWPP), Cloud Infrastructure Entitlement Management (CIEM), Kubernetes security, and vulnerability management. This unified approach replaces an average of 3–5 point security tools for enterprise customers, reducing tool sprawl and the associated licensing and integration overhead. FortiCNAPP supports over 150 prebuilt compliance frameworks and policy packs — including PCI DSS 4.0, HIPAA, SOC 2 Type II, NIST 800-53, and CIS Benchmarks — enabling continuous compliance evidence collection that organizations report cuts audit preparation effort by more than half compared to manual processes.

FortiCNAPP provides both agentless scanning via cloud API integrations across AWS, Azure, GCP, and Oracle Cloud Infrastructure, and optional lightweight eBPF-based agents for deeper runtime workload visibility. The agentless approach enables deployment across hundreds of cloud accounts within hours rather than weeks, while the agent-based option delivers sub-second runtime threat detection for critical workloads. The platform's attack path analysis engine correlates vulnerabilities, misconfigurations, overprivileged identities, and network exposure to identify the approximately 2–4% of issues that form genuinely exploitable attack chains, allowing security teams to focus remediation on the exposures that matter most.

Following Fortinet's 2024 acquisition, the platform has been integrated into the Fortinet Security Fabric, enabling correlation of cloud workload telemetry with network and endpoint security data from FortiGate (deployed by over 700,000 customers globally), FortiEDR, and FortiAnalyzer. This integration provides unified visibility from network edge to cloud workload, a capability unique among CNAPP vendors. Fortinet, publicly traded on NASDAQ as FTNT with over 10,000 employees, reported $5.3 billion in annual revenue in fiscal 2023, providing long-term product stability and R&D investment backing for the FortiCNAPP platform.