Try our new research platform with insights from 80,000+ expert users

HackerOne vs Lacework comparison

HackerOne and Fortinet are both solutions in the Vulnerability Management category. HackerOne is ranked #39 with an average rating of 8.0, while Fortinet is ranked #13 with an average rating of 8.7. Additionally, 83% of HackerOne users are willing to recommend the solution, compared to 90% of Fortinet users who would recommend it.
HackerOne
Read 4 HackerOne reviews
  • 183 Views
  • 154 Comparison Views
83% willing to recommend
Lacework
Read 10 Lacework reviews
  • 2,305 Views
  • 1,528 Comparison Views
90% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Jul 14, 2024

HackerOne and Lacework are leading cybersecurity solutions focusing on bug bounties and cloud security, respectively. HackerOne seems to have the upper hand in community engagement and vulnerability identification, while Lacework excels in cloud security analytics and threat detection.

Features: HackerOne is praised for its extensive vulnerability database, active community engagement, and the ability to identify security weaknesses through crowd-sourced intelligence. Lacework is valued for its robust cloud security analytics, real-time threat detection, and automatic behavioral analysis that offers deeper insights into potential threats.

Room for Improvement: Users mention that HackerOne could enhance its reporting features, provide more intuitive navigation for administrators, and improve integrations with other security tools. For Lacework, users suggest enhancements in documentation, a steeper learning curve, and the need to expand support for more cloud providers.

Ease of Deployment and Customer Service: HackerOne is praised for its straightforward deployment and supportive customer service, making it easy to integrate with existing security tools. Lacework is seen as slightly more complex to deploy due to its comprehensive functionalities but compensates with robust customer service that provides ongoing support and training, ensuring smooth onboarding and operation.

Pricing and ROI: HackerOne offers competitive pricing models that many users find cost-effective, particularly for small to mid-sized businesses, with high ROI due to the reduction in security incidents. Lacework, while perceived as more expensive, is deemed worth the investment by users who value its extensive cloud security capabilities. The ROI for Lacework is considered significant due to its proactive threat detection and compliance features.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed HackerOne vs. Lacework Report (Updated: October 2024).
Buyer's Guide
HackerOne vs. Lacework
October 2024
Download the complete report
Helped 814,528 peers since 2012
 

Categories and Ranking

HackerOne
Ranking in Vulnerability Management
39th
Average Rating
8.6
Number of Reviews
4
Ranking in other categories
Application Security Tools (32nd), Bug Bounty Platforms (1st), Penetration Testing Services (2nd), Attack Surface Management (ASM) (12th)
Lacework
Ranking in Vulnerability Management
13th
Average Rating
8.6
Number of Reviews
10
Ranking in other categories
Container Security (12th), Cloud Workload Protection Platforms (CWPP) (10th), Cloud Security Posture Management (CSPM) (12th), Cloud-Native Application Protection Platforms (CNAPP) (10th), Compliance Management (7th)
 

Featured Reviews

Hrithik Kumar - PeerSpot reviewer
May 28, 2024
Offers bug bounty opportunities and helps to earn extra money
In college, I started using HackerOne and taught my 10-20 juniors how to use it. I'm sure they might still be using it in their lives right now. The biggest challenge integrating HackerOne into my existing security protocols has been on my side, not the tool's. I need to take the time out to use and practice with it, but currently, I'm unable to give it the time I used to. There's no issue from the application side. To use the tool, you first need a basic knowledge of cybersecurity terms, like exploits and vulnerabilities, and how to identify them. Once familiar with these basics, you can learn more from the resources and platforms HackerOne provides. They offer tickets and guides to help you understand the methods for finding and exploiting vulnerabilities. Before deciding to use the solution in your organization, consider the purpose. HackerOne is a multi-platform. If the goal is to spread awareness about cybersecurity or to make the security team more active in learning about hacking methods and new vulnerabilities, then it can be very effective. It allows the team to earn extra money while learning and exploring new vulnerabilities in the market, potentially even finding zero-day vulnerabilities. I would rate HackerOne around an eight to nine out of ten. The application is simple to use, offering numerous opportunities and scopes for exploration. It covers many platforms, including web, Android, and iOS applications. However, the high traffic can sometimes be a drawback. If they manage this issue by implementing features like consolidation pricing for duplicate vulnerabilities, it could easily be a ten out of ten.
Read full review
Robert Croteau - PeerSpot reviewer
Dec 16, 2022
It provides a good overview of our security posture
The most valuable feature is Lacework's ability to distill all the security and audit logs. I recommend it to my customers. Normally, when I consult for other customers that are getting into the cloud, we use native security tools. It's more of a rule-based engine. They have to go in and put their policies in place. It's hard for them to implement that, especially if they don't have a real security team. The team's policymakers don't do anything. Lacework takes out all the noise and gives them bits of things that actually matter with the application after it learns the behavior.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Apart from getting all the bug bounty opportunities, we also get the chance to practice in a safe environment, like a demo setup. These features are great for beginners who want to explore bug bounties in the future."
"It helps me to get new sales, profits, and other benefits."
"The most valuable feature of HackerOne is its variety of programs. These programs provide depth into various areas, such as mobile, API, and websites."
"Lacework is helping a lot in reducing the noise of the alerts. Usually, whenever you have a tool in place, you have a lot of noise in terms of alerts, but the time for an engineer to look into those alerts is limited. Lacework is helping us to consolidate the information that we are getting from the agents and other sources. We are able to focus only on the things that matter, which is the most valuable thing for us. It saves time, and for investigations, we have the right context to take action."
"For the most part, out-of-the-box, it tells you right away about the things you need to work on. I like the fact that it prioritizes alerts based on severity, so that you can focus your efforts on anything that would be critical/high first, moderate second, and work your way down, trying to continue to improve your security posture."
"Polygraph compliance is a valuable feature. In our perspective, it delivers significant benefits. The clarity it offers, along with the ability to identify and address misconfigurations, is invaluable. When such issues arise, we promptly acknowledge and take action, effectively collaborating with our teams and the responsible parties for those assets. This enables us to promptly manage problems as soon as they arise."
"The compliance reports are definitely most valuable because they save time and are accurate. So, instead of relying on a human going through and checking or providing me with a report, I could just log into Lacework and see for myself."
"The best feature, in my opinion, is the ease of use."
"The most valuable aspects are identifying vulnerabilities—things that are out there that we aren't aware of—as well as finding what path of access attackers could use, and being able to see open SSL or S3 buckets and the like."
"I find the cloud configuration compliance scanning mature. It generates a lot of data and supports major frameworks like ISO 27001 or SOC 2, providing reports and datasets. Another feature I appreciate is setting custom alerts for specific events. Additionally, I value the agent-based monitoring and scanning for compute nodes. It gives us deeper insights into our workloads and helps identify vulnerabilities across our deployed assets."
"The most valuable feature, from a compliance perspective, is the ability to use Lacework as a platform for multiple compliance standards. We have to meet multiple standards like PCI, SOC 2, CIS, and whatever else is out there. The ability to have reports generated, per security standard, is one of the best features for me."
More Lacework pros
 

Cons

"One issue I've experienced is traffic. Many people try to participate when an opportunity with a bounty of around 1,000-15,000 dollars comes up. In this case, the first person to report the vulnerability gets the bounty. If a second person reports the same vulnerability, they are marked as duplicated instead of receiving some recognition. The second person also invested time finding the issue, so I think this can be improved."
"The ability to view the conversation between the triagers and the programs will be really good."
"Response time can be improved. The HackerOne Trust team can be slow to respond sometimes. They're not using AI, which could help reduce the number of duplicate reports."
"The configuration and setup of alerts should be easier. They should make it easier to integrate with systems like Slack and Datadog. I didn't spend too much time on it, but to me, it wasn't as simple as the alerting that I've seen on other systems."
"I would like to see a remote access assistance feature. And the threat-hunting platform could be better."
"Lacework has not reduced the number of alerts we get. We've actually had to add resources as a result of using it because the application requires a lot of people to understand it to get the value out of it properly."
"A feature that I have requested from them is the ability to sort alerts and policies based on a security framework. Right now, when you go into alerts, you have hundreds and hundreds of them that you have to manually pick. It would be useful to have categories for CIS Benchmark or SOC 2 and be able to display all the alerts and policies for one security framework."
"The biggest thing I would like to see improved is for them to pursue and obtain a FedRAMP moderate authorization... I don't believe they have any immediate plans to get FedRAMP moderate authorized, which is a bit of a challenge for us because we can only use Lacework in our commercial environment."
"Lacework lacks remediation features, but I believe they're working on that. They're focused on the reporting aspect, but other features need to improve. They're also adding some compliance features, so it's not worth saying they need to get better at it."
"Visibility is lacking, and both compliance-related metrics and IAM security control could be improved."
"Its integrations with third-party SIEMs can be better. That is one of the things that we discussed with them."
More Lacework cons
 

Pricing and Cost Advice

"The solution is free."
"The tool is open-source and free for bug bounty hunters."
"My smaller deployments cost around 200,000 a year, which is probably not as expensive as Wiz."
"It is slightly expensive. It depends on how big your environment is, but it is expensive. Right now, we are spending a lot of money. We have covered all of the cloud providers and most of our colocation facilities as well, so we cannot complain, but it is slightly expensive. It is not super expensive."
"The licensing fee was approximately $80,000 USD, per year."
"The pricing has gotten better. That scenario was somewhat unstable. They have a rather interesting licensing structure. I believe you get 200 resources per "Lacework unit." It was difficult, in the beginning, to figure out exactly what a "resource" was... That was a problem until about a year or so ago. They have improved it and it has stabilized quite a bit."
report
See which vendors are best for you
Use our free recommendation engine to learn which Vulnerability Management solutions are best for your needs.
See recommendations
814,528 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
17%
Manufacturing Company
11%
Financial Services Firm
11%
University
8%
Computer Software Company
18%
Financial Services Firm
14%
Manufacturing Company
6%
Retailer
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

What is your experience regarding pricing and costs for HackerOne?
It is free.
See all answers
What needs improvement with HackerOne?
The ability to view the conversation between the triagers and the programs will be really good. When an issue gets reported, the understanding conveyed to the program by the triagers is not visible...
See all answers
What is your primary use case for HackerOne?
I mainly use it for downtime activities, earning extra cash alongside a full-time job, and to get new sales and profits.
See all answers
How would you compare Wiz vs Lacework?
Wiz and Lacework sucks... Buy Orca.
See all answers
What do you like most about Lacework?
Polygraph compliance is a valuable feature. In our perspective, it delivers significant benefits. The clarity it offers, along with the ability to identify and address misconfigurations, is invalua...
See all answers
What is your experience regarding pricing and costs for Lacework?
My smaller deployments cost around 200,000 a year, which is probably not as expensive as Wiz.
See all answers
 

Comparisons

Bugcrowd vs HackerOne Logo
Bugcrowd vs HackerOne
Compared 31% of the time
Intigriti vs HackerOne Logo
Intigriti vs HackerOne
Compared 23% of the time
YesWeHack vs HackerOne Logo
YesWeHack vs HackerOne
Compared 16% of the time
Synack vs HackerOne Logo
Synack vs HackerOne
Compared 15% of the time
Cobalt vs HackerOne Logo
Cobalt vs HackerOne
Compared 5% of the time
More HackerOne Competitors
Wiz vs Lacework Logo
Wiz vs Lacework
Compared 29% of the time
Prisma Cloud by Palo Alto Networks vs Lacework Logo
Prisma Cloud by Palo Alto Networks vs Lacework
Compared 11% of the time
AWS GuardDuty vs Lacework Logo
AWS GuardDuty vs Lacework
Compared 9% of the time
Aqua Cloud Security Platform vs Lacework Logo
Aqua Cloud Security Platform vs Lacework
Compared 6% of the time
Snyk vs Lacework Logo
Snyk vs Lacework
Compared 5% of the time
More Lacework Competitors
 

Product Reports

Buyer's Guide
Vulnerability Management
October 2024
HackerOne reportDownload HackerOne product report
Buyer's Guide
Lacework
October 2024
Lacework reportDownload Lacework product report
 

Also Known As

HackerOne Assets, HackerOne Pentesting Services, HackerOne Security Assessments, HackerOne Vulnerability Management
Polygraph
 

Learn More

HackerOne
Video not available
Fortinet
 

Overview

HackerOne becomes your partner who executes all aspects of your bug bounty program, including triage, bounty pricing, and hacker relations, allowing you to fully focus on fixing vulnerabilities.

Lacework is a cloud security platform whose Polygraph Data Platform automates cloud security at scale so customers can innovate with speed and safety. Lacework is the only security platform that can collect, analyze, and accurately correlate data across an organization’s AWS, Azure, GCP, and Kubernetes environments, and narrow it down to the handful of security events that matter. As a breach detection and investigation tool, Lacework provides information on when and how a breach happened, including the users, machines, and applications involved in the breach. By using machine learning and behavioral analytics, the solution can automatically learn what's normal for your environment and reveal any abnormal behavior. In addition, Lacework gives you continuous visibility to find vulnerabilities, misconfigurations, and malicious activity across your cloud environment.

Lacework Features

Lacework has many valuable key features. Some of the most useful ones include:

  • Dashboards
  • Reports
  • Workflow management
  • Administration console
  • Governance
  • Policy enforcement
  • Auditing
  • Access control
  • Workflow management
  • Compliance monitoring
  • Anomaly detection
  • Data loss prevention
  • Cloud gap analytics
  • Host compliance

Lacework Benefits

There are many benefits to implementing Lacework. Some of the biggest advantages the solution offers include:

  • Security visibility: Get deep observability into your cloud accounts, workloads, and microservices to give you tighter security control.
  • Threat detection: By using Lacework, your organization can identify common security events that target your cloud servers, containers, and infrastructure-as-a-service (IaaS) accounts so you can take action on them quickly.
  • Flexible deployment: With Lacework, you have the option to deploy the way you prefer - either agent or agentless - which provides the visibility needed to have maximum security for cloud accounts and systems. Because Lacework offers an easy-to-deploy layered approach, you gain quick time to value.
  • Configuration compliance: With the Lacework solution, you can easily spot IaaS account configurations that are non-compliant and identify opportunities to apply security best practices.
  • Synced teams: Lacework allows your teams to operate smarter and bridge the gap between security, Dev, and Ops regardless of your team's size or experience level.
  • Gain meaningful security insights: Lacework provides meaningful security insights, alerting you of issues before they reach production from your existing workflows. This way you can build apps quickly and confidently.
  • Increased revenue streams: Because the solution has built-in security from the first line of code early on, it helps users unlock higher revenue streams.
  • Helps avoid development delays: The Lacework solution helps you better prioritize security fixes by making security information accessible to DevOps and security teams for earlier risk mitigation that speeds innovation.
  • Increased productivity: Lacework provides alerts with all the context you need and eliminates data silos and costly investigations, enabling you to boost productivity.
  • Correlate and contextualize behaviors: Lacework can take attributes and data points from your unique environment and correlate them together into behaviors.
  • Simplified cloud security posture and compliance: With the Lacework platform, you can get comprehensive visibility and continuous tracking to reduce risks and meet compliance requirements so you can improve your bottom line.
  • Address vulnerabilities before it is too late: Lacework enables you to limit your attack surface so you can address the riskiest vulnerabilities early in the development cycle.
 

Sample Customers

Zenefits, Adobe, Yelp
J.Crew, AdRoll, Snowflake, VMWare, Iterable, Pure Storage, TrueCar, NerdWallet, and more.
Buyer's Guide
HackerOne vs. Lacework
October 2024
Free Report: HackerOne vs. Lacework
Find out what your peers are saying about HackerOne vs. Lacework and other solutions. Updated: October 2024.
DOWNLOAD NOW
814,528 professionals have used our research since 2012.
See our HackerOne vs. Lacework report.
See our list of best Vulnerability Management vendors.

We monitor all Vulnerability Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.