Lacework FortiCNAPP: Cloud-Native Application Protection Platform

Name: Lacework FortiCNAPP: Cloud-Native Application Protection Platform
Uploaded: 2026-06-28T12:39:12-04:00
Duration: 4 min 35 s
Description: Introducing #Fortinet's Lacework #FortiCNAPP, the most comprehensive cloud-native application protection platform available. Lacework FortiCNAPP helps quickly manage risk, rapidly detect and respond to active threats, boost developer productivity and ...

Fortinet

06/28/2026

0 (0%)

Report Like Favorite

Transcript

day, we're all aiming for the same thing. To protect our teams and avoid the financial, brand and operational impact of malicious actors in our systems. To build higher walls against intruders and limit the effect of anyone who does make it through the defenses. At Lacework, our approach is to both prevent security incidents from occurring and also prepare you to react to those that do arise. Our cloud security platform does this uniquely by analyzing massive amounts of data to give teams the context necessary to take faster and more decisive action. Let's take a look at how it works. When dealing with a security incident, the first thing a security team should assess is whether or not an attack is still in progress. In this case, let's use the alert category filter to show us composite alerts, which identify critical security incidents that present an immediate threat to your cloud environment. This feature is unique because it detects hard-to-uncover malicious activity by combining specific indicators of compromise into highly accurate, detailed alerts. Composite alerts answer the two main questions a security team has after a security breach. What did the attacker do and what does this mean? We see through these series of alerts that the incident was a cloud-native ransomware attack. This alert provides access to key details like the exact cloud identity the attackers were able to compromise. And we can quickly investigate to see that the identity unfortunately had full admin privileges. Now we have all the details we'll need to immediately neutralize the threat, finding attackers during or after an attack is far from ideal. Thankfully, the Lacework platform also has capabilities to help you prevent attackers from even getting in the door. Let's see how Lacework would have helped prevent the earlier worst-case scenario from occurring. When we start our research and click on the Compliance tab, we see a list of known bad things for which your cloud environment could be configured. We can see it's auditing all of our access keys, and out of our seven keys, there are four that have not been rotated in the last 90 days. Next we'll look at Vulnerabilities. Here we can see our vulnerable hosts. Click on the specific host you want to learn more about. Then you can look at which CVEs, or Critical Vulnerabilities, are running on which packages. Under the Fixed Version column, we can see which version we need to update the system to in order to get it to a safe state. One key Lacework feature, Active Package Detection, lets us know whether a vulnerable package is actively running and being used by an application on your host, so we can prioritize fixing those packages first. We can easily see these by filtering the Package Status column. Next we'll look at Identities. If you click on Explore Identities at the top, we can see a list of all the identities we have in our accounts. We see that several of these are high severity risks, and we can also see why they are so risky. To help you understand the relationships among all of the resources and services in your cloud, we have the Lacework Explorer. With interactive visuals, this feature makes it easy to see and prioritize the potential risks associated with each resource. A host with a vulnerability may matter less if it's not misconfigured to be exposed to the public internet. But if that same host has an admin identity behind it, it becomes much more important to address that vulnerability right away. So let's click on Attack Paths on the left-hand side and investigate the path that attackers could take. Now we'll drill down into the top risky paths with the Admin Privilege role. We can see that from the public internet, there is a path an attacker could take through the internet gateway, through the security group. We see that this security group has two compliance, or configuration errors, which could give the attacker access to this host. It shows us that if the host did not have a certain identity associated with it with very broad access privileges, it wouldn't be as risky. So now we have a simple action to take to make our cloud safer. What sets Lacework apart isn't just the vast amount of data we handle. It's how we transform that data into actionable information through our advanced analytics.

TL;DR

Lacework FortiCNAPP combines threat detection and prevention in a single cloud-native application protection platform, using advanced analytics to transform massive data volumes into actionable security insights.
Composite alerts correlate multiple indicators of compromise to detect sophisticated attacks like cloud-native ransomware, providing security teams with immediate context on attacker actions and business impact.
Active Package Detection prioritizes vulnerability remediation by identifying which vulnerable packages are actually running in production, reducing alert fatigue and focusing effort where it matters.
Attack path visualization maps potential intrusion routes from the public internet through misconfigurations to privileged identities, enabling targeted hardening of the most critical exposure points.

Unified Cloud Security Through Data-Driven Detection

Lacework FortiCNAPP positions itself as a comprehensive cloud-native application protection platform that combines threat prevention with incident response capabilities. The platform's core differentiator is its approach to analyzing massive amounts of cloud telemetry data to provide security teams with contextual insights for faster decision-making. The demonstration walks through a cloud-native ransomware attack scenario, showcasing how composite alerts combine multiple indicators of compromise into detailed, actionable notifications that answer critical questions: what did the attacker do, and what does this mean for the organization. This correlation capability aims to surface hard-to-detect malicious activity that might otherwise be missed by traditional point solutions.

Proactive Risk Management and Attack Path Analysis

Beyond detection, the platform emphasizes preventive security through continuous compliance monitoring, vulnerability management, and identity risk assessment. The compliance module audits cloud configurations against known security anti-patterns, such as identifying access keys that haven't been rotated within 90 days. The vulnerability management feature includes Active Package Detection, which prioritizes remediation by identifying whether vulnerable packages are actively running in production environments. Perhaps most notably, the Lacework Explorer provides visual attack path analysis, mapping how an attacker could traverse from the public internet through security groups and misconfigured hosts to reach privileged identities—transforming abstract risk scores into concrete remediation actions.

Chapters

0:00 - Introduction and Platform Overview
0:54 - Composite Alerts and Threat Detection
1:53 - Prevention Capabilities
2:21 - Vulnerability Management
3:00 - Identity Risk Assessment
3:44 - Attack Path Analysis

Key Quotes

0:33 "At Lacework, our approach is to both prevent security incidents from occurring and also prepare you to react to those that do arise."
1:11 "This feature is unique because it detects hard-to-uncover malicious activity by combining specific indicators of compromise into highly accurate, detailed alerts."
2:45 "One key Lacework feature, Active Package Detection, lets us know whether a vulnerable package is actively running and being used by an application on your host, so we can prioritize fixing those packages first."
4:19 "What sets Lacework apart isn't just the vast amount of data we handle. It's how we transform that data into actionable information through our advanced analytics."

FAQ

How does Lacework FortiCNAPP prioritize which vulnerabilities to fix first?

The platform uses Active Package Detection to identify whether vulnerable packages are actively running and being used by applications on your hosts. Combined with attack path analysis that considers factors like public internet exposure and associated identity privileges, teams can focus remediation efforts on vulnerabilities that present actual exploitable risk rather than theoretical exposure.

What makes composite alerts different from traditional security alerts?

Composite alerts correlate multiple indicators of compromise into single, detailed notifications that identify critical security incidents presenting immediate threats. Rather than generating separate alerts for each suspicious activity, the system combines related signals to answer what the attacker did and what it means for your environment, reducing alert fatigue while surfacing hard-to-detect malicious activity.

Categories:

Tags:

Show more Show less

Browse videos

Upcoming Webinar Calendar

06/30/2026

01:00 PM

06/30/2026

Master Active Directory Certificate Services and Maintain Your Edge

https://www.truthinit.com/index.php/channel/2018/master-active-directory-certificate-services-and-maintain-your-edge/
07/01/2026

04:00 AM

07/01/2026

Integrating Security in AI: Automated Red Teaming Strategies for Private Models

https://www.truthinit.com/index.php/channel/1969/integrating-security-in-ai-automated-red-teaming-strategies-for-private-models/
07/01/2026

04:00 AM

07/01/2026

Schutz von KI in Anwendungen, Agenten und APIs.

https://www.truthinit.com/index.php/channel/2008/schutz-von-ki-in-anwendungen-agenten-und-apis/
07/01/2026

01:00 PM

07/01/2026

How to Prevent Your AI from Outsmarting You

https://www.truthinit.com/index.php/channel/2021/how-to-prevent-your-ai-from-outsmarting-you/
07/02/2026

10:00 AM

07/02/2026

Resilience Insights from Hybrid Threats in a Dark Cloud Environment

https://www.truthinit.com/index.php/channel/2011/resilience-insights-from-hybrid-threats-in-a-dark-cloud-environment/
07/08/2026

02:00 PM

07/08/2026

Understanding the Crucial Role of Context in AI Data

https://www.truthinit.com/index.php/channel/2037/understanding-the-crucial-role-of-context-in-ai-data/
07/09/2026

01:00 PM

07/09/2026

The HUMAN Experience: Empowering Agentic Trust in Practice

https://www.truthinit.com/index.php/channel/2026/the-human-experience-empowering-agentic-trust-in-practice/
07/14/2026

01:00 PM

07/14/2026

Crafting a Championship-Worthy Security Team for Maximum Defense Effectiveness

https://www.truthinit.com/index.php/channel/2025/crafting-a-championship-worthy-security-team-for-maximum-defense-effectiveness/
07/21/2026

04:00 AM

07/21/2026

Strategies for Managing AI Governance and Securing App-to-LLM API Traffic

https://www.truthinit.com/index.php/channel/1967/strategies-for-managing-ai-governance-and-securing-app-to-llm-api-traffic/
07/21/2026

01:00 PM

07/21/2026

HUMAN Dialogue: Insights from Attackers During the FIFA World Cup

https://www.truthinit.com/index.php/channel/2029/human-dialogue-insights-from-attackers-during-the-fifa-world-cup/
07/22/2026

06:30 AM

07/22/2026

Insights and Strategies from the DPDP Webinar

https://www.truthinit.com/index.php/channel/2000/insights-and-strategies-from-the-dpdp-webinar/
07/28/2026

01:00 PM

07/28/2026

Illumio + Netskope: Zero Trust in the Age of AI Autonomy

https://www.truthinit.com/index.php/channel/2031/illumio-netskope-zero-trust-in-the-age-of-ai-autonomy/
07/29/2026

04:00 AM

07/29/2026

Real-Time Strategies for Safeguarding Against Prompt Injections

https://www.truthinit.com/index.php/channel/1968/real-time-strategies-for-safeguarding-against-prompt-injections/
08/19/2026

12:00 PM

08/19/2026

Get Prepared to Thrive as an Agent in Just 30 Days

https://www.truthinit.com/index.php/channel/2036/get-prepared-to-thrive-as-an-agent-in-just-30-days/
09/30/2026

04:00 AM

09/30/2026

AI Command Center: Optimizing Visibility and Control in Your Operations

https://www.truthinit.com/index.php/channel/2024/ai-command-center-optimizing-visibility-and-control-in-your-operations/