JFrog Xray vs Lacework FortiCNAPP comparison

JFrog and Fortinet are both solutions in the Vulnerability Management category. JFrog is ranked #24 with an average rating of 8.0, while Fortinet is ranked #16 with an average rating of 8.7. JFrog holds a 1.1% mindshare in VM, compared to Fortinet’s 1.5% mindshare. Additionally, 100% of JFrog users are willing to recommend the solution, compared to 90% of Fortinet users who would recommend it.

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Dec 12, 2024

Lacework FortiCNAPP and JFrog Xray compete in cloud security and software composition analysis, respectively. JFrog Xray is superior due to its robust features and alignment with cost.

Features: Lacework FortiCNAPP offers extensive cloud security capabilities with features like anomaly detection, compliance monitoring, and security orchestration. JFrog Xray provides advanced software component scanning, open source vulnerability detection, and license compliance, enhancing software security and risk management.

Room for Improvement: Lacework FortiCNAPP could enhance its focus on software integrity, streamline user interface complexities, and improve alert customization. JFrog Xray may benefit from expanding cloud security capabilities, enhancing scalability for larger enterprises, and refining its integration with CI/CD tools.

Ease of Deployment and Customer Service: Lacework FortiCNAPP integrates seamlessly into cloud environments, supported by efficient customer service. JFrog Xray offers straightforward deployment within CI/CD pipelines, backed by responsive customer support, focusing on development pipeline integration.

Pricing and ROI: Lacework FortiCNAPP involves a higher initial cost, justified by its expansive security capabilities for cloud-reliant enterprises, leading to strong ROI. JFrog Xray offers competitive pricing, perceived as cost-effective with its specialized scanning functionalities, yielding a strong ROI for software development-focused organizations.

To learn more, read our detailed JFrog Xray vs. Lacework FortiCNAPP Report (Updated: November 2024).

Buyer's Guide

JFrog Xray vs. Lacework FortiCNAPP

November 2024

Download the complete report

Helped 823,875 peers since 2012

Categories and Ranking

SentinelOne Singularity Clo...

Mindshare comparison

As of December 2024, in the Vulnerability Management category, the mindshare of SentinelOne Singularity Cloud Security is 1.3%, up from 0.3% compared to the previous year. The mindshare of JFrog Xray is 1.1%, up from 0.2% compared to the previous year. The mindshare of Lacework FortiCNAPP is 1.5%, down from 2.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Vulnerability Management

Featured Reviews

Andrew W

VP - Information Technology at a financial services firm with 201-500 employees

Tells us about vulnerabilities as well as their impact and helps to focus on real issues

Looking at all the different pieces, it has got everything we need. Some of the pieces we do not even use. For example, we do not have Kubernetes Security. We are not running any K8 clusters, so it is good for us. Overall, we find the solution to be fantastic. There can be additional education components. This may not be truly fair to them because of what the product is going for, but it would be great to see additional education for compliance. It is not a criticism of the tool per se, but anything to help non-development resources understand some of the complexities of the cloud is always appreciated. Any additional educational resources are always helpful for security teams, especially those without a development background.

Read full review

Mokshi Pandita

DevOps Engineer at Rambøll Danmark A/S

An intelligent solution that prioritizes which vulnerability to target first in your project

We could create any number of repositories, but we can create only thirty projects with JFrog Xray. If I want things to work, it has to be one project and multiple repositories that belong to different real projects. So I have a limitation of thirty projects, despite being a premium customer. JFrog Xray does not have a dashboard. Although I am able to generate reports, there is no proper dashboard where I can see the total number of vulnerabilities, the total number of license issues, and how many vulnerabilities are fixed. Second, I found the shift left approach missing with JFrog Xray. JFrog Xray has integration with IDEs, but it does not tell you about the vulnerabilities until the artifact is created. However, Snyk could directly integrate with your repository and would not allow you to build unless you fix the problem.

Read full review

Robert Croteau

Director of Enablement at Avesha

It provides a good overview of our security posture

The most valuable feature is Lacework's ability to distill all the security and audit logs. I recommend it to my customers. Normally, when I consult for other customers that are getting into the cloud, we use native security tools. It's more of a rule-based engine. They have to go in and put their policies in place. It's hard for them to implement that, especially if they don't have a real security team. The team's policymakers don't do anything. Lacework takes out all the noise and gives them bits of things that actually matter with the application after it learns the behavior.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"The offensive security where they do a fix is valuable. They go to a misconfiguration and provide detailed alerts on what could be there. They also provide a remediation feature where if we give the permission, they can also go and fix the issue."

"The real-time detection and response capabilities overall are great."

"PingSafe offers three key features: vulnerability management notifications, cloud configuration assistance, and security scanning."

"PingSafe's integration is smooth. They are highly customer-oriented, and the integration went well for us."

"We really appreciate the Slack integration. When we have an incident, we get an instant notification. We also use Joe Sandbox, which Singularity can integrate with, so we can verify if a threat is legitimate."

"It used to guide me about an alert. There is something called an alert guide. I used to click on the alert guide, and I could read everything. I could read about the alert and how to resolve it. I used to love that feature."

"Singularity Cloud Security's most valuable features are its ease of scalability and comprehensive security measures."

"SentinelOne Singularity Cloud Security offers several valuable features, most notably the rapid vulnerability notifications that provide timely alerts regarding our infrastructure."

More SentinelOne Singularity Cloud Security pros

"Good reporting functionalities."

"JFrog Xray shows us a list of vulnerabilities that can impact our code."

"The solution is stable and reliable."

"I would say that this solution has helped our organization by allowing us to automate a lot of the processes."

"If multiple dependencies and vulnerabilities are found in a project, JFrog Xray is intelligent enough to tell you which vulnerability to target first."

"JFrog Xray's reporting feature has a lot of options in it, including scanning."

"The most valuable features of JFrog Xray are its curation capabilities, its native integration with Artifactory, scanning for vulnerabilities, and license compliance features."

More JFrog Xray pros

"The best feature, in my opinion, is the ease of use."

"Polygraph compliance is a valuable feature. In our perspective, it delivers significant benefits. The clarity it offers, along with the ability to identify and address misconfigurations, is invaluable. When such issues arise, we promptly acknowledge and take action, effectively collaborating with our teams and the responsible parties for those assets. This enables us to promptly manage problems as soon as they arise."

"For the most part, out-of-the-box, it tells you right away about the things you need to work on. I like the fact that it prioritizes alerts based on severity, so that you can focus your efforts on anything that would be critical/high first, moderate second, and work your way down, trying to continue to improve your security posture."

"The most valuable feature, from a compliance perspective, is the ability to use Lacework as a platform for multiple compliance standards. We have to meet multiple standards like PCI, SOC 2, CIS, and whatever else is out there. The ability to have reports generated, per security standard, is one of the best features for me."

"Lacework is helping a lot in reducing the noise of the alerts. Usually, whenever you have a tool in place, you have a lot of noise in terms of alerts, but the time for an engineer to look into those alerts is limited. Lacework is helping us to consolidate the information that we are getting from the agents and other sources. We are able to focus only on the things that matter, which is the most valuable thing for us. It saves time, and for investigations, we have the right context to take action."

"The most valuable aspects are identifying vulnerabilities—things that are out there that we aren't aware of—as well as finding what path of access attackers could use, and being able to see open SSL or S3 buckets and the like."

"There are many valuable features that I use in my daily work. The first are alerts and the event dossier that it generates, based on the severity. That is very insightful and helps me to have a security cap in our infrastructure. The second thing I like is the agent-based vulnerability management, which is the most accurate information."

"I find the cloud configuration compliance scanning mature. It generates a lot of data and supports major frameworks like ISO 27001 or SOC 2, providing reports and datasets. Another feature I appreciate is setting custom alerts for specific events. Additionally, I value the agent-based monitoring and scanning for compute nodes. It gives us deeper insights into our workloads and helps identify vulnerabilities across our deployed assets."

More Lacework FortiCNAPP pros

Cons

"I would like PingSafe to add real-time detection of vulnerabilities and cloud misconfigurations."

"It would be really helpful if the solution improves its agent deployment process."

"I would like to see the map feature improve. It's good, but it isn't fully developed. It lets us use custom resources and policies but does not allow us to perform some actions. I would also like more custom integration and runtime security for Kubernetes."

"The alerting system of the product is an area that I look at and sometimes get confused about. I feel the alerting feature needs improvement."

"The documentation that I use for the initial setup can be more detailed or written in a more user-friendly language to avoid troubles."

"Whenever I view the processes and the process aspect, it takes a long time to load."

"One potential drawback is the cost of SentinelOne Singularity Cloud Security, which may be prohibitive for smaller businesses or startups, particularly those in regions with lower average incomes, such as India."

"There is no break-glass account feature. They should implement this as soon as possible because we can't implement SSO without a break-glass feature."

More SentinelOne Singularity Cloud Security cons

"JFrog Xray does not have a dashboard."

"JFrog Xray's documentation and error logging could be improved."

"Since we have been using the solution via APIs, there are some limitations in the APIs."

"I think that the user interface should be expanded to provide customers with a better dashboard for reviewing their feedback regarding their images and the vulnerabilities that are associated with the images."

"X-ray needs improvement in supporting more than one database, as it currently only supports PostgreSQL."

"The speed of JFrog Xray should improve. Other solutions have better performance."

"Reporting is crucial, but it is lacking in the current tool. Every organization seeks specific data points rather than general information. Therefore, we require customized reports from the Xray tool."

"Lacks deeper reporting, the ability to compare things."

More JFrog Xray cons

"I would like to see a remote access assistance feature. And the threat-hunting platform could be better."

"The solution lacks a cohesive data model, making extracting the necessary data from the platform challenging. It uses its own LQL query language, and each database across different layers and modules is structured differently, complicating correlation efforts. Consequently, I had to create extensive custom reports outside Lacework because their default dashboards didn't communicate risk metrics. They're addressing these issues by redesigning their tools, including introducing the dashboard, which is a step closer to actionable insights but still needs refinement."

"Lacework has not reduced the number of alerts we get. We've actually had to add resources as a result of using it because the application requires a lot of people to understand it to get the value out of it properly."

"The biggest thing I would like to see improved is for them to pursue and obtain a FedRAMP moderate authorization... I don't believe they have any immediate plans to get FedRAMP moderate authorized, which is a bit of a challenge for us because we can only use Lacework in our commercial environment."

"A feature that I have requested from them is the ability to sort alerts and policies based on a security framework. Right now, when you go into alerts, you have hundreds and hundreds of them that you have to manually pick. It would be useful to have categories for CIS Benchmark or SOC 2 and be able to display all the alerts and policies for one security framework."

"The configuration and setup of alerts should be easier. They should make it easier to integrate with systems like Slack and Datadog. I didn't spend too much time on it, but to me, it wasn't as simple as the alerting that I've seen on other systems."

"Its integrations with third-party SIEMs can be better. That is one of the things that we discussed with them."

"Lacework lacks remediation features, but I believe they're working on that. They're focused on the reporting aspect, but other features need to improve. They're also adding some compliance features, so it's not worth saying they need to get better at it."

More Lacework FortiCNAPP cons

Pricing and Cost Advice

"PingSafe is fairly priced."

"It was reasonable pricing for me."

"I am not involved in the pricing, but it is cost-effective."

"Their pricing appears to be based simply on the number of accounts we have, which is common for cloud-based products."

"As a partner, we receive a discount on the licenses."

"I would rate the cost a seven out of ten with ten being the most costly."

"I understand that SentinelOne is a market leader, but the bill we received was astronomical."

"For pricing, it currently seems to be in line with market rates."

More SentinelOne Singularity Cloud Security pricing and cost advice

Information not available

"The pricing has gotten better. That scenario was somewhat unstable. They have a rather interesting licensing structure. I believe you get 200 resources per "Lacework unit." It was difficult, in the beginning, to figure out exactly what a "resource" was... That was a problem until about a year or so ago. They have improved it and it has stabilized quite a bit."

"The licensing fee was approximately $80,000 USD, per year."

"My smaller deployments cost around 200,000 a year, which is probably not as expensive as Wiz."

"It is slightly expensive. It depends on how big your environment is, but it is expensive. Right now, we are spending a lot of money. We have covered all of the cloud providers and most of our colocation facilities as well, so we cannot complain, but it is slightly expensive. It is not super expensive."

See which vendors are best for you

Use our free recommendation engine to learn which Vulnerability Management solutions are best for your needs.

See recommendations

823,875 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Computer Software Company

19%

Financial Services Firm

15%

Manufacturing Company

Government

Financial Services Firm

24%

Manufacturing Company

14%

Computer Software Company

12%

Healthcare Company

Computer Software Company

18%

Financial Services Firm

13%

Manufacturing Company

Retailer

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

What do you like most about PingSafe?

The dashboard gives me an overview of all the things happening in the product, making it one of the tool's best featu...

See all answers

What is your experience regarding pricing and costs for PingSafe?

SentinelOne provided competitive pricing compared to other vendors, and we are satisfied with the deal.

See all answers

What needs improvement with PingSafe?

To enhance the notification system's efficiency, resolved issues should be promptly removed from the portal. Currentl...

See all answers

What do you like most about JFrog Xray?

JFrog Xray shows us a list of vulnerabilities that can impact our code.

See all answers

What needs improvement with JFrog Xray?

X-ray needs improvement in supporting more than one database, as it currently only supports PostgreSQL. More support ...

See all answers

What is your primary use case for JFrog Xray?

Our primary use case for X-ray includes multiple activities such as security and vulnerability scanning. We already u...

See all answers

What do you like most about Lacework?

Polygraph compliance is a valuable feature. In our perspective, it delivers significant benefits. The clarity it offe...

See all answers

What is your experience regarding pricing and costs for Lacework?

My smaller deployments cost around 200,000 a year, which is probably not as expensive as Wiz.

See all answers

What needs improvement with Lacework?

The solution lacks a cohesive data model, making extracting the necessary data from the platform challenging. It uses...

See all answers

Comparisons

Wiz vs SentinelOne Singularity Cloud Security

Compared 31% of the time

Prisma Cloud by Palo Alto Networks vs SentinelOne Singularity Cloud Security

Compared 23% of the time

AWS GuardDuty vs SentinelOne Singularity Cloud Security

Compared 8% of the time

Orca Security vs SentinelOne Singularity Cloud Security

Compared 6% of the time

Qualys VMDR vs SentinelOne Singularity Cloud Security

Compared 2% of the time

More SentinelOne Singularity Cloud Security Competitors

Black Duck vs JFrog Xray

Compared 20% of the time

Trivy vs JFrog Xray

Compared 14% of the time

Veracode vs JFrog Xray

Compared 7% of the time

Snyk vs JFrog Xray

Compared 6% of the time

Prisma Cloud by Palo Alto Networks vs JFrog Xray

Compared 6% of the time

More JFrog Xray Competitors

Wiz vs Lacework FortiCNAPP

Compared 29% of the time

Prisma Cloud by Palo Alto Networks vs Lacework FortiCNAPP

Compared 14% of the time

AWS GuardDuty vs Lacework FortiCNAPP

Compared 9% of the time

Aqua Cloud Security Platform vs Lacework FortiCNAPP

Compared 5% of the time

Tenable Cloud Security vs Lacework FortiCNAPP

Compared 2% of the time

More Lacework FortiCNAPP Competitors

Product Reports

Buyer's Guide

SentinelOne Singularity Cloud Security

October 2024

SentinelOne Singularity Cloud Security report

Download SentinelOne Singularity Cloud Security product report

Buyer's Guide

JFrog Xray

December 2024

Download JFrog Xray product report

Buyer's Guide

Lacework FortiCNAPP

December 2024

Download Lacework FortiCNAPP product report

Also Known As

PingSafe

JFrog Security Essentials

Polygraph, FortiCNP

Learn More

SentinelOne

JFrog

Fortinet

Overview

SentinelOne Singularity Cloud Security protects cloud workloads, offering advanced threat detection and automated response. It integrates seamlessly with cloud environments and secures containerized applications and virtual machines against vulnerabilities.

SentinelOne Singularity Cloud Security is renowned for its efficiency in mitigating threats in real-time. The platform integrates effortlessly with existing cloud environments, ensuring robust cloud security management with minimal manual intervention. Securing containerized applications and virtual machines, it excels in threat intelligence and endpoint protection. However, improvements are needed in performance during high workload periods, and more integrations with third-party tools and better documentation would be beneficial. Users often find the installation process complex, support response times slow, and the dashboard's navigation unintuitive.

What are the key features of SentinelOne Singularity Cloud Security?

Real-time Threat Detection: Identifies and mitigates threats as they occur.
Automated Response: Automatically responds to threats to minimize impact.
Ease of Deployment: Simple setup process with scalable options.
Machine Learning Insights: AI-driven insights enhance threat prevention.
Seamless Integration: Integrates with cloud environments for unified security management.

What are the primary benefits or ROI to expect from SentinelOne Singularity Cloud Security?

Enhanced Threat Mitigation: Improved security against real-time threats.
Reduced Manual Intervention: Automated processes save time and resources.
Scalability: Easily adapts to growing security requirements.
Centralized Management: Manage security across platforms from a single console.
Advanced Threat Intelligence: Provides in-depth analysis and protection.

In specific industries, SentinelOne Singularity Cloud Security is implemented to safeguard critical data and infrastructure. Organizations in finance, healthcare, and technology depend on its real-time threat detection and automated response to protect sensitive information. Its ability to secure containerized applications and virtual machines is particularly valuable in dynamic environments where rapid scaling is necessary.

JFrog is on a mission to enable continuous updates through Liquid Software, empowering developers to code high-quality applications that securely flow to end-users with zero downtime. The world’s top brands such as Amazon, Facebook, Google, Netflix, Uber, VMware, and Spotify are among the 4500 companies that already depend on JFrog to manage binaries for their mission-critical applications. JFrog is a privately-held, global company, and is a proud sponsor of the Cloud Native Computing Foundation [CNCF].

If you are a team player and you care and you play to WIN, we have just the job you're looking for.

As we say at JFrog: "Once You Leap Forward You Won't Go Back!"

Lacework FortiCNAPP provides robust cloud security, combining vulnerability management and multi-cloud insight with user-friendly controls, machine learning detection, and compliance support.

Lacework FortiCNAPP specializes in cloud security by merging machine learning anomaly detection with agent-based vulnerability management to offer detailed alerts and compliance reports. Its comprehensive approach allows continuous monitoring across AWS and Kubernetes, providing insights from an attacker's perspective. The platform offers automation and seamless Slack integration, facilitating collaborative and efficient cloud security management. Users value its ability to handle multi-cloud environments and scan IAC scripts, configurations, and compute nodes across AWS and GCP.

What are the key features?

Machine Learning Detection: Identifies anomalies effectively.
Compliance Reports: Provides precise compliance documentation.
Vulnerability Management: Supports agent-based vulnerability assessments.
Multi-Cloud Support: Manages and secures across multiple cloud providers.
Automation and Collaboration: Enables integration with Slack for streamlined communication.
Custom Alerts: Allows creation of personalized alerts for better focus.

What benefits do users expect?

Reduced Alert Noise: Minimizes distractions with filtered alerts.
Efficient Cloud Security: Automates processes for enhanced security management.
Collaboration Support: Integrates with tools like Slack.
Insightful Perspective: Provides insight from an attacker's viewpoint.

Organizations across sectors leverage Lacework FortiCNAPP for cloud security, focusing on compliance, security posture, and vulnerability management. It is widely used for monitoring AWS and Kubernetes environments, scanning IAC scripts, configurations, and securing compute nodes. It supports multi-cloud security posture management and log ingestion, enabling companies to maintain strong cloud infrastructures without dedicated security layers.

Sample Customers

Information Not Available

google, amazon, cisco, netflix, oracle, vmware, facebook

J.Crew, AdRoll, Snowflake, VMWare, Iterable, Pure Storage, TrueCar, NerdWallet, and more.

Buyer's Guide

JFrog Xray vs. Lacework FortiCNAPP

November 2024

Free Report: JFrog Xray vs. Lacework FortiCNAPP

Find out what your peers are saying about JFrog Xray vs. Lacework FortiCNAPP and other solutions. Updated: November 2024.

DOWNLOAD NOW

823,875 professionals have used our research since 2012.

See our JFrog Xray vs. Lacework FortiCNAPP report.

See our list of best Vulnerability Management vendors and best Container Security vendors.

We monitor all Vulnerability Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.