AI-Powered SASE , Cloud Security , Governance & Risk Management
Fortinet Acquires Unicorn Lacework to Enhance Cloud Security
Deal Integrates Lacework's CNAPP into Fortinet's Security Fabric and SASE PlatformFortinet extended a lifeline to troubled cloud security vendor Lacework, agreeing to purchase the late-stage startup that once earned the largest funding round in cybersecurity history.
See Also: 2024 Threat Hunting Report: Insights to Outsmart Modern Adversaries
The Silicon Valley-based platform security vendor said the proposed acquisition of San Jose, California-based Lacework will enhance Fortinet's unified secure access service edge platform with critical cloud-native security services. The deal comes less than two months after reports that rival Wiz was planning to buy Lacework for less than $200 million, down 98% from an $8.3 billion valuation in November 2021 (see: From $8.3B to $200M: Why Lacework Is Examining a Sale to Wiz).
“By integrating Lacework's leading AI-powered cloud security platform, we're enhancing our Security Fabric platform to offer customers an even more comprehensive solution," Fortinet founder, Chairman of the Board and CEO Ken Xie said in a statement. "This acquisition reinforces our commitment to delivering con security across on-premises and cloud environments.”
What Sets Lacework Apart
Terms of the acquisition - which is expected to close in the second half of 2024 - weren't disclosed, and For declined to make executives available for additional comment. The company's stock is up $0.14 - or 0.23% - to $59.86 per share in trading Monday afternoon, which is the highest the company's stock has traded since Thursday. The transaction was announced before the market opened Monday.
Fortinet said Lacework's cloud-native application protection platform will further enable customers to identify, prioritize, and remediate risks and threats within complex cloud-native infrastructures. Since raising $1.3 billion 31 months ago, Lacework has experienced huge C-suite turnover and a nearly 37% reduction in headcount from a peak of 1,164 staff in June 2022 to just 737 staff today, IT-Harvest found.
"Lacework, partnering closely with our customers, has built a world-class solution to the most complex and varied cloud cyber risks and threats," Lacework CEO Jay Parikh said in a statement. "Our vision to connect across security silos enables teams to work together to produce better security outcomes more quickly."
Lacework said its platform is trusted by 1,000 customers and offers AI and machine learning technology, an agent and agentless architecture for data collection, a homegrown data lake, and a code security offering. Lacework got the lowest score of the 13 vendors evaluated in the January 2024 cloud workload security Forrester Wave, lagging competitors in CIEM, reporting and auditing, the analyst firm found.
How Laceworks Fits Into Fortinet
Fortinet said existing Lacework customers will be able to maintain their existing security infrastructure benefit from the company's global reach, extensive scale and threat intelligence capabilities. Fortinet currently has cloud-native firewalls and a cloud access security broker product, but its cloud security capabilities lag behind network security rivals Palo Alto Networks, Check Point Software and Cisco.
"We intend to make the platform even more powerful by integrating it with Fortinet’s industry leading firewall and WAAP capabilities to further help customers identify, prioritize, and remediate risks and threats in complex cloud-native infrastructure from code to cloud," Fortinet Chief Marketing Officer John Maddison wrote in a blog post.
Cloud-native environments present significant challenges around managing siloed solutions, a lack of integration, complex threat detection and multi-cloud inconsistencies, Fortinet found. An effective cloud-native application protection platform must secure the entire software development lifecycle across all clouds, identifying and prioritizing both risks and threats to provide actionable intelligence.
"The two most important and foundational elements of any CNAPP are its ability to identify and prioritize risks and its ability to identify and prioritize threats," Maddison wrote in a blog post. "Your CNAPP, all in a single platform, should be able to not only tell you what your risks and threats are, it should be able to tell you how those two things intersect to offer actionable intelligence."
Fortinet said Lacework stands out for its ability to contextualize risks and threats on a single, unified data-driven platform. The company plans to leverage Lacework's technology to provide deep protection inside cloud applications and between apps and the external environment. Fortinet is the fifth-largest SASE vendor in revenue behind Zscaler, Cisco, Palo Alto Networks and Broadcom, Dell'Oro Group found.