Here's How Fortinet Could Benefit from Buying Lacework


By: Mary Jander

Cybersecurity and SASE vendor Fortinet (Nasdaq: FTNT) will acquire Lacework, a cloud-native application protection platform (CNAPP) maker and Futuriom 50 company, for an undisclosed sum, the two announced this week. The deal should close before the end of this year, Fortinet said.

The move highlights ongoing consolidation in the cybersecurity market, where users are weary of multiple point products and leading vendors such as Palo Alto Networks (Nasdaq: PANW) are shifting to “platformization” of their wares. Indeed, it's now up to Fortinet to make the most of what it's gaining with Lacework—a task Fortinet says it's up for. Here’s how Fortinet’s chief marketing officer John Maddison put it in a blog post:

“Fortinet intends to integrate the Lacework CNAPP platform with our existing portfolio to form the most comprehensive, full stack AI-driven cybersecurity platform that delivers secure access for users, devices, and endpoints, enables protection deep into the hybrid cloud, and offers comprehensive and integrated coverage regardless of where your applications reside.” [Emphasis added]

Whew! That’s a tall order. Let’s dig deeper to see where the synergies lie.

Fortinet Expands Cloud, SSE Offerings

Fortinet, based in Sunnyvale, Calif., was founded in 2000 by brothers Ken and Michael Xie and is now led by CEO Ken Xie. The company went public in 2009. Fortinet built its reputation on custom-built security hardware, first as a firewall vendor and over time with a broad portfolio of security products and services.

In 2018 Fortinet introduced its FortiGate SD-WAN service, kicking off a strategy that led to its debut as a SASE player, with secure web gateway (SWG), zero trust network access (ZTNA), cloud access security broker (CASB), and firewall-as-a-service (FWaaS) packed into its FortiOS operating system.

Lacework, founded in 2015 by Vikram Kapoor (now CTO, formerly with Oracle, Bromium, and Sutter Hill Ventures), Sanjay Kalra, and Mike Speiser, is led by CEO Jay Parikh (Akamai, Facebook).

Notably, Fortinet didn't respond to our questions about whether Parikh and other executives and employees will continue with Fortinet after the deal closes. Clearly, though, Lacework's value rests at least in part with its engineers.

Lacework offers a data-driven security platform for the cloud that deploys machine learning to report threats and anomalies, ingesting data from numerous sources in public, private, and hybrid clouds to produce detailed graphical security analyses. Lacework collects, analyzes, and correlates data—without requiring manually written rules—across an organization’s AWS, Azure, Google Cloud, and Kubernetes environments. A Lacework AI Assist program answers queries about alerts in any cloud environment.

Late in May 2024, Lacework announced Lacework Edge, billed as a security service edge (SSE) offering. This could tally well with Fortinet’s SASE offering, which in turn highlights not just the consolidation of point products across security vendors but also the trend toward combining networking with security, since SASE converges application-level security with networking at the edge. While Fortinet is known as most a supplier of on-premises hardware and software solutions, this will augment its capabilities in the cloud with SSE.

Has Lacework Found the Right Partner?

The sale to Fortinet follows a period of disappointment for Lacework. Though it has raised about $1.8 billion on a valuation once close to $8.3 billion, it reportedly is selling for much less. Terms of the Fortinet buy were undisclosed, though the agreement follows an alleged deal valued at just $150 million to $200 million between agentless security scanning firm Wiz and Lacework that collapsed last month. (Wiz, recall, recently grabbed the spotlight at the RSA security conference in May with a $1 billion in funding on a $12 billion valuation.)

The industry buzz and evidence all points to this being a salvage operation, which is good for Fortinet. Regardless of the terms, Lacework’s technology could add value to Fortinet’s platform. Lacework’s focus on the edge and its AI capabilities (Lacework claims that 90% of its 200 patents relate to AI) should help boost Fortinet’s product line.

For its part, Fortinet could use the boost, having seen sales slip over the past few quarters with reduction in IT firewall purchasing. If it can make its platformization bid stronger by turning adding intelligent edge security to its SASE offerings, it could send its fortunes more consistently upward.

Futuriom Take: Fortinet’s purchase of Lacework looks like an opportunistic play by Fortinet to beef up cloud security offerings for a song, but it’s up to Fortinet to make the most of Lacework’s AI-powered technology to continue to work its way into the SASE and edge cybersecurity markets.