Lacework Pros and Cons

UPDATE: Lacework has become trash since the Fortinet acquision. It is missing basic functionality and they have ceased investment in the platform. IF YOU ARE CONSIDERING USING LACEWORK/FORTINET THEN RUN AWAY AS FAST AS YOU CAN! Ignore anyone who tells you otherwise.

Lacework provides agentless and agent-based introspection into Cloud as well as on-prem environments. Im most impressed by how much it has improved my organization's security posture across our multi-cloud, containerized, and hybrid environments. The platform's automation, continuous monitoring, and deep visibility features are top-notch, helping us detect and fix security vulnerabilities, misconfigurations, and compliance issues in real time.

One of the most impressive aspects of Lacework is its threat intelligence and behavioral anomaly detection capabilities. It identifies and responds to potential threats before they can do any serious damage, giving us peace of mind knowing our critical assets are protected. Their offer outpaces other products like Orca and Wiz by not soley relying on cloud logs within their detections. You also have the added layer of defense offered by their agent. When your agentless only provider fails to detect sophiticated attackers, maybe you should give this solution a try instead. You will quickly realize that value of having eBPF probe level introspection into your machines activity vs relying log streams.

Lacework continues to iterate and improve on their product consistently over time adding more and more value to their platform. On top of that their customer support and white glove approach to helping you get the most value from the product is best in class. They have an entire training catalog for your infrastructure security teams and SOC to dive into and become proficient within the platform.

To sum it up, Lacework forms the backbone of our Infrastructure Security program as well as acting as a key component to our Vulnerability Management Program as well as SecOps activities within the infra domain. It provides the insights required to successfully meet audit and compliance requirements, contractual obligations, identify policy violations, scan and report vulnerabilities, identify misconfigurations and detect infrastructure access related issues and more. We use this platform daily to make real security happen. Review collected by and hosted on G2.com.

Using this platform is like trying to solve a puzzle with 20% of the pieces missing. Review collected by and hosted on G2.com.

The setup was very easy for teams to navigate. There were a variety of up to date templates depending on your orchestration. Very easy to deploy the agent regardless of your setup.

The network diagrams (polygraphs) are really helpful when responding to an alert or just doing Threat modeling, Its nice to be able to very quickly visualize communications between your services.

Integrating into the container registry was really easy and provides us Vuln visibility prior to deployments. The mapping of containers in the registry to containers at runtime is very intuitive, helps you prioritize which items to look at first. Review collected by and hosted on G2.com.

They have not released any meaninful features in the last 12 months and are really falling behind everyone else in this space. Every call we seem to have with them, our prior counterparts have been fired or left so you need to restart the conversation. Getting support has gone from OK to a nightmare.

The vulnerability management at runtime only updates once per day and a vuln must be cleared for at-least 24 hours before it will no longer show in the platform. This makes closing out issues after a code change or dependency update a more drawn out process. Would be nice if it could be done on demand.

Lacework has nice documentation on how to remediate findings in AWS, however they only provide details on how to do it in the AWS console, it would be helpful if they could also provide terraform samples, as that could greatly increase the speed of remediation. Review collected by and hosted on G2.com.

I like implementing Lacework as it's very easy and the continuous development means you stay ahead of the curve. It can also help you gain complete visibility of your workloads in almost all security tasks that will be assigned to you. Review collected by and hosted on G2.com.

I think it would be great to be able to easily control what permissions the agent has on the endpoints. And to get the most value, you need to be able to write queries instead of human-readable questions. And in cases columns are unnecessarily truncated. Review collected by and hosted on G2.com.

I like the multi cloud feature of Lacework including its high reporting standards. Review collected by and hosted on G2.com.

If I am a business owner, I wouldn't only think of cloud security, and then there are many other respects to look into for proper security posture management or vulnerability management. So spending on such a new tool which is yet to make a mark would be a tough choice. Review collected by and hosted on G2.com.

Its functions have been essential to detec anomalies, but do not cause fatigue in the control panel or tools. Additionally, I love that it gives us a single dashboard to view all of our workloads, and the daily alerts help our incident response team prioritize and address urgent issues. Review collected by and hosted on G2.com.

Starting to use this platform was one of the best decisions our organization has made. We were looking for an easy-to-use solution that covered all our assets in the cloud. Lacework has worked perfectly. I have nothing negative to say here about this tool. Review collected by and hosted on G2.com.

I love that the team actively listens to user feedback and releases new features and improvements frequently. The platform is exceptionally easy to use, making it easy to set up and integrates for teams of all size. And I love that it offers buil-in protection for cloud infrastructure, workloads, data, APIs, containers, and access management. Review collected by and hosted on G2.com.

I would like it to be able to integrate with a great variety of applications. Also, it would be nice if they could include timely security monitoring. Plus there is room to improve the board. Review collected by and hosted on G2.com.

Lacework narrows down the flood of information about our tech estate (in the cloud) to just the information that I need to know. When you're running DevOps teams with a large surface area of technology, this is critical.

The proactive monitoring has identified enough anomalous activity that I have comfort that if we ever suffer a real breach, Lacework will let me know about it. It's also generally easy to get exactly to the root cause.

The team have been excellent in supporting us - not just with onboarding, but with the continued embedment and getting as much value as possible out of the tool.

I recommend this product. Review collected by and hosted on G2.com.

As relatively early adopters some of the features that allow us effectively segregate information were not there when we onboarded. Feels like it was initially targeted at security operations teams that sit across the whole organisation, rather than specific areas of the organisation.

However, the maturity is rapidly growing and the team have always been good at letting us know exactly what's on the roadmap and when it's coming. Review collected by and hosted on G2.com.

How you can trace the issue all the way to the exectutable. it was 2 alerts that recived indicating that there were external attempts from servers to external IPs and upon checking the details of the alert and looking at the source and destination and traffic details; I was able to easily trace it to be legitimate attempts as one systems was trying to connect to O365 and the other to SpecOps. Review collected by and hosted on G2.com.

None at the moment. I am happy with the product so far and the support is also great. I trust the company as well as they are doing great job developing the product even more Review collected by and hosted on G2.com.

The solution is complete and helps the teams to have good insight for risk and vulnérabilities ( Host, containers...)

It's responding to most of the problems we can face Review collected by and hosted on G2.com.

Not a dislike, but they have to improve the filtres on dashboards . Review collected by and hosted on G2.com.

I like the detailed information that is collected, the visibility that the tool gives us about our infrastructure is surprising. I like the amount of information that is collected in each scan. It gives us valuable information about our workloads. Review collected by and hosted on G2.com.

I consider it a personal taste that the design of its infrastructure could be somewhat more striking. Queries may also take some time to understand. I don't like that you have very few options when it comes to customizing the reports. Review collected by and hosted on G2.com.