Fortinet Elevates Cloud Security Strategy with Laceworks Acquisition

Recently, Fortinet made a bold move when it acquired a cloud security startup called Laceworks. Although financial terms were not released, the company did share that it was the biggest acquisition in its history. Historically, Fortinet has not been nearly as acquisitive as its chief rivals Palo Alto Networks and Cisco but instead chooses to build security capabilities into its software and/or silicon. If it decides to buy, it’s a small technology tuck-in that can easily be rolled into its platform.

That begs the question of why Fortinet chose to acquire Laceworks to move into the CNAPP space rather than build its own. The company is looking at Laceworks to help transform it into a much stronger “code to cloud” security vendor. While Fortinet currently has a SASE solution, the company is best known for its on-premises infrastructure, most notably its FortiGate firewalls, which have consolidated many networking and security capabilities.

Laceworks, a Cloud-Native Application Protection Platform (CNAPP), is a key player in providing security for cloud-native applications and containers. Its customers leverage its capabilities to safeguard data and workloads across distributed cloud environments. This is a superior approach compared to relying on the security tools offered by cloud providers, which are often limited to specific clouds. Laceworks' technology automatically analyzes and correlates data from what the company calls “code to cloud,” eliminating the need for manual rule creation by security and DevOps teams. This technology could potentially revolutionize the way security is managed in cloud environments.

The acquisition of Laceworks aligns with Fortinet’s long-standing platform strategy. While many in the security industry are just now embracing the platform concept, Fortinet has been championing this approach for over a decade. Laceworks' addition to the Fortinet platform enhances its cloud security capabilities, creating a more comprehensive and robust solution for its customers.

Creates a comprehensive cloud security platform

While Laceworks addresses cloud security, it doesn’t address all security requirements. As a CNAPP provider, Laceworks offers cloud security posture management (CSPM), Kubernetes security posture management (KSPM), cloud protection, code-level security, infrastructure as code, and more. Fortinet provides Web and API protection, cloud infrastructure entitlement management (CIEM), security information and event management (SIEM), a cloud firewall, and related capabilities. This provides arguably the broadest set of cloud security from a single vendor.

SOC Synergies

While the Laceworks and Fortinet products had little overlap, the two companies meet in the security operations center (SOC). The combined threat intelligence platforms provide more data for looking for threats. Today, security is no longer based on reactive signatures. World-class security companies are built on AI, which requires data. Fortinet data includes network, cloud, IoT, and application-level data. Laceworks data goes down to a code level, giving Fortinet the “code to cloud” of the CNAPP addresses, but then it goes all the way to the network edge. This can help find threats faster but then also isolate the point of origin for faster remediation.

TAM Expansion

Laceworks has a customer base in the thousands, which is impressive for a company founded in 2015. However, this pales in comparison to Fortinet's 750-thousand or so customers. Fortinet can expand its organizational footprint by taking Laceworks to its large customer base. It would have taken Laceworks years, maybe decades, to create a salesforce and channel as large as Fortinet has. This should help Fortinet accelerate the Laceworks business, creating that “1+1 = 3” effect.

A Final Word

Fortinet has been a fast follower in the security industry and typically rolls out products when the market is on the precipice of broader adoption. Because of this, it usually prefers to build products. Its willingness to buy Laceworks indicates that the demand for code-level security has progressed quickly. Given the low amount of overlap in the two companies' products, an acquisition makes perfect sense. On a related note, Fortinet currently partners with Wiz, a direct competitor of Laceworks. Although Fortinet has not explicitly given any statement of direction regarding the partnership, it would be safe to assume that it will wind down and eventually be fully replaced with Laceworks.

Zeus Kerravala is the founder and principal analyst with ZK Research.

Read his other Network Computing articles here.

Related articles: