Fortinet Lacework FortiCNAPP
Fortinet Inc.External reviews
382 reviews
from
External reviews are not included in the AWS star rating for the product.
Very good
What do you like best about the product?
It works well and the UI is pretty good. They are actively developing and improving it.
What do you dislike about the product?
Email alerts could use some work - they are inconsistent.
What problems is the product solving and how is that benefiting you?
Lacework found a bunch of security issues in our accounts.
Lacework: A review
What do you like best about the product?
Very informative and detailed - easy to use
What do you dislike about the product?
High price of logging - implementation could be easier
What problems is the product solving and how is that benefiting you?
Compliance with certifications and Security
Lacework is a great tool for implementing a secure cloud environment
What do you like best about the product?
We're able to identify vulnerabilities and scan our cloud environments according to an automated schedule. They provide helm charts for deploying the lacework agent as a daemonset. They provide cloud formation templates for deploying. IaC options for deployment are great.
What do you dislike about the product?
The reports that you can run using the tool do not typically have remediation steps to perform. It's also my personal opinion there are too many critical vulnerabilities that could be classified as medium or low.
Include remediation steps in the report.
Include remediation steps in the report.
What problems is the product solving and how is that benefiting you?
Lacework is helping us scan our cloud infrastructure and provides CIS benchmark reports on the state of our infrastructure. The lacework agent reports when our EC2s need package updates.
Lacework: A Comprehensive Review of the Cloud Security Platform
What do you like best about the product?
Lacework is a cloud security platform that offers a range of features and capabilities to help organizations secure their cloud workloads. One of the things that customers often like about Lacework is its ability to provide comprehensive security coverage across multiple cloud environments and platforms, including AWS, Azure, Google Cloud Platform, and Kubernetes.
Lacework offers features such as workload protection, compliance automation, threat detection, and incident response, all of which work together to provide a holistic approach to cloud security. The platform also uses machine learning and behavioral analytics to help identify and mitigate potential security risks and threats.
Lacework offers features such as workload protection, compliance automation, threat detection, and incident response, all of which work together to provide a holistic approach to cloud security. The platform also uses machine learning and behavioral analytics to help identify and mitigate potential security risks and threats.
What do you dislike about the product?
One potential concern is the pricing model of Lacework, which may be considered relatively expensive compared to other cloud security solutions. Some users have also noted that while the platform offers many features and capabilities, it may be overwhelming for users who are not familiar with cloud security.
Another criticism is that the platform may generate a high number of false positive alerts, which can be frustrating for users who need to spend time investigating and addressing them. However, Lacework has made efforts to address this issue by providing more granular controls over the types of alerts generated and refining their machine learning algorithms.
Another criticism is that the platform may generate a high number of false positive alerts, which can be frustrating for users who need to spend time investigating and addressing them. However, Lacework has made efforts to address this issue by providing more granular controls over the types of alerts generated and refining their machine learning algorithms.
What problems is the product solving and how is that benefiting you?
Lacework is solving numerous problems by adhering to the different security compliances. Container vulnerability scan and integrations with different third-party vendors are a plus.
Image scanning, map of the containers using an image, and AMI scanning are some of its core features for addressing any security vulnerabilities.
Image scanning, map of the containers using an image, and AMI scanning are some of its core features for addressing any security vulnerabilities.
Compliance Summary feature is useful when it comes to reshaping our AWS security assessment process
What do you like best about the product?
Before using Lacework, our legacy tools weren't able to keep up with the on-demand changes & handling various CSPM involved. Event categorization effectively identifies each event timeline and summary so that we obtain operational visibility while working with these changes. We can also add exceptions in our vulnerabilities dashboard and all items present in the exception list can be exported as CSV based on customer demands.
What do you dislike about the product?
At the initial stage, we had difficulties in setting up branch protection rules for our GitHub repository. Later we came to understand how we can enforce workflows for performing multiple pull requests which made it easy to regulate branch protection rules. Gradually we are learning its compliance features to coexist with the requests given by our clients.
What problems is the product solving and how is that benefiting you?
Lacework offers automated anomaly detection with which we get instantly notified about any irregular events in our AWS environment. We establish fine-tuning rules which aid in accurately alerting us whenever there are challenges in business critical events. We can also utilize its codeless approaches to remove our rule-writing elements which consume a lot of time & has high possibilities of misconfigurations.
Lacework helps InfoSec people sleep at night!
What do you like best about the product?
Lacework learns your environment and then monitors it for changes. And, you can test your compliance with the major frameworks, like SOC 2, instantly. Of course, it drops alerts to Slack or PagerDuty so you don't have to always be monitoring it.
What do you dislike about the product?
When you suppress a vulnerability that is identified that you know it not an issue, there is no notes field to record why you have suppressed it. Additionally, I wish that you could customize the dashboard to display what is important to you and that you could save that customization.
What problems is the product solving and how is that benefiting you?
Monitoring our environment for old and new vulnerabilities and meeting compliance goals.
Recommendations to others considering the product:
No recommendations
Pretty decent threat detection SaaS
What do you like best about the product?
Pretty insightful report/data. Fairly robust in the information that it gives you and pretty easy to parse down to a more specific set of data that you are looking for.
What do you dislike about the product?
They do have a lot of different ways to deploy the agent, but they were fairly involved and a little too granular in the type - e.g. you can't deploy the agent and it intelligently installs the correct "version". Manually installing is incredibly easy, but automating that process leaves something to be desired.
What problems is the product solving and how is that benefiting you?
We were having issues getting reporting on vulnerable systems. Not so much, hey you've been getting attacked via this port or whatever. But if there are vulnerabilities IN the actual VM, we now have good insight into this.
Lacework is good for compliance and docker images vulnerability
What do you like best about the product?
I liked Lacework Compliance and ecr vulnerability check is good.
What do you dislike about the product?
There is improvement required in policies and events for AWS cloudtrail.
What problems is the product solving and how is that benefiting you?
We are using it for cloudtrail and config.
It just makes my work easier
What do you like best about the product?
Just the fact that I can have Infrastructure as Code Security, Vulnerability Management and Posture and Compliance in one single console makes my job easier as we can take faster decisions when time is critical.
What do you dislike about the product?
So far I haven't found issues in the product, but for sure I'll find something in the future. Installation that it's usually one of the downsides of getting new security products was in fact pretty simple.
What problems is the product solving and how is that benefiting you?
We rapidly identify issues related to vulnerabilities, compliance and especially when we are attacked, even when we scan our entire cloud infrastructure, in several cloud accounts.
Cloudtrail anomaly detection plus some other stuff...
What do you like best about the product?
The cloudtrail anomaly detection was our initial need. We had an expansive AWS footprint, and needed something to get our hands around who was doing what, and if those patterns were changing. Setting up the centralize cloudtrail access was simple, the Lacework tech did a lot of the work for us. The compliance reporting is much cleaner than the native AWS interface, which makes things more actionable. Also the container scanning "just works", which checks another box.
What do you dislike about the product?
They have a whole other part of their product that uses agents. And their sales team loves to talk about it. As we move more and more of our footprint to serverless we won't need agents, and hearing the pitch about them is a bit tiresome. Outside of the agent story, some more knobs on what generates alerts for anomaly detection would be interesting to play with, but honestly, I don't need MORE alerts in my life. It's not that Lacework is chatty, it's very manageable, but the anomaly detection is really just "set it and forget it" and I'd like to see more options.
What problems is the product solving and how is that benefiting you?
Learning about what users are doing in the cloud. Better actionability from reporting (more consumable by a less technical resource). For the most part, the ops folks can let the security folks drive the tool and generate tickets. Before this was a paired-up exercise and not always enjoyed by either side.
Recommendations to others considering the product:
Like any other security tooling, make sure you understand what you want out of the tools before you talk to them. There's a dizzying array of information that Lacework can make visible, and it is easy to be overexcited about the capabilities.
showing 331 - 340