Try our new research platform with insights from 80,000+ expert users

Lacework FortiCNAPP vs Rapid7 InsightVM comparison

The compared Fortinet and Rapid7 solutions aren't in the same category. Fortinet is ranked #16 in VM , with an average rating of 8.7, and holds a 1.5% mindshare in the category. Rapid7 is ranked #4 in RBVM , with an average rating of 8.1, and holds a 19.8% mindshare. Additionally, 90% of Fortinet users are willing to recommend the solution, compared to 88% of Rapid7 users who would recommend it.
Lacework FortiCNAPP
Read 10 Lacework FortiCNAPP reviews
  • 2,216 Views
  • 1,487 Comparison Views
90% willing to recommend
Rapid7 InsightVM
Read 60 Rapid7 InsightVM reviews
  • 5,302 Views
  • 3,556 Comparison Views
88% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive Summary
We performed a comparison between Lacework FortiCNAPP and Rapid7 InsightVM based on real PeerSpot user reviews.

Find out in this report how the two Vulnerability Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Lacework FortiCNAPP vs. Rapid7 InsightVM Report (Updated: March 2023).
Buyer's Guide
Lacework FortiCNAPP vs. Rapid7 InsightVM
March 2023
Download the complete report
Helped 824,067 peers since 2012
 

Categories and Ranking

Lacework FortiCNAPP
Average Rating
8.6
Reviews Sentiment
7.5
Number of Reviews
10
Ranking in other categories
Vulnerability Management (16th), Container Security (13th), Cloud Workload Protection Platforms (CWPP) (12th), Cloud Security Posture Management (CSPM) (15th), Cloud-Native Application Protection Platforms (CNAPP) (11th), Compliance Management (7th)
Rapid7 InsightVM
Average Rating
8.0
Reviews Sentiment
7.0
Number of Reviews
60
Ranking in other categories
Risk-Based Vulnerability Management (4th)
 

Mindshare comparison

While both are Security Software solutions, they serve different purposes. Lacework FortiCNAPP is designed for Vulnerability Management and holds a mindshare of 1.5%, down 2.1% compared to last year.
Rapid7 InsightVM, on the other hand, focuses on Risk-Based Vulnerability Management, holds 19.8% mindshare, up 14.2% since last year.
Vulnerability Management
Risk-Based Vulnerability Management
 

Featured Reviews

Carlos Vitrano - PeerSpot reviewer
Provides quick visibility and significantly reduces alerts
Its integrations with third-party SIEMs can be better. That is one of the things that we discussed with them. We have integrations, for instance, with Splunk. The data that we are receiving in Splunk is huge, and it is valid because Lacework has a bunch of data that they can provide to you. However, to be able to import the data and create alerts, we needed to do some work, so integration is one of the things that they can improve. For container security, how they scan images and how they provide results is something that they need to continue improving in terms of visibility. We already have visibility to several artifacts, but they can take that to the next level and see what else they can do. There can be better integrations with CI/CD pipelines. There can be improvements in terms of how we can take action or how we can report from the number of inventories they are providing to us.
Read full review
Shakeel Ahmad - PeerSpot reviewer
Brilliant audit report and scorecard but scans often get blocked by firewalls
The solution cannot scan third-party tools that have firewalls within them. The firewalls detect and block the solution. Conversely, Nexus is able to bypass firewalls because it has low detectability. We use Nexus when the solution cannot bypass a firewall. The solution can scan 60% of the time but Nexus can scan 90% of the time. The solution needs to improve its vulnerability design to include CVC results. Nexus has a good, long range and a good database for finding CVC numbers. We need this level of security detail but the solution does not seem to provide it.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"There are many valuable features that I use in my daily work. The first are alerts and the event dossier that it generates, based on the severity. That is very insightful and helps me to have a security cap in our infrastructure. The second thing I like is the agent-based vulnerability management, which is the most accurate information."
"The compliance reports are definitely most valuable because they save time and are accurate. So, instead of relying on a human going through and checking or providing me with a report, I could just log into Lacework and see for myself."
"The most valuable aspects are identifying vulnerabilities—things that are out there that we aren't aware of—as well as finding what path of access attackers could use, and being able to see open SSL or S3 buckets and the like."
"Polygraph compliance is a valuable feature. In our perspective, it delivers significant benefits. The clarity it offers, along with the ability to identify and address misconfigurations, is invaluable. When such issues arise, we promptly acknowledge and take action, effectively collaborating with our teams and the responsible parties for those assets. This enables us to promptly manage problems as soon as they arise."
"Lacework is helping a lot in reducing the noise of the alerts. Usually, whenever you have a tool in place, you have a lot of noise in terms of alerts, but the time for an engineer to look into those alerts is limited. Lacework is helping us to consolidate the information that we are getting from the agents and other sources. We are able to focus only on the things that matter, which is the most valuable thing for us. It saves time, and for investigations, we have the right context to take action."
"I find the cloud configuration compliance scanning mature. It generates a lot of data and supports major frameworks like ISO 27001 or SOC 2, providing reports and datasets. Another feature I appreciate is setting custom alerts for specific events. Additionally, I value the agent-based monitoring and scanning for compute nodes. It gives us deeper insights into our workloads and helps identify vulnerabilities across our deployed assets."
"The most valuable feature is Lacework's ability to distill all the security and audit logs. I recommend it to my customers. Normally, when I consult for other customers that are getting into the cloud, we use native security tools. It's more of a rule-based engine."
"For the most part, out-of-the-box, it tells you right away about the things you need to work on. I like the fact that it prioritizes alerts based on severity, so that you can focus your efforts on anything that would be critical/high first, moderate second, and work your way down, trying to continue to improve your security posture."
More Lacework FortiCNAPP pros
"Rapid7 InsightVM has given us a practical view of the vulnerabilities present in our organization."
"I liked the dashboard on it. I could customize my dashboard with different widgets and different heat maps."
"The risk score that they provide makes it easier to find out the biggest risks. It helped the security officers to understand where the biggest risks are so that they can act on them. They can instruct their IT teams to give them a higher priority and mitigate them."
"I rate InsightVM eight out of 10 for ease of setup. It takes two or three engineers to deploy. The solution requires some maintenance. It's mainly cleaning up data."
"The most valuable feature for me is the risk calculation based on monthly effects."
"The solution is automatically scheduled so it runs by itself."
"The assessment is most valuable."
"The performance is good."
More Rapid7 InsightVM pros
 

Cons

"Lacework lacks remediation features, but I believe they're working on that. They're focused on the reporting aspect, but other features need to improve. They're also adding some compliance features, so it's not worth saying they need to get better at it."
"Its integrations with third-party SIEMs can be better. That is one of the things that we discussed with them."
"The configuration and setup of alerts should be easier. They should make it easier to integrate with systems like Slack and Datadog. I didn't spend too much time on it, but to me, it wasn't as simple as the alerting that I've seen on other systems."
"Lacework has not reduced the number of alerts we get. We've actually had to add resources as a result of using it because the application requires a lot of people to understand it to get the value out of it properly."
"The biggest thing I would like to see improved is for them to pursue and obtain a FedRAMP moderate authorization... I don't believe they have any immediate plans to get FedRAMP moderate authorized, which is a bit of a challenge for us because we can only use Lacework in our commercial environment."
"There are a couple of the difficulties we encounter in the realm of cybersecurity, or security as a whole, that relate to potentially limited clarity. Having the capacity to perceive the configuration aspect and having the ability to contribute to it holds substantial advantages, in my view. It ranks high, primarily due to its role in guaranteeing compliance and the potential to uncover vulnerabilities, which could infiltrate the system and introduce potential risks. I had been exploring a specific feature that captured my interest. However, just yesterday, I participated in a product update session that announced the imminent arrival of this feature. The feature involves real-time alerting. This was something I had been anticipating, and it seems that this capability is now being integrated, possibly as part of threat intelligence. While anomaly events consistently and promptly appear in the console, certain alerts tend to experience delays before being displayed. Yet, with the recent product update, this issue is expected to be resolved. Currently, a comprehensive view of all policies is available within the console. However, I want a more tailored display of my compliance posture, focusing specifically on policies relevant to me. For instance, if I'm not subject to HIPAA regulations, I'd prefer not to see the HIPAA compliance details. It's worth noting that even with this request, there exists a filtering mechanism to control the type of compliance information visible. This flexibility provides a workaround to my preference, which is why it's challenging for me to definitively state my exact request."
"The solution lacks a cohesive data model, making extracting the necessary data from the platform challenging. It uses its own LQL query language, and each database across different layers and modules is structured differently, complicating correlation efforts. Consequently, I had to create extensive custom reports outside Lacework because their default dashboards didn't communicate risk metrics. They're addressing these issues by redesigning their tools, including introducing the dashboard, which is a step closer to actionable insights but still needs refinement."
"I would like to see a remote access assistance feature. And the threat-hunting platform could be better."
More Lacework FortiCNAPP cons
"The reporting is very bad when you compare it with other vulnerability assessment tools."
"Rapid7 InsightVM, has impressive capabilities, especially when it comes to managing video equipment. However, we've noticed that Rapid7 also offers a cloud solution called CloudSec, and we don't have that. We think it would be better if InsightVM had all the features for both on-premise and cloud management."
"InsightVM could be improved by providing passive scanning as an option."
"There are certain limitations because of the product being used on a hybrid model. Rapid7 InsightVM doesn't offer a solution purely in the cloud."
"Rapid7 InsightVM could be easier to use for those who are using it for the first time."
"The solution should include a tighter integration with third-party threat modeling and threat intelligence tools."
"There are end-user needs and expectations that are being overlooked in the development that could be addressed by appointing a customer advisory board."
"I think the improvement in the tool should be to provide a better update to users because sometimes the information within the cloud and the scanner are not synchronized very fast."
More Rapid7 InsightVM cons
 

Pricing and Cost Advice

"My smaller deployments cost around 200,000 a year, which is probably not as expensive as Wiz."
"The pricing has gotten better. That scenario was somewhat unstable. They have a rather interesting licensing structure. I believe you get 200 resources per "Lacework unit." It was difficult, in the beginning, to figure out exactly what a "resource" was... That was a problem until about a year or so ago. They have improved it and it has stabilized quite a bit."
"The licensing fee was approximately $80,000 USD, per year."
"It is slightly expensive. It depends on how big your environment is, but it is expensive. Right now, we are spending a lot of money. We have covered all of the cloud providers and most of our colocation facilities as well, so we cannot complain, but it is slightly expensive. It is not super expensive."
"Comparing the price with the value that we receive, I am not happy with it."
"Its price is too high. My only concern or issue with Rapid7 is its pricing."
"It is pretty expensive. It depends on what you consider pricey, however, if you only look at vulnerability management solutions, such as within VM or VMDR, there are, I suppose the prices are almost the same. But I believe you will discover that for yourself."
"This solution is expensive, but it's fine for us as we have an open budget for security solutions. Protection and having the system secured is more important."
"In some cases, we procure the licenses. In some cases, the customers directly buy the license from Rapid7."
"The solution's pricing is better than Nexus which charges a high amount for very little use."
"The tool's price is neither too high nor too low. My company needs to pay 65,000 per year. There are no additional costs apart from the licensing fees attached to the solution."
"We purchase annual licenses."
More Rapid7 InsightVM pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Vulnerability Management solutions are best for your needs.
See recommendations
824,067 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
18%
Financial Services Firm
13%
Manufacturing Company
6%
Retailer
5%
Educational Organization
41%
Computer Software Company
10%
Financial Services Firm
7%
Manufacturing Company
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about Lacework?
Polygraph compliance is a valuable feature. In our perspective, it delivers significant benefits. The clarity it offers, along with the ability to identify and address misconfigurations, is invalua...
See all answers
What is your experience regarding pricing and costs for Lacework?
My smaller deployments cost around 200,000 a year, which is probably not as expensive as Wiz.
See all answers
What needs improvement with Lacework?
The solution lacks a cohesive data model, making extracting the necessary data from the platform challenging. It uses its own LQL query language, and each database across different layers and modul...
See all answers
How would you choose between Rapid7 InsightVM and Tenable Nessus?
You have full visibility across cloud, network, virtual, and containerized infrastructures with Rapid7 Insight VM. You can easily prioritize vulnerabilities using attacker analytics. Overall, Rapid...
See all answers
What do you like most about Rapid7 InsightVM?
The product's initial setup phase was very easy.
See all answers
What is your experience regarding pricing and costs for Rapid7 InsightVM?
Rapid7 is a bit expensive.
See all answers
 

Comparisons

Wiz vs Lacework FortiCNAPP Logo
Wiz vs Lacework FortiCNAPP
Compared 29% of the time
Prisma Cloud by Palo Alto Networks vs Lacework FortiCNAPP Logo
Prisma Cloud by Palo Alto Networks vs Lacework FortiCNAPP
Compared 14% of the time
AWS GuardDuty vs Lacework FortiCNAPP Logo
AWS GuardDuty vs Lacework FortiCNAPP
Compared 9% of the time
Aqua Cloud Security Platform vs Lacework FortiCNAPP Logo
Aqua Cloud Security Platform vs Lacework FortiCNAPP
Compared 5% of the time
Cloudflare vs Lacework FortiCNAPP Logo
Cloudflare vs Lacework FortiCNAPP
Compared 2% of the time
More Lacework FortiCNAPP Competitors
Tenable Nessus vs Rapid7 InsightVM Logo
Tenable Nessus vs Rapid7 InsightVM
Compared 21% of the time
Qualys VMDR vs Rapid7 InsightVM Logo
Qualys VMDR vs Rapid7 InsightVM
Compared 18% of the time
Tenable Security Center vs Rapid7 InsightVM Logo
Tenable Security Center vs Rapid7 InsightVM
Compared 12% of the time
Microsoft Defender Vulnerability Management vs Rapid7 InsightVM Logo
Microsoft Defender Vulnerability Management vs Rapid7 InsightVM
Compared 8% of the time
More Rapid7 InsightVM Competitors
 

Product Reports

Buyer's Guide
Lacework FortiCNAPP
December 2024
Lacework FortiCNAPP reportDownload Lacework FortiCNAPP product report
Buyer's Guide
Rapid7 InsightVM
December 2024
Rapid7 InsightVM reportDownload Rapid7 InsightVM product report
 

Also Known As

Polygraph, FortiCNP
InsightVM, NeXpose
 

Learn More

Fortinet
Rapid7
 

Overview

Lacework FortiCNAPP provides robust cloud security, combining vulnerability management and multi-cloud insight with user-friendly controls, machine learning detection, and compliance support.

Lacework FortiCNAPP specializes in cloud security by merging machine learning anomaly detection with agent-based vulnerability management to offer detailed alerts and compliance reports. Its comprehensive approach allows continuous monitoring across AWS and Kubernetes, providing insights from an attacker's perspective. The platform offers automation and seamless Slack integration, facilitating collaborative and efficient cloud security management. Users value its ability to handle multi-cloud environments and scan IAC scripts, configurations, and compute nodes across AWS and GCP.

What are the key features?
  • Machine Learning Detection: Identifies anomalies effectively.
  • Compliance Reports: Provides precise compliance documentation.
  • Vulnerability Management: Supports agent-based vulnerability assessments.
  • Multi-Cloud Support: Manages and secures across multiple cloud providers.
  • Automation and Collaboration: Enables integration with Slack for streamlined communication.
  • Custom Alerts: Allows creation of personalized alerts for better focus.
What benefits do users expect?
  • Reduced Alert Noise: Minimizes distractions with filtered alerts.
  • Efficient Cloud Security: Automates processes for enhanced security management.
  • Collaboration Support: Integrates with tools like Slack.
  • Insightful Perspective: Provides insight from an attacker's viewpoint.

Organizations across sectors leverage Lacework FortiCNAPP for cloud security, focusing on compliance, security posture, and vulnerability management. It is widely used for monitoring AWS and Kubernetes environments, scanning IAC scripts, configurations, and securing compute nodes. It supports multi-cloud security posture management and log ingestion, enabling companies to maintain strong cloud infrastructures without dedicated security layers.

Rapid7 InsightVM is a comprehensive vulnerability management platform that protects your systems from attackers and is easy to scale. The solution provides easy access to vulnerability management, application security, detection and response, external threat intelligence, orchestration and automation, and more. Rapid7 InsightVM is ideal for security, IT, and DevOps teams, helping them reduce risk by enabling them to detect and respond to attacks quickly.

Rapid7 InsightVM Features

Rapid7 InsightVM has many valuable key features. Some of the most useful ones include:

  • Automated containment: With this feature, you can decrease exposure from vulnerabilities by automatically implementing temporary (or permanent) compensating controls via your network access control (NAC) systems, firewalls, and endpoint detection and response tools.
  • Policy assessment: Rapid7 InsightVM offers pre-built scan templates for common compliance requirements. The solution helps you take clear, actionable steps to compliance once you have assessed your risk posture. In addition, Rapid7 InsightVM’s Custom Policy Builder allows you to modify existing benchmarks or create new policies from scratch.
  • REST API: Rapid7 InsightVM REST API is easy to use and was built to easily automate virtually any aspect of vulnerability management, from data collection to risk analysis.
  • Live dashboards: Rapid7 InsightVM includes dashboards that are live and interactive by nature. The live dashboards enable you to create custom cards and full dashboards for anyone in your organization and allow you to track progress of your security program.
  • Automation-assisted patching: Rapid7 InsightVM’s automation-assisted patching gives you the autonomy to make key decisions in your patching process, such as your approval to apply certain patches to certain vulnerabilities.
  • Real risk prioritization: Rapid7 InsightVM makes it simple to know which vulnerabilities need to be prioritized and where your riskiest assets lie.
  • Goals and SLA’s: This feature enables you to make and track progress toward your goals and service level agreements (SLAs) at an appropriate pace.

Rapid7 InsightVM Benefits

There are many benefits to implementing Rapid7 InsightVM. Some of the biggest advantages the solution offers include:

  • Attack surface monitoring for maintained visibility: By leveraging attack surface monitoring with Project Sonar (a Rapid7 research project that regularly scans the internet to gain insights into global exposure to common vulnerabilities), you can gain more control of all of your external-facing assets, both known and unknown.
  • Container security: Rapid7 InsightVM integrates with your CI/CD tools, public container repositories, and private repositories to assess container images for vulnerabilities during the build process even before they are deployed.
  • Lightweight endpoint agent: Rapid7 InsightVM unifies data so you only need to install a single agent for continuous vulnerability assessment, incident detection, and log data collection.
  • Easily assign and track remediation duties: Using Rapid7 InsightVM, IT and security teams can assign as well as track remediation duties without having to deal with remediation reports, complex spreadsheets, or back-and-forth email tags.
  • Integration with cloud services and virtual infrastructure: Rapid7 InsightVM provides full visibility into risk across your physical, virtual, and cloud infrastructure.
  • Integrated threat feeds: Rapid7 InsightVM is designed with integrated threat feeds, giving you a dynamic view that shows you which threats are most relevant to your environment, enabling you to better protect against current, impending threats so you can react quickly to critical vulnerabilities.

Reviews from Real Users

Below are some reviews and helpful feedback written by PeerSpot users currently using the Rapid7 InsightVM solution.

An owner at a tech services company says, "I liked the dashboard on it. I could customize my dashboard with different widgets and different heat maps."

PeerSpot user Kimeang S., Technical Consultant at Yip Intsoi, mentions, "The most important aspect of the solution is that it rarely gives false positives, especially compared to other products. It provides very clear reports for our IT teams to look at."

A Director of Information Technology at a government explains, "The main functionality of identifying item endpoints that weren't properly patched or had vulnerabilities is the solution's most valuable feature."

 

Sample Customers

J.Crew, AdRoll, Snowflake, VMWare, Iterable, Pure Storage, TrueCar, NerdWallet, and more.
ACS, Acosta, AllianceData, amazon.com, biogen idec, CBRE, CATERPILLAR, Deloitte, COACH, GameStop, IBM
Buyer's Guide
Lacework FortiCNAPP vs. Rapid7 InsightVM
March 2023
Free Report: Lacework FortiCNAPP vs. Rapid7 InsightVM
Find out what your peers are saying about Lacework FortiCNAPP vs. Rapid7 InsightVM and other solutions. Updated: March 2023.
DOWNLOAD NOW
824,067 professionals have used our research since 2012.
See our Lacework FortiCNAPP vs. Rapid7 InsightVM report.

We monitor all Vulnerability Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.