AWS Security Hub vs Lacework FortiCNAPP comparison

Amazon Web Services (AWS) and Fortinet are both solutions in the Cloud Security Posture Management (CSPM) category. Amazon Web Services (AWS) is ranked #13 with an average rating of 7.6, while Fortinet is ranked #15 with an average rating of 8.7. Amazon Web Services (AWS) holds a 5.6% mindshare in CSPM, compared to Fortinet’s 2.6% mindshare. Additionally, 90% of Amazon Web Services (AWS) users are willing to recommend the solution, compared to 90% of Fortinet users who would recommend it.

AWS Security Hub

Read 20 AWS Security Hub reviews

3,477 Views
2,914 Comparison Views

90% willing to recommend

Lacework FortiCNAPP

Read 10 Lacework FortiCNAPP reviews

3,219 Views
2,172 Comparison Views

90% willing to recommend

AWS Security Hub

Lacework FortiCNAPP

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Dec 12, 2024

Lacework FortiCNAPP and AWS Security Hub are two prominent players in the cloud security management domain. Lacework FortiCNAPP has an advantage in multi-cloud environments while AWS Security Hub excels within AWS ecosystems.

Features: Lacework FortiCNAPP offers robust anomaly detection, security compliance, and a comprehensive alert management system, effectively transforming security data into actionable insights. It integrates seamlessly in multi-cloud environments like GCP and Azure, with extensive reports across major compliance standards. AWS Security Hub provides effective integration with AWS services and third-party tools, allowing centralized management of security posture within AWS environments, although it falls short in hybrid scenarios.

Room for Improvement: Lacework FortiCNAPP could enhance its visibility features, improve IAM security management, and better integrate with third-party SIEMs. Additionally, easier alert configurations and FedRAMP authorization are desired. AWS Security Hub should focus on improving integration with non-AWS services, offering faster updates and more flexible dashboard customization, particularly for multi-cloud environments.

Ease of Deployment and Customer Service: Lacework FortiCNAPP receives praise for its proactive support, frequent check-ins, and responsive technical team available via Slack, offering detailed feedback and quick issue resolution. AWS Security Hub provides adequate support with routine check-ins, although post-integration engagement is limited.

Pricing and ROI: Lacework FortiCNAPP is seen as slightly expensive but delivers high ROI by reducing manual monitoring. Its pricing setup is unique, with flexible licensing options. AWS Security Hub is competitively priced and cost-effective, perceived as inexpensive due to its PAYG model, with users generally viewing it as reasonably priced without detailing specific ROI metrics.

To learn more, read our detailed AWS Security Hub vs. Lacework FortiCNAPP Report (Updated: October 2024).

Buyer's Guide

AWS Security Hub vs. Lacework FortiCNAPP

October 2024

Download the complete report

Helped 823,875 peers since 2012

Categories and Ranking

AWS Security Hub

Ranking in Cloud Security Posture Management (CSPM)

13th

Average Rating

7.6

Reviews Sentiment

7.2

Number of Reviews

Ranking in other categories

Security Orchestration Automation and Response (SOAR) (5th)

Lacework FortiCNAPP

Ranking in Cloud Security Posture Management (CSPM)

15th

Average Rating

8.6

Reviews Sentiment

7.5

Number of Reviews

Ranking in other categories

Vulnerability Management (16th), Container Security (13th), Cloud Workload Protection Platforms (CWPP) (12th), Cloud-Native Application Protection Platforms (CNAPP) (11th), Compliance Management (7th)

Mindshare comparison

As of December 2024, in the Cloud Security Posture Management (CSPM) category, the mindshare of AWS Security Hub is 5.6%, up from 4.7% compared to the previous year. The mindshare of Lacework FortiCNAPP is 2.6%, down from 5.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Cloud Security Posture Management (CSPM)

Featured Reviews

CobusFrey

Product Owner Global Cloud at Tyme

Not only does it easily integrate with third-party tools but also allows auto synchronization of logs

AWS Security Hub has advanced quite a bit over the last couple of years. The features are quite rich now. Before purchasing, one should develop an understanding of the product. I believe AWS Security Hub is one of the most friendly solutions for integration with third-party tools. I find the integration of AWS Security Hub to be the easiest with tools from Microsoft and a bit difficult with Google solutions. AWS Security Hub is compliant in many different ways. The development business I am part of is SOC compliant for AWS Security Hub, while the banks our organization works with have been PCI compliant for AWS Security Hub for three years. I would definitely recommend AWS Security Hub to others, yet I would also inquire about their purpose and knowledge of cloud solutions. If you know how to use AWS Security Hub, it can be a great solution to work with. The solution is more suitable for people working in the cloud instead of on-premises. I would rate AWS Security Hub a nine out of ten.

Read full review

Robert Croteau

Director of Enablement at Avesha

It provides a good overview of our security posture

The most valuable feature is Lacework's ability to distill all the security and audit logs. I recommend it to my customers. Normally, when I consult for other customers that are getting into the cloud, we use native security tools. It's more of a rule-based engine. They have to go in and put their policies in place. It's hard for them to implement that, especially if they don't have a real security team. The team's policymakers don't do anything. Lacework takes out all the noise and gives them bits of things that actually matter with the application after it learns the behavior.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"The most beneficial aspect of Security Hub is its proactive capability, allowing us to identify potential security issues before they escalate."

"One of the most effective features of AWS Security Hub is the easy access to a dashboard with a ready-to-use security score."

"It's a security posture management tool from AWS. Basically, it identifies misconfigurations, similar to Trusted Advisor but on a larger scale."

"I like that AWS Security Hub currently has several good features, around four or five. The technical support for AWS Security Hub is also responsive."

"The most valuable feature of AWS Security Hub is the ability to track when monitoring is not enabled on any of my resources."

"AWS Security Hub provides comprehensive alerts about potential compliance issues with CIS standards. The integration with third-party tools is another excellent feature. All our workloads are on AWS."

"The solution shows us our compliance score."

"AWS Security Hub can check your infrastructure against multiple compliance frameworks. You can turn on or off specific frameworks based on your needs."

More AWS Security Hub pros

"Polygraph compliance is a valuable feature. In our perspective, it delivers significant benefits. The clarity it offers, along with the ability to identify and address misconfigurations, is invaluable. When such issues arise, we promptly acknowledge and take action, effectively collaborating with our teams and the responsible parties for those assets. This enables us to promptly manage problems as soon as they arise."

"The compliance reports are definitely most valuable because they save time and are accurate. So, instead of relying on a human going through and checking or providing me with a report, I could just log into Lacework and see for myself."

"There are many valuable features that I use in my daily work. The first are alerts and the event dossier that it generates, based on the severity. That is very insightful and helps me to have a security cap in our infrastructure. The second thing I like is the agent-based vulnerability management, which is the most accurate information."

"Lacework is helping a lot in reducing the noise of the alerts. Usually, whenever you have a tool in place, you have a lot of noise in terms of alerts, but the time for an engineer to look into those alerts is limited. Lacework is helping us to consolidate the information that we are getting from the agents and other sources. We are able to focus only on the things that matter, which is the most valuable thing for us. It saves time, and for investigations, we have the right context to take action."

"The best feature, in my opinion, is the ease of use."

"The most valuable feature, from a compliance perspective, is the ability to use Lacework as a platform for multiple compliance standards. We have to meet multiple standards like PCI, SOC 2, CIS, and whatever else is out there. The ability to have reports generated, per security standard, is one of the best features for me."

"The most valuable feature is Lacework's ability to distill all the security and audit logs. I recommend it to my customers. Normally, when I consult for other customers that are getting into the cloud, we use native security tools. It's more of a rule-based engine."

"The most valuable aspects are identifying vulnerabilities—things that are out there that we aren't aware of—as well as finding what path of access attackers could use, and being able to see open SSL or S3 buckets and the like."

More Lacework FortiCNAPP pros

Cons

"The solution will only give you insight if you have configure rule enabled. It should work more like Prisma Cloud and Dome9 which have a better approach."

"Whenever my team gets some alarms from the central team, my team needs to initiate whether it's a real or false trigger. The central team needs to keep adjusting to the parameters or at least the concerned IPs, whether it's really from the company's pool of IPs, so the trigger process can be improved. In the next release of AWS Security Hub, I'd like a better dashboard that could result in better alert visibility."

"From an improvement perspective, there is a need to add more compliance since, right now, AWS Security Hub only provides four to five compliances to control the tool."

"Adding SIEM features would be beneficial because of the limited customization of AWS Security Hub."

"I would like a more fine-grained capability for creating custom rules and a more user-friendly experience programmatically in writing queries and configuring custom security rules, making it quicker and easier."

"One aspect that could be improved in the solution is its adaptability to different markets and geopolitical restrictions. In certain regions like Thailand, specific services from certain countries or providers, such as AWS or Azure, might be limited or blocked. It also needs improvement in would require configuring the solution more adaptable to AWS infrastructure and function."

"Although AWS Security Hub does a periodic scan of your overall infrastructure, it doesn't do it in real time."

"Shortening the response time for support tickets, particularly in production issues, could make the service more efficient."

More AWS Security Hub cons

"Visibility is lacking, and both compliance-related metrics and IAM security control could be improved."

"Its integrations with third-party SIEMs can be better. That is one of the things that we discussed with them."

"A feature that I have requested from them is the ability to sort alerts and policies based on a security framework. Right now, when you go into alerts, you have hundreds and hundreds of them that you have to manually pick. It would be useful to have categories for CIS Benchmark or SOC 2 and be able to display all the alerts and policies for one security framework."

"Lacework has not reduced the number of alerts we get. We've actually had to add resources as a result of using it because the application requires a lot of people to understand it to get the value out of it properly."

"There are a couple of the difficulties we encounter in the realm of cybersecurity, or security as a whole, that relate to potentially limited clarity. Having the capacity to perceive the configuration aspect and having the ability to contribute to it holds substantial advantages, in my view. It ranks high, primarily due to its role in guaranteeing compliance and the potential to uncover vulnerabilities, which could infiltrate the system and introduce potential risks. I had been exploring a specific feature that captured my interest. However, just yesterday, I participated in a product update session that announced the imminent arrival of this feature. The feature involves real-time alerting. This was something I had been anticipating, and it seems that this capability is now being integrated, possibly as part of threat intelligence. While anomaly events consistently and promptly appear in the console, certain alerts tend to experience delays before being displayed. Yet, with the recent product update, this issue is expected to be resolved. Currently, a comprehensive view of all policies is available within the console. However, I want a more tailored display of my compliance posture, focusing specifically on policies relevant to me. For instance, if I'm not subject to HIPAA regulations, I'd prefer not to see the HIPAA compliance details. It's worth noting that even with this request, there exists a filtering mechanism to control the type of compliance information visible. This flexibility provides a workaround to my preference, which is why it's challenging for me to definitively state my exact request."

"Lacework lacks remediation features, but I believe they're working on that. They're focused on the reporting aspect, but other features need to improve. They're also adding some compliance features, so it's not worth saying they need to get better at it."

"The biggest thing I would like to see improved is for them to pursue and obtain a FedRAMP moderate authorization... I don't believe they have any immediate plans to get FedRAMP moderate authorized, which is a bit of a challenge for us because we can only use Lacework in our commercial environment."

"The solution lacks a cohesive data model, making extracting the necessary data from the platform challenging. It uses its own LQL query language, and each database across different layers and modules is structured differently, complicating correlation efforts. Consequently, I had to create extensive custom reports outside Lacework because their default dashboards didn't communicate risk metrics. They're addressing these issues by redesigning their tools, including introducing the dashboard, which is a step closer to actionable insights but still needs refinement."

More Lacework FortiCNAPP cons

Pricing and Cost Advice

"The price of the solution is not very competitive but it is reasonable."

"AWS Security Hub's pricing is pretty reasonable."

"AWS Security Hub is not an expensive tool. I would consider it to be a cheap solution. AWS Security Hub follows the PAYG pricing model, meaning you will have to pay for whatever you use."

"There are multiple subscription models, like yearly, monthly, and packaged."

"The price of AWS Security Hub is average compared to other solutions."

"The pricing is fine. It is not an expensive tool."

"Security Hub is not an expensive solution."

"It is slightly expensive. It depends on how big your environment is, but it is expensive. Right now, we are spending a lot of money. We have covered all of the cloud providers and most of our colocation facilities as well, so we cannot complain, but it is slightly expensive. It is not super expensive."

"The pricing has gotten better. That scenario was somewhat unstable. They have a rather interesting licensing structure. I believe you get 200 resources per "Lacework unit." It was difficult, in the beginning, to figure out exactly what a "resource" was... That was a problem until about a year or so ago. They have improved it and it has stabilized quite a bit."

"The licensing fee was approximately $80,000 USD, per year."

"My smaller deployments cost around 200,000 a year, which is probably not as expensive as Wiz."

See which vendors are best for you

Use our free recommendation engine to learn which Cloud Security Posture Management (CSPM) solutions are best for your needs.

See recommendations

823,875 professionals have used our research since 2012.

Comparison Review

it_user186927

Director of Operations at Bell

Feb 16, 2015

Cybereason vs. Interset vs. SQRRL

Capture DB - they all use NoSQL db and hence solve the ad hoc query and 'go back in time' problem with current best of breed SIEM and DLP solutions that rely on real time analysis of incoming logs (and don't store them). This means deeper and quicker iterative threat analysis and assessment…

Read full review

Top Industries

By visitors reading reviews

Computer Software Company

15%

Financial Services Firm

13%

Manufacturing Company

10%

Government

Computer Software Company

18%

Financial Services Firm

13%

Manufacturing Company

Retailer

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

Which is better - Azure Sentinel or AWS Security Hub?

We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel is auto-scaling - you will not have to worry about performance impact, you will...

See all answers

What do you like most about AWS Security Hub?

The most valuable features of the solution are the scanning of all the cloud environments and most of the compliances available in the cloud.

See all answers

What needs improvement with AWS Security Hub?

I would like a more fine-grained capability for creating custom rules and a more user-friendly experience programmatically in writing queries and configuring custom security rules, making it quicke...

See all answers

What do you like most about Lacework?

Polygraph compliance is a valuable feature. In our perspective, it delivers significant benefits. The clarity it offers, along with the ability to identify and address misconfigurations, is invalua...

See all answers

What is your experience regarding pricing and costs for Lacework?

My smaller deployments cost around 200,000 a year, which is probably not as expensive as Wiz.

See all answers

What needs improvement with Lacework?

The solution lacks a cohesive data model, making extracting the necessary data from the platform challenging. It uses its own LQL query language, and each database across different layers and modul...

See all answers

Comparisons

Microsoft Sentinel vs AWS Security Hub

Compared 38% of the time

Wiz vs AWS Security Hub

Compared 11% of the time

Prisma Cloud by Palo Alto Networks vs AWS Security Hub

Compared 11% of the time

Microsoft Defender for Cloud vs AWS Security Hub

Compared 6% of the time

Google Chronicle Suite vs AWS Security Hub

Compared 6% of the time

More AWS Security Hub Competitors

Wiz vs Lacework FortiCNAPP

Compared 29% of the time

Prisma Cloud by Palo Alto Networks vs Lacework FortiCNAPP

Compared 14% of the time

AWS GuardDuty vs Lacework FortiCNAPP

Compared 9% of the time

Aqua Cloud Security Platform vs Lacework FortiCNAPP

Compared 5% of the time

Microsoft Defender for Cloud vs Lacework FortiCNAPP

Compared 5% of the time

More Lacework FortiCNAPP Competitors

Product Reports

Buyer's Guide

AWS Security Hub

December 2024

Download AWS Security Hub product report

Buyer's Guide

Lacework FortiCNAPP

December 2024

Download Lacework FortiCNAPP product report

Also Known As

SQRRL

Polygraph, FortiCNP

Learn More

Amazon Web Services (AWS)

Fortinet

Overview

AWS Security Hub is a comprehensive security service that provides a centralized view of security alerts and compliance status across an AWS environment. It collects data from various AWS services, partner solutions, and AWS Marketplace products to provide a holistic view of security posture. With Security Hub, users can quickly identify and prioritize security issues, automate compliance checks, and streamline remediation efforts.

The service offers a range of features including continuous monitoring, threat intelligence integration, and customizable dashboards. It also provides automated insights and recommendations to help users improve their security posture. Security Hub integrates with other AWS services like Amazon GuardDuty, AWS Config, and AWS Macie to provide a unified security experience. Additionally, it supports integration with third-party security tools through its API, allowing users to leverage their existing security investments.

With its user-friendly interface and powerful capabilities, AWS Security Hub is a valuable tool for organizations looking to enhance their security and compliance posture in the cloud.

Lacework FortiCNAPP provides robust cloud security, combining vulnerability management and multi-cloud insight with user-friendly controls, machine learning detection, and compliance support.

Lacework FortiCNAPP specializes in cloud security by merging machine learning anomaly detection with agent-based vulnerability management to offer detailed alerts and compliance reports. Its comprehensive approach allows continuous monitoring across AWS and Kubernetes, providing insights from an attacker's perspective. The platform offers automation and seamless Slack integration, facilitating collaborative and efficient cloud security management. Users value its ability to handle multi-cloud environments and scan IAC scripts, configurations, and compute nodes across AWS and GCP.

What are the key features?

Machine Learning Detection: Identifies anomalies effectively.
Compliance Reports: Provides precise compliance documentation.
Vulnerability Management: Supports agent-based vulnerability assessments.
Multi-Cloud Support: Manages and secures across multiple cloud providers.
Automation and Collaboration: Enables integration with Slack for streamlined communication.
Custom Alerts: Allows creation of personalized alerts for better focus.

What benefits do users expect?

Reduced Alert Noise: Minimizes distractions with filtered alerts.
Efficient Cloud Security: Automates processes for enhanced security management.
Collaboration Support: Integrates with tools like Slack.
Insightful Perspective: Provides insight from an attacker's viewpoint.

Organizations across sectors leverage Lacework FortiCNAPP for cloud security, focusing on compliance, security posture, and vulnerability management. It is widely used for monitoring AWS and Kubernetes environments, scanning IAC scripts, configurations, and securing compute nodes. It supports multi-cloud security posture management and log ingestion, enabling companies to maintain strong cloud infrastructures without dedicated security layers.

Sample Customers

Edmunds, Frame.io, GoDaddy, Realtor.com

J.Crew, AdRoll, Snowflake, VMWare, Iterable, Pure Storage, TrueCar, NerdWallet, and more.

Buyer's Guide

AWS Security Hub vs. Lacework FortiCNAPP

October 2024

Free Report: AWS Security Hub vs. Lacework FortiCNAPP

Find out what your peers are saying about AWS Security Hub vs. Lacework FortiCNAPP and other solutions. Updated: October 2024.

DOWNLOAD NOW

823,875 professionals have used our research since 2012.

See our AWS Security Hub vs. Lacework FortiCNAPP report.

See our list of best Cloud Security Posture Management (CSPM) vendors.

We monitor all Cloud Security Posture Management (CSPM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.