Lacework FortiCNAPP vs Tenable Nessus comparison

Fortinet and Tenable are both solutions in the Vulnerability Management category. Fortinet is ranked #16 with an average rating of 8.7, while Tenable is ranked #1 with an average rating of 8.3. Fortinet holds a 1.5% mindshare in VM, compared to Tenable’s 12.6% mindshare. Additionally, 90% of Fortinet users are willing to recommend the solution, compared to 98% of Tenable users who would recommend it.

Lacework FortiCNAPP

Read 10 Lacework FortiCNAPP reviews

2,216 Views
1,487 Comparison Views

90% willing to recommend

Tenable Nessus

Read 80 Tenable Nessus reviews

15,036 Views
11,200 Comparison Views

98% willing to recommend

Lacework FortiCNAPP

Tenable Nessus

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Dec 12, 2024

Tenable Nessus and Lacework FortiCNAPP compete in vulnerability management, each possessing unique strengths. Tenable Nessus is favored for its affordability and integration, while Lacework FortiCNAPP stands out in compliance and cloud environments.

Features: Tenable Nessus offers extensive vulnerability detection, predictive prioritization, and reliable integration with DevOps tools, making it adaptable for varied platforms. Lacework FortiCNAPP excels in real-time anomaly detection, automatic alerts, and detailed forensic explanations, optimizing compliance management in cloud-centric environments.

Room for Improvement: Tenable Nessus users suggest enhanced reporting, more intuitive exports, and broader integration with emerging interfaces. Others note concerns about cloud transition and broader IT ecosystem support. Lacework FortiCNAPP users desire improved remediation features, easier alert management, and better cloud data governance, particularly in compliance-critical settings.

Ease of Deployment and Customer Service: Tenable Nessus is praised for seamless deployment in on-premises and hybrid clouds, supported by responsive technical support with suggested faster response times. Lacework FortiCNAPP stands out in public cloud deployments, offering efficient support, though enhanced customization options could streamline alerts and policy frameworks.

Pricing and ROI: Tenable Nessus is noted for competitive pricing, offering significant ROI through comprehensive vulnerability assessments, especially suitable for small to medium-sized setups. Lacework FortiCNAPP, while higher in cost, provides value through sophisticated cloud-native features and flexible licensing models, making it suitable for modern cloud infrastructures.

To learn more, read our detailed Lacework FortiCNAPP vs. Tenable Nessus Report (Updated: December 2024).

Buyer's Guide

Lacework FortiCNAPP vs. Tenable Nessus

December 2024

Download the complete report

Helped 823,875 peers since 2012

Categories and Ranking

Lacework FortiCNAPP

Ranking in Vulnerability Management

16th

Average Rating

8.6

Reviews Sentiment

7.5

Number of Reviews

Ranking in other categories

Container Security (13th), Cloud Workload Protection Platforms (CWPP) (12th), Cloud Security Posture Management (CSPM) (15th), Cloud-Native Application Protection Platforms (CNAPP) (11th), Compliance Management (7th)

Tenable Nessus

Ranking in Vulnerability Management

1st

Average Rating

8.4

Reviews Sentiment

7.3

Number of Reviews

Ranking in other categories

No ranking in other categories

Mindshare comparison

As of December 2024, in the Vulnerability Management category, the mindshare of Lacework FortiCNAPP is 1.5%, down from 2.1% compared to the previous year. The mindshare of Tenable Nessus is 12.6%, down from 15.3% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Vulnerability Management

Featured Reviews

Robert Croteau

Director of Enablement at Avesha

It provides a good overview of our security posture

The most valuable feature is Lacework's ability to distill all the security and audit logs. I recommend it to my customers. Normally, when I consult for other customers that are getting into the cloud, we use native security tools. It's more of a rule-based engine. They have to go in and put their policies in place. It's hard for them to implement that, especially if they don't have a real security team. The team's policymakers don't do anything. Lacework takes out all the noise and gives them bits of things that actually matter with the application after it learns the behavior.

Read full review

Matthew Weisler

Sole Proprietor at Core-Infosec

Unlimited assets for one price and quick, agentless results

The solution has a single price for unlimited assets. Value wise, the solution is also great for pen testers and consultants. The solution is useful for vulnerability and patch management from both the internal and public facing sides. Quick assessments, compliance scores, and results are provided without having to do agents.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"The most valuable feature, from a compliance perspective, is the ability to use Lacework as a platform for multiple compliance standards. We have to meet multiple standards like PCI, SOC 2, CIS, and whatever else is out there. The ability to have reports generated, per security standard, is one of the best features for me."

"Lacework is helping a lot in reducing the noise of the alerts. Usually, whenever you have a tool in place, you have a lot of noise in terms of alerts, but the time for an engineer to look into those alerts is limited. Lacework is helping us to consolidate the information that we are getting from the agents and other sources. We are able to focus only on the things that matter, which is the most valuable thing for us. It saves time, and for investigations, we have the right context to take action."

"Polygraph compliance is a valuable feature. In our perspective, it delivers significant benefits. The clarity it offers, along with the ability to identify and address misconfigurations, is invaluable. When such issues arise, we promptly acknowledge and take action, effectively collaborating with our teams and the responsible parties for those assets. This enables us to promptly manage problems as soon as they arise."

"For the most part, out-of-the-box, it tells you right away about the things you need to work on. I like the fact that it prioritizes alerts based on severity, so that you can focus your efforts on anything that would be critical/high first, moderate second, and work your way down, trying to continue to improve your security posture."

"I find the cloud configuration compliance scanning mature. It generates a lot of data and supports major frameworks like ISO 27001 or SOC 2, providing reports and datasets. Another feature I appreciate is setting custom alerts for specific events. Additionally, I value the agent-based monitoring and scanning for compute nodes. It gives us deeper insights into our workloads and helps identify vulnerabilities across our deployed assets."

"There are many valuable features that I use in my daily work. The first are alerts and the event dossier that it generates, based on the severity. That is very insightful and helps me to have a security cap in our infrastructure. The second thing I like is the agent-based vulnerability management, which is the most accurate information."

"The most valuable aspects are identifying vulnerabilities—things that are out there that we aren't aware of—as well as finding what path of access attackers could use, and being able to see open SSL or S3 buckets and the like."

"The most valuable feature is Lacework's ability to distill all the security and audit logs. I recommend it to my customers. Normally, when I consult for other customers that are getting into the cloud, we use native security tools. It's more of a rule-based engine."

More Lacework FortiCNAPP pros

"The reports are pretty nice and easy to understand."

"The product's most valuable features are vulnerability and asset management. It can define the rules and validate the configuration."

"The support has been really cooperative."

"Among the most valuable features are scanning for vulnerabilities and the reporting. The reporting templates are okay. I like that I can see all the hosts with different vulnerabilities."

"The most valuable feature of Tenable Nessus is the self-updating engine."

"The most valuable feature of Tenable Nessus is real-time monitoring."

"The trial version is very good for testing whether it will suit your needs."

"Ease of reviewing scores, identifying vulnerabilities, and getting information on them."

More Tenable Nessus pros

Cons

"The configuration and setup of alerts should be easier. They should make it easier to integrate with systems like Slack and Datadog. I didn't spend too much time on it, but to me, it wasn't as simple as the alerting that I've seen on other systems."

"Lacework has not reduced the number of alerts we get. We've actually had to add resources as a result of using it because the application requires a lot of people to understand it to get the value out of it properly."

"There are a couple of the difficulties we encounter in the realm of cybersecurity, or security as a whole, that relate to potentially limited clarity. Having the capacity to perceive the configuration aspect and having the ability to contribute to it holds substantial advantages, in my view. It ranks high, primarily due to its role in guaranteeing compliance and the potential to uncover vulnerabilities, which could infiltrate the system and introduce potential risks. I had been exploring a specific feature that captured my interest. However, just yesterday, I participated in a product update session that announced the imminent arrival of this feature. The feature involves real-time alerting. This was something I had been anticipating, and it seems that this capability is now being integrated, possibly as part of threat intelligence. While anomaly events consistently and promptly appear in the console, certain alerts tend to experience delays before being displayed. Yet, with the recent product update, this issue is expected to be resolved. Currently, a comprehensive view of all policies is available within the console. However, I want a more tailored display of my compliance posture, focusing specifically on policies relevant to me. For instance, if I'm not subject to HIPAA regulations, I'd prefer not to see the HIPAA compliance details. It's worth noting that even with this request, there exists a filtering mechanism to control the type of compliance information visible. This flexibility provides a workaround to my preference, which is why it's challenging for me to definitively state my exact request."

"Lacework lacks remediation features, but I believe they're working on that. They're focused on the reporting aspect, but other features need to improve. They're also adding some compliance features, so it's not worth saying they need to get better at it."

"Visibility is lacking, and both compliance-related metrics and IAM security control could be improved."

"A feature that I have requested from them is the ability to sort alerts and policies based on a security framework. Right now, when you go into alerts, you have hundreds and hundreds of them that you have to manually pick. It would be useful to have categories for CIS Benchmark or SOC 2 and be able to display all the alerts and policies for one security framework."

"I would like to see a remote access assistance feature. And the threat-hunting platform could be better."

"The solution lacks a cohesive data model, making extracting the necessary data from the platform challenging. It uses its own LQL query language, and each database across different layers and modules is structured differently, complicating correlation efforts. Consequently, I had to create extensive custom reports outside Lacework because their default dashboards didn't communicate risk metrics. They're addressing these issues by redesigning their tools, including introducing the dashboard, which is a step closer to actionable insights but still needs refinement."

More Lacework FortiCNAPP cons

"It wasn't very clear how the scripts are running the scans. There's information about the script but it's not straightforward. The script information for each of the plugins should be available, but it doesn't give us straightforward direct information about how it was executed. That needs to be more clear."

"The reports should be improved in Tenable Nessus. For example, when you are auditing compliance with CIS standards. It provides very poor reports."

"To be honest, I haven't used it much to tell you that these are the things that should be improved. But I believe the UI should be enhanced somewhat. For example, there are two ways to find a report, and people are frequently confused as to which is the correct method for locating a full report. Sometimes they go in the opposite direction, so this is an area that may be improved."

"The reporting is a bit cumbersome."

"Model OS costs (and its segregation schema for individual modules)."

"We feel the solution's technical support to be very bad."

"Vulnerability recommendations are outdated and not in line with industry standards."

"One significant drawback we encounter is the tool's tendency to flag patched packages incorrectly. For instance, if a package is patched by Debian maintainers but not updated to a major or minor version, Nessus may still flag it as vulnerable based on its database. This discrepancy leads to false alarms and requires our developers, system admins, and DevOps teams to address them."

More Tenable Nessus cons

Pricing and Cost Advice

"My smaller deployments cost around 200,000 a year, which is probably not as expensive as Wiz."

"The pricing has gotten better. That scenario was somewhat unstable. They have a rather interesting licensing structure. I believe you get 200 resources per "Lacework unit." It was difficult, in the beginning, to figure out exactly what a "resource" was... That was a problem until about a year or so ago. They have improved it and it has stabilized quite a bit."

"It is slightly expensive. It depends on how big your environment is, but it is expensive. Right now, we are spending a lot of money. We have covered all of the cloud providers and most of our colocation facilities as well, so we cannot complain, but it is slightly expensive. It is not super expensive."

"The licensing fee was approximately $80,000 USD, per year."

"Cost-wise, it's an affordable tool."

"The price is high for the solution. There are free tools with similar functionality available. The solution cost approximately $3,500."

"In general, it is extremely expensive."

"The price of Tenable Nessus could improve, it is expensive."

"We incurred a single cost for a perpetual license, although I cannot comment on the price as this is above my management level."

"The price of the solution is reasonable."

"I would like to see better discounts."

"The pricing is much more manageable versus other products."

More Tenable Nessus pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Vulnerability Management solutions are best for your needs.

See recommendations

823,875 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Computer Software Company

18%

Financial Services Firm

13%

Manufacturing Company

Retailer

Educational Organization

40%

Computer Software Company

10%

Government

Financial Services Firm

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

What do you like most about Lacework?

Polygraph compliance is a valuable feature. In our perspective, it delivers significant benefits. The clarity it offers, along with the ability to identify and address misconfigurations, is invalua...

See all answers

What is your experience regarding pricing and costs for Lacework?

My smaller deployments cost around 200,000 a year, which is probably not as expensive as Wiz.

See all answers

What needs improvement with Lacework?

The solution lacks a cohesive data model, making extracting the necessary data from the platform challenging. It uses its own LQL query language, and each database across different layers and modul...

See all answers

How would you choose between Rapid7 InsightVM and Tenable Nessus?

You have full visibility across cloud, network, virtual, and containerized infrastructures with Rapid7 Insight VM. You can easily prioritize vulnerabilities using attacker analytics. Overall, Rapid...

See all answers

What's the difference between Tenable Nessus and Tenable.io Vulnerability Management?

Tenable Nessus is a vulnerability assessment solution that is both easy to deploy and easy to manage. The design of the program is such that if a company should desire to handle the installation t...

See all answers

What do you like most about Tenable Nessus?

We have around 500 virtual machines. Therefore, we conduct monthly scans and open tickets for our developers to address identified vulnerabilities. These scans cover the servers, other network equi...

See all answers

Comparisons

Wiz vs Lacework FortiCNAPP

Compared 29% of the time

Prisma Cloud by Palo Alto Networks vs Lacework FortiCNAPP

Compared 14% of the time

AWS GuardDuty vs Lacework FortiCNAPP

Compared 9% of the time

Aqua Cloud Security Platform vs Lacework FortiCNAPP

Compared 5% of the time

Microsoft Defender for Cloud vs Lacework FortiCNAPP

Compared 5% of the time

More Lacework FortiCNAPP Competitors

Qualys VMDR vs Tenable Nessus

Compared 21% of the time

Tenable Vulnerability Management vs Tenable Nessus

Compared 14% of the time

Rapid7 InsightVM vs Tenable Nessus

Compared 12% of the time

Pentera vs Tenable Nessus

Compared 8% of the time

Microsoft Defender Vulnerability Management vs Tenable Nessus

Compared 7% of the time

More Tenable Nessus Competitors

Product Reports

Buyer's Guide

Lacework FortiCNAPP

December 2024

Download Lacework FortiCNAPP product report

Buyer's Guide

Tenable Nessus

November 2024

Download Tenable Nessus product report

Also Known As

Polygraph, FortiCNP

No data available

Learn More

Fortinet

Tenable

Overview

Lacework FortiCNAPP provides robust cloud security, combining vulnerability management and multi-cloud insight with user-friendly controls, machine learning detection, and compliance support.

Lacework FortiCNAPP specializes in cloud security by merging machine learning anomaly detection with agent-based vulnerability management to offer detailed alerts and compliance reports. Its comprehensive approach allows continuous monitoring across AWS and Kubernetes, providing insights from an attacker's perspective. The platform offers automation and seamless Slack integration, facilitating collaborative and efficient cloud security management. Users value its ability to handle multi-cloud environments and scan IAC scripts, configurations, and compute nodes across AWS and GCP.

What are the key features?

Machine Learning Detection: Identifies anomalies effectively.
Compliance Reports: Provides precise compliance documentation.
Vulnerability Management: Supports agent-based vulnerability assessments.
Multi-Cloud Support: Manages and secures across multiple cloud providers.
Automation and Collaboration: Enables integration with Slack for streamlined communication.
Custom Alerts: Allows creation of personalized alerts for better focus.

What benefits do users expect?

Reduced Alert Noise: Minimizes distractions with filtered alerts.
Efficient Cloud Security: Automates processes for enhanced security management.
Collaboration Support: Integrates with tools like Slack.
Insightful Perspective: Provides insight from an attacker's viewpoint.

Organizations across sectors leverage Lacework FortiCNAPP for cloud security, focusing on compliance, security posture, and vulnerability management. It is widely used for monitoring AWS and Kubernetes environments, scanning IAC scripts, configurations, and securing compute nodes. It supports multi-cloud security posture management and log ingestion, enabling companies to maintain strong cloud infrastructures without dedicated security layers.

Tenable Nessus is a vulnerability management solution that aims to empower organizations to be aware of threats that both they and their customers face. It is the most deployed scanner in the vulnerability management industry. Organizations that use this product have access to the largest continuously updated global library of vulnerability and configuration checks. They can stay ahead of threats that Tenable Nessus’s competitors may be unable to spot. Additionally, Tenable Nessus supports a greater number of technologies than its competitors.

Tenable Nessus Benefits

Some of the ways that organizations can benefit by deploying Tenable Nessus include:

Ease of use. Tenable Nessus is designed with security administrators in mind. It is built so that users can manipulate it intuitively without having to undergo special systems training. Users can create security policies with the greatest level of ease and can initiate scans of their entire networks with only a few clicks.

Support and resources. Tenable Nessus has both a support system of clarification resources and technical support for users to rely on. The solution has a resource center that contains guides and tips that can clarify things that confuse users and can aid them in gaining the maximum level of value. Additionally, users can reach out to Tenable Nessus’s technical support team, which is available around the clock and is reachable via a number of methods. This makes it simple for users to get help if they need it.

Reduction of threat vectors. Tenable Nessus provides users with the ability to reduce the number of potential threat vectors that a hacker can exploit. It enables users to find where the vulnerabilities in their networks are so their security won’t be compromised. They can then quickly address those weak points and head off issues before any have the chance to arise.

Tenable Nessus Features

Report customization. Tenable Nessus enables users to customize the security reports that their system produces. They are able to set Tenable Nessus to generate reports that contain the information that is most relevant to their business objectives. Users can also utilize these report customization capabilities to customize the formats of their reports.

Vulnerability triage capability. Included in the Tenable Nessus security suite is a feature that enables users to conduct a triage of their vulnerabilities. The solution can apply one of five ratings to vulnerabilities that it detects. This makes it possible for organizations to work on addressing issues by order of severity.

Scaling. Tenable Nessus can scale to meet an organization’s needs by migrating the network that it is connected to, to other Tenable solutions. Users can scale up their systems as their security demands increase. It is capable of reaching hundreds of thousands of systems.

Reviews from Real Users

Tenable Nessus is a solution that stands out when compared to many of its competitors. Two major advantages it offers are its ease of use and its vulnerability scanning feature.

Rallis F., the principal security architect at a technology vendor, writes, “The ease of use is the primary valuable feature. This specific version is very straightforward. I like the ability to modify it and configure it based on the different policies.”

Sandip D., a cyber security expert at Birlasoft India Ltd, writes, “The vulnerability scanner is the most valuable feature. It's an important feature for us. We use the plugin output for that. It shows us the exact version of Nessus and what is needed for remediation. Based on that, we decide what should be remediated first to get the best result for security.”

Sample Customers

J.Crew, AdRoll, Snowflake, VMWare, Iterable, Pure Storage, TrueCar, NerdWallet, and more.

Bitbrains, Tesla, Just Eat, Crosskey Banking Solutions, Covenant Health, Youngstown State University

Buyer's Guide

Lacework FortiCNAPP vs. Tenable Nessus

December 2024

Free Report: Lacework FortiCNAPP vs. Tenable Nessus

Find out what your peers are saying about Lacework FortiCNAPP vs. Tenable Nessus and other solutions. Updated: December 2024.

DOWNLOAD NOW

823,875 professionals have used our research since 2012.

See our Lacework FortiCNAPP vs. Tenable Nessus report.

See our list of best Vulnerability Management vendors.

We monitor all Vulnerability Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.