Fortinet Acquires Lacework, a Cloud Security Startup

Highlights:

• Lacework offers a cloud-native application protection platform or CNAPP to secure hybrid cloud settings.
• Lacework claims that its algorithm can identify security flaws in administrators’ scripts to set up cloud environments.

Fortinet acquired Lacework, an adequately funded startup that assists businesses in safeguarding their cloud environments from hacking instances.

When the firms announced the arrangement recently, they did not reveal the financial specifics. About two months have passed since it was first reported that Lacework had entered into sales negotiations with Wiz Inc., a different cybersecurity firm funded by venture capital. According to reports, the purchase, estimated to be worth USD 150 million to USD 200 million, fell through during the due diligence stage.

Based in Sunnyvale, California, Fortinet is a leading provider of cybersecurity software. Businesses employ its technology to guard fleets of connected devices and identify efforts to compromise their cloud applications. In addition, Fortinet offers a range of networking hardware along with management software.

Lacework offers a cloud-native application protection platform or CNAPP to secure hybrid cloud settings. Fortinet mentioned that almost 1,000 users have adopted the CNAPP. A 2021 investment round valued at USD 8.3 billion was responsible for the majority of the approximately USD 1.9 billion in funding that investors raised for Lacework’s platform prior to the deal.

Chief Marketing Officer at Fortinet, John Maddison, reported, “There are many CNAPP vendors out there today. Some have taken the approach of acquiring and cobbling together individual pieces of CNAPP into a platform that isn’t truly integrated and is expensive and inefficient for customers. In the CNAPP market, most vendors are either helping customers contextualize their risks or helping customers contextualize their threats. One vendor stood out from the rest for its ability to do both on a single, unified data-driven platform that was built organically: Lacework.”

One of Lacework’s standout features is the ability to detect potentially dangerous application code before it’s put into production. The open-source libraries and internal code written by the company’s engineers can both have vulnerabilities that the CNAPP can identify. The vulnerabilities that Lacework discovers are then ranked according to severity, which aids administrators in setting priorities for their remedial work.

The company’s platform has additional tools that identify vulnerabilities resulting from problems other than application code flaws. Lacework claims that its algorithms can identify security flaws in the scripts that administrators use to set up cloud environments. Additionally, the software may recognize user accounts that are not strictly necessary to access more sensitive tasks.

In addition to identifying vulnerabilities, Lacework can identify hackers’ attempts to take advantage of them. The platform looks for harmful activities in cloud environments using artificial intelligence models. Once it has identified a possible breach, the AI models highlight any file modifications and other events that might be connected to the incident.

After the deal closes later this year, Fortinet intends to include Lacework’s CNAPP in its product lineup. The company will integrate the cybersecurity platform with its current suite of solutions for thwarting hacking attempts on online apps and application programming interfaces. “The combination will allow customers to protect what’s happening inside the cloud app along with what’s happening between the app and the outside world,” added Maddison.