Lacework FortiCNAPP
By Fortinet
Fortinet's CNAPP, built from its August 2024 acquisition of Lacework and centered on the Polygraph engine, which baselines normal cloud activity and flags behavioral anomalies rather than relying only on static rules. Increasingly branded simply FortiCNAPP and integrated with the broader Fortinet Security Fabric.
Verified Source: 1
- Product type
- Software
- Deployment
- SaaSAgent
- Organization size
- Mid-marketEnterprise
- Pricing tier
- $$
How Lacework FortiCNAPP measures up against the full Cloud-Native Application Protection / Posture Management taxonomy.
- Misconfiguration detection (CSPM) — supported
- Flags cloud configuration drift against benchmarks like CIS and provider best practices.
- Agentless workload scanning — supported
- Scans workloads via cloud provider APIs or snapshots without deploying agents.
- Cloud entitlement management (CIEM) — supported
- Identifies excessive or unused permissions across cloud identities.
- Attack path analysis — supported
- Correlates findings across identity, network, and data exposure to surface exploitable attack paths.
- Infrastructure-as-code scanning — not supported
- Catches misconfigurations in Terraform and CloudFormation before they're deployed.
- Vulnerability prioritization — supported
- Finds and ranks OS and package CVEs across cloud workloads by real-world exploitability.
- Compliance benchmark mapping — supported
- Continuously maps posture to frameworks like CIS, SOC 2, and PCI.
Alternatives
Other Cloud-Native Application Protection / Posture Management tools with overlapping capabilities, sized for similar teams.