Comprehensive analysis of Lacework (now FortiCNAPP)'s strengths and weaknesses based on real user feedback and expert evaluation.
Polygraph behavioral engine automatically baselines normal activity and surfaces anomalies without requiring teams to write and maintain detection rules, dramatically reducing tuning overhead
Unified CNAPP consolidates CSPM, CWPP, CIEM, Kubernetes security, and vulnerability management into a single platform, replacing multiple point tools and their separate licenses
Agentless cloud scanning provides rapid time-to-value across AWS, Azure, and GCP accounts, with deeper eBPF agent-based runtime protection available for critical workloads
Strong attack path analysis correlates vulnerabilities, misconfigurations, and identity risks to prioritize the handful of exposures that actually create exploitable chains
Post-acquisition integration with the Fortinet Security Fabric enables unified visibility between cloud workload telemetry and network/endpoint security data
Continuous compliance automation with prebuilt policy packs for PCI DSS, HIPAA, SOC 2, NIST, and CIS saves significant audit preparation effort
6 major strengths make Lacework (now FortiCNAPP) stand out in the data & analytics category.
Enterprise-only pricing with no published tiers or self-serve options makes it inaccessible for smaller teams and creates friction for evaluation
Brand transition from Lacework to FortiCNAPP has created documentation inconsistencies, confusion about product roadmap, and uncertainty for existing customers during integration
Initial deployment and onboarding across multi-cloud environments can be complex, particularly when tuning Polygraph baselines for noisy or highly dynamic workloads
Alert quality improves substantially after several weeks of behavioral learning, meaning early-stage detection can produce false positives before baselines stabilize
UI and query experience, while improved, still lags behind more recent CNAPP entrants like Wiz in terms of intuitive navigation and graph exploration
5 areas for improvement that potential users should consider.
Lacework (now FortiCNAPP) has potential but comes with notable limitations. Consider trying the free tier or trial before committing, and compare closely with alternatives in the data & analytics space.
If Lacework (now FortiCNAPP)'s limitations concern you, consider these alternatives in the data & analytics category.
AI-powered agentless cloud security platform that provides comprehensive vulnerability management and compliance monitoring across multi-cloud environments
Self-learning AI cybersecurity platform that creates an Enterprise Immune System, autonomously detecting and responding to sophisticated cyber threats without signatures or rules.
Lacework was acquired by Fortinet in 2024 and has been rebranded as FortiCNAPP. The underlying Polygraph Data Platform technology remains intact and continues to be developed, but it is now part of Fortinet's Security Fabric portfolio and is being integrated with other Fortinet products such as FortiGate, FortiEDR, and FortiAnalyzer.
Traditional tools rely on predefined rules and signatures that must be written and maintained by security teams. Lacework's Polygraph engine uses machine learning to automatically build behavioral baselines of every entity in your cloud — users, processes, containers, network flows — and detects deviations as potential threats. This catches zero-day attacks and insider threats that rule-based systems miss.
FortiCNAPP supports AWS, Microsoft Azure, Google Cloud Platform, and Oracle Cloud Infrastructure for cloud account scanning. For workloads, it protects Linux and Windows servers, Docker containers, Kubernetes clusters (including EKS, AKS, GKE, and self-managed), serverless functions, and IaC templates including Terraform, CloudFormation, and Kubernetes manifests.
Pricing is enterprise-only and quoted based on factors including cloud account count, workload volume (typically measured in monthly active resources or vCPUs), modules enabled, and contract length. There is no published price list or self-service tier. Most mid-market deployments start in the $50,000–$150,000 annual range, while large enterprise contracts with hundreds of cloud accounts and full module coverage typically reach $250,000–$500,000+ annually. Contact Fortinet sales for a custom quote and to request a proof-of-value engagement.
FortiCNAPP is not a replacement for a SIEM or traditional EDR. It is a cloud-focused CNAPP that covers cloud posture, workload, identity, and Kubernetes security. It complements SIEM platforms by forwarding high-fidelity cloud alerts, and under Fortinet it integrates tightly with FortiEDR for endpoint coverage and FortiAnalyzer for SIEM-like correlation across cloud and network data.
FortiCNAPP does not offer a self-service free trial. However, Fortinet sales teams can arrange a proof-of-value (POV) engagement, typically lasting 2–4 weeks, where the platform is deployed in your environment with guided onboarding. This allows teams to evaluate behavioral detection quality and compliance coverage against their specific cloud infrastructure before committing to a contract.
Consider Lacework (now FortiCNAPP) carefully or explore alternatives. The free tier is a good place to start.
Pros and cons analysis updated March 2026