Fortinet Expands Its Cloud-Native Security Offerings with the Introduction of Lacework FortiCNAPP

Author's Avatar
Oct 08, 2024

Combining Lacework’s leading cloud-native application protection platform with the Fortinet Security Fabric delivers unmatched visibility and protection across multi-cloud environments

SUNNYVALE, Calif., Oct. 08, 2024 (GLOBE NEWSWIRE) --

News Summary
Fortinet® ( FTNT), the global cybersecurity leader driving the convergence of networking and security, today announced the general availability of Lacework FortiCNAPP, a single unified, AI-driven platform to secure everything from code to cloud all from a single vendor.

“Lacework FortiCNAPP is based on Lacework’s proven cloud-native application protection platform with tight integration with the Fortinet Security Fabric,” said John Maddison, Chief Marketing Officer at Fortinet. “We’re pleased to expand our cloud-native security offerings and provide the industry’s most comprehensive, full-stack cloud security platform that empowers teams to seamlessly eliminate risk across their multi-cloud environments.”

The introduction of Lacework FortiCNAPP offers additional benefits that extend beyond Lacework’s leading offering, such as automated remediation and blocking of active runtime threats, as well as enhanced visibility into FortiGuard Outbreak Alerts, which provide key information about new and emerging threats and the risk they pose within an organization’s environment.

Challenges Disrupting Cloud Adoption
As customers continue to adopt cloud infrastructure and services, they are quickly realizing that traditional security tools simply lack the native capabilities required to address the scale, velocity, and dynamic nature of the cloud. Security teams are fundamentally challenged by the lack of time to address cloud security at scale due to limited cloud security knowledge, a proliferation of cloud security products that do little to help customers resolve issues, and an overwhelming number of security and compliance alerts.

Fortinet Helps Accelerate Customers’ Cloud Journeys
With Lacework FortiCNAPP, Fortinet simplifies and strengthens cloud security with a unified platform from a single vendor that brings together multiple tools to significantly cut down the time to detect, prioritize, investigate, and respond to cloud-native threats. Lacework FortiCNAPP introduces a unique AI approach that never stops learning, maximizing cloud security with minimal time and effort for development, operations, and security teams by automatically connecting risk insights with runtime threat data, and ensuring that the most critical issues are prioritized and addressed.

Fortinet enables customers to address all their cloud security needs by delivering key features such as:

  • A unified platform: Fragmented tools create complex, expensive, and limited protection. As a platform, Lacework FortiCNAPP provides full visibility from code to cloud and correlates build and runtime risk and threat data to prioritize what matters most.
  • AI-based anomaly detection: Given that cloud threats evolve as quickly as the cloud itself, creating rules for every potential attack scenario is nearly impossible. Lacework FortiCNAPP’s AI-based anomaly detection allows security analysts to detect previously undefined attack patterns that traditional rules-based systems cannot accomplish.
  • Integrated code security: Code security integrated with cloud security empowers teams to address issues at the earliest and most cost-effective stage in the application life cycle. By offering code security as an integral capability within the platform, customers can save time and money by fixing security issues, and reduce the risk of vulnerable applications and infrastructure while maintaining developer productivity and innovation velocity.
  • Composite alerts: Lacework FortiCNAPP is unique in detecting early signs of active attacks by automatically correlating various signals into a single, high-confidence composite alert. The platform uses behavioral analytics, anomaly detection, in-house threat intelligence, and insights from cloud service provider activity logs and threat services to identify active attacks, including compromised credentials, ransomware, and cryptojacking.
  • Integrations with the Fortinet Security Fabric: Integrations with Fortinet solutions such as FortiSOAR enable customers to streamline their response to active runtime threats, such as compromised hosts and compromised access keys, through automated remediation playbooks. Additionally, its integration with FortiGuard Outbreak Alerts helps teams understand how Lacework FortiCNAPP delivers enhanced visibility and deeper insights into the latest threats and where the solution can disrupt potential attacks.
  • Cloud Infrastructure Entitlement Management (CIEM): Lacework FortiCNAPP provides CIEM for complete visibility into cloud identities and their permissions. It automatically discovers identities, assesses net-effective permissions, and highlights excessive ones by comparing granted versus used permissions. Each identity is assigned a risk score based on more than 30 factors, helping prioritize high-risk identities. Lacework FortiCNAPP also offers automated remediation guidance for right-sizing permissions, ensuring least-privileged access.

Third-Party Validation

Lacework FortiCNAPP is based on the industry-recognized technology from Lacework, which is consistently recognized as a leader and Representative Vendor in CNAPP and Cloud Workload Security by leading analyst firms, including Frost and Sullivan, Gartner®, GigaOm, and KuppingerCole.

Supporting Quotes

“Lacework FortiCNAPP helped us deal with the massive amount of information that we were getting out of all the different systems, from the native security tools and logging and alerting tools that came from cloud providers to third-party tools that we had purchased to help solve these problems.”
- John Turner, Senior Security Architect, LendingTree

“Lacework FortiCNAPP automatically discovers and catalogs users, services, security groups, and secrets that are active within LawnStarter’s AWS environment and compares them against industry frameworks and compliance requirements. LawnStarter can quickly pull customized reports created by Lacework FortiCNAPP to see which resources are compliant. As a result, LawnStarter has seen a 75% decrease in compliance violations over the past year, saving the company significant time and money. LawnStarter now has a robust compliance practice that is essential to earning and maintaining trust with customers, providers, investors, and advisors.”
- Alberto Silveira, Head of Engineering, LawnStarter

Additional Resources

*Gartner, Gartner Market Guide for Cloud-Native Application Protection Platforms, Dale Koeppen, Charlie Winckless, Neil MacDonald, Esraa ElTahawy, 22 July 2024

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally. All rights reserved.

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

About Fortinet
Fortinet ( FTNT) is a driving force in the evolution of cybersecurity and the convergence of networking and security. Our mission is to secure people, devices, and data everywhere, and today we deliver cybersecurity everywhere you need it with the largest integrated portfolio of over 50 enterprise-grade products. Well over half a million customers trust Fortinet's solutions, which are among the most deployed, most patented, and most validated in the industry. The Fortinet Training Institute, one of the largest and broadest training programs in the industry, is dedicated to making cybersecurity training and new career opportunities available to everyone. Collaboration with esteemed organizations from both the public and private sectors, including CERTs, government entities, and academia, is a fundamental aspect of Fortinet’s commitment to enhance cyber resilience globally. FortiGuard Labs, Fortinet’s elite threat intelligence and research organization, develops and utilizes leading-edge machine learning and AI technologies to provide customers with timely and consistently top-rated protection and actionable threat intelligence. Learn more at https://www.fortinet.com, the Fortinet Blog, and FortiGuard Labs.

Copyright © 2024 Fortinet, Inc. All rights reserved. The symbols ® and ™ denote respectively federally registered trademarks and common law trademarks of Fortinet, Inc., its subsidiaries and affiliates. Fortinet’s trademarks include, but are not limited to, the following: Fortinet, the Fortinet logo, FortiGate, FortiOS, FortiGuard, FortiCare, FortiAnalyzer, FortiManager, FortiASIC, FortiClient, FortiCloud, FortiMail, FortiSandbox, FortiADC, FortiAI, FortiAIOps, FortiAntenna, FortiAP, FortiAPCam, FortiAuthenticator, FortiCache, FortiCall, FortiCam, FortiCamera, FortiCarrier, FortiCASB, FortiCentral, FortiConnect, FortiController, FortiConverter, FortiCSPM, FortiCWP, FortDAST, FortiDB, FortiDDoS, FortiDeceptor, FortiDeploy, FortiDevSec, FortiEDR, FortiExplorer, FortiExtender, FortiFirewall, FortiFlex FortiFone, FortiGSLB, FortiGuest, FortiHypervisor, FortiInsight, FortiIsolator, FortiLAN, FortiLink, FortiMonitor, FortiNAC, FortiNDR, FortiPenTest, FortiPhish, FortiPoint, FortiPolicy, FortiPortal, FortiPresence, FortiProxy, FortiRecon, FortiRecorder, FortiSASE, FortiSDNConnector, FortiSEC, FortiSIEM, FortiSMS, FortiSOAR, FortiStack, FortiSwitch, FortiTester, FortiToken, FortiTrust, FortiVoice, FortiWAN, FortiWeb, FortiWiFi, FortiWLC, FortiWLM and FortiXDR. Other trademarks belong to their respective owners. Fortinet has not independently verified statements or certifications herein attributed to third parties and Fortinet does not independently endorse such statements. Notwithstanding anything to the contrary herein, nothing herein constitutes a warranty, guarantee, contract, binding specification or other binding commitment by Fortinet or any indication of intent related to a binding commitment, and performance and other specification information herein may be unique to certain environments.

Media Contact:Investor Contact:Analyst Contact:
Elena Fuhrmann
Fortinet, Inc.
408-235-7700
[email protected]
Aaron Ovadia
Fortinet, Inc.
408-235-7700
[email protected]
Brian Greenberg
Fortinet, Inc.
408-235-7700
[email protected]
ti?nf=OTI1MjMxNyM2NTIxNjQ1IzIwMDY3MTU=
Fortinet-Inc-.png