Skip to content
Home IaC Security Tools Lacework
Lacework

Lacework

ACQUIRED
Category: IaC Security
License: Commercial
Visit Website →
Suphi Cankurt
Suphi Cankurt
AppSec Enthusiast
Updated February 6, 2026
3 min read
Key Takeaways
  • Lacework was acquired by Fortinet in August 2024 and rebranded as FortiCNAPP; lacework.com now redirects to fortinet.com.
  • Built on behavioral analytics that establish baselines of normal cloud behavior and flag anomalies; Composite Alerts correlate multiple signals to reduce false positives.
  • Covers CSPM, CWPP, CIEM, CDR, code security, and DSPM across AWS, Azure, GCP, OCI, and Kubernetes; 225 cloud security and AI patents transferred to Fortinet.
  • Named a Leader in the KuppingerCole 2025 CNAPP Leadership Compass; now integrates with the broader Fortinet Security Fabric (FortiGate, FortiWeb, FortiSOAR).

Lacework was a cloud-native application protection platform known for behavioral analytics and anomaly detection in cloud environments. Fortinet acquired Lacework in August 2024 and rebranded the product as FortiCNAPP. The lacework.com domain now redirects to Fortinet’s product page.

Founded in 2015 in Mountain View, California, Lacework raised over $1.8 billion in venture funding and reached a peak valuation of $8.3 billion in November 2021. At the time of acquisition, the company had nearly 1,000 customers.

What is Lacework / FortiCNAPP?

Lacework built its CNAPP around behavioral analytics. Rather than relying solely on static rules, the platform established baselines of normal behavior for cloud workloads and flagged deviations. This catches threats that don’t match known signatures.

The platform covered CSPM, CWPP, CIEM, CDR, code security, and (as of January 2026) DSPM. Fortinet brought 225 cloud security and AI patents from the acquisition, increasing Fortinet’s patent portfolio to over 1,800.

Behavioral Analytics
Established baselines of normal cloud behavior and detected anomalies. Composite Alerts correlated multiple signals to reduce false positives.
Multi-Cloud CNAPP
Unified CSPM, CWPP, CIEM, CDR, and code security across AWS, Azure, GCP, OCI, and Kubernetes from a single platform.
Fortinet Integration
Now part of the Fortinet Security Fabric. Integrates with FortiGate, FortiWeb, FortiSOAR, FortiDevSec, and FortiEDR.

Key Features

CapabilityDetails
CSPMConfiguration monitoring across AWS, Azure, GCP, OCI, Kubernetes. Compliance with CIS Benchmarks.
CWPPRuntime monitoring with behavioral baselines. File integrity monitoring, process tracking.
CIEMNet-effective permissions analysis. Compares granted vs. actually used permissions.
CDRReal-time Kubernetes and cloud audit log analysis. Detects unauthorized access and control plane compromises.
Code SecuritySAST, SCA, SBOM generation, IaC scanning. Integrates with CI/CD pipelines via FortiDevSec.
DSPMSensitive data discovery, classification, and access monitoring (added January 2026).
KSPMKubernetes Security Posture Management with CIS Benchmark compliance.
Agentless ScanningScans Windows and Linux workloads without agent deployment. Default 24-hour scan frequency.

Behavioral Analytics

The core differentiator was Lacework’s anomaly detection engine. The platform monitored cloud API calls, process execution, network connections, and file activity to build behavioral baselines.

When workloads deviated from established patterns — a container making unusual network connections, a process spawning unexpected child processes — the system generated alerts.

Composite Alerts correlated multiple weak signals into grouped findings. Instead of firing on every low-confidence event, the system combined related signals so teams could focus on real issues.

Cloud Detection and Response

CDR processed Kubernetes audit logs and cloud provider logs (like AWS CloudTrail) to detect unauthorized access attempts, privilege escalation, and control plane manipulation. The platform processed logs in under 15 minutes to enable near-real-time response.

Fortinet Security Fabric Integration

As FortiCNAPP, the platform now integrates with Fortinet’s broader portfolio. Network-aware risk scoring detects FortiGate firewalls along internet-accessible paths and factors that protection into workload risk assessments. FortiSOAR provides workflow orchestration and automated remediation.

Acquisition Timeline

DateEvent
November 2021Series D at $8.3B valuation
June 10, 2024Fortinet announces acquisition
August 1, 2024Acquisition completed
2025Product rebranded as FortiCNAPP
January 2026DSPM module added

When to Use FortiCNAPP

Organizations previously using Lacework should work through Fortinet’s support channels for the transition to FortiCNAPP. New buyers evaluating CNAPP platforms should consider FortiCNAPP alongside alternatives.

FortiCNAPP was named a Leader in three categories (Overall, Market, and Innovation) in the KuppingerCole 2025 CNAPP Leadership Compass and won the SC Awards 2025 Best Cloud Workload Protection Solution.

Strengths:

  • Behavioral analytics approach catches anomalies that static rules miss
  • Composite Alerts reduce false positives through multi-signal correlation
  • Integration with the broader Fortinet Security Fabric
  • Multi-cloud support including AWS, Azure, GCP, OCI
  • 225 cloud security and AI patents

Limitations:

  • No longer available as a standalone product — requires Fortinet relationship
  • Enterprise pricing with no free tier
  • Transition from Lacework to FortiCNAPP may cause disruption for existing customers
  • Smaller community compared to cloud-native-only vendors

For a broader view of CNAPP and cloud security, see our cloud infrastructure security guide. For alternative CNAPP platforms, see Wiz and Orca Security.

For open-source runtime security in Kubernetes, consider Falco or KubeArmor.

Best for
Organizations in the Fortinet ecosystem who need unified cloud security with behavioral analytics. Existing Lacework customers transitioning to FortiCNAPP retain all previous capabilities with added Fortinet integrations.

Note: Acquired by Fortinet (August 2024). Rebranded as FortiCNAPP. lacework.com redirects to fortinet.com.

Frequently Asked Questions

What happened to Lacework?
Fortinet acquired Lacework in August 2024. The product has been rebranded as FortiCNAPP (also called Lacework FortiCNAPP). The lacework.com domain now redirects to fortinet.com/products/forticnapp. Over 225 patents transferred to Fortinet in the deal.
Is Lacework still available as a standalone product?
No. Lacework has been fully absorbed into Fortinet’s product portfolio as FortiCNAPP. Documentation is hosted at docs.fortinet.com under the Lacework FortiCNAPP product. Organizations using Lacework now work through Fortinet’s sales and support channels.
What does FortiCNAPP do?
FortiCNAPP is a Cloud-Native Application Protection Platform covering CSPM, CWPP, CIEM, CDR, code security, DSPM, and Kubernetes security. It supports AWS, Azure, GCP, OCI, and Kubernetes environments. It integrates with the broader Fortinet Security Fabric including FortiGate, FortiWeb, and FortiSOAR.
What clouds does FortiCNAPP support?
FortiCNAPP supports AWS, Microsoft Azure, Google Cloud Platform, Oracle Cloud Infrastructure (OCI), and Kubernetes clusters across providers. Hybrid deployment support is also available.
How we review tools Suggest an edit

Other IaC Security Tools

Sysdig Secure
Sysdig Secure

Runtime-first cloud security

Orca Security
Orca Security

Patented SideScanning technology

Wiz
Wiz

Leader in agentless CNAPP

Checkov
Checkov

1,000+ Policies for Terraform, CloudFormation & K8s

Conftest
Conftest

Policy-as-Code Testing

Falco
Falco

Cloud-native runtime security

See all IaC Security tools

Complement with SCA

Pair IaC scanning with dependency analysis for broader coverage.

Syft
Syft

SBOM generation tool

Anchore
Anchore

SBOM-First Container Security Platform

See all SCA tools

Learn More

CSPM vs CNAPP Terraform Security Scanning What is CNAPP? What is IaC Security?

Explore all IaC Security guides and tools