Fortinet Inc. has acquired Lacework Inc., a well-funded startup that helps enterprises protect their cloud environments from hackers.

The companies didn’t disclose the financial terms in their announcement of the deal today. The acquisition comes about two months after reports emerged that Lacework had held sale talks with Wiz Inc., another venture-backed cybersecurity provider. The deal, which was expected to be worth between $150 million and $200 million, reportedly collapsed in the due diligence phase.

Sunnyvale, California-based Fortinet is a major provider of cybersecurity software. Companies use its technology for tasks such as detecting attempts to hack their cloud applications and protecting connected device fleets. Fortinet also provides a portfolio of networking devices, as well as software for managing those devices. 

Lacework, in turn, sells a cloud-native application protection platform, or CNAPP, for securing hybrid cloud environments. Fortinet disclosed today that the company’s CNAPP has won over nearly 1,000 customers. Prior to the deal, Lacework’s platform also drew about $1.9 billion in funding from investors, most of which was raised through a 2021 round that valued it at $8.3 billion.

“There are many CNAPP vendors out there today. Some have taken the approach of acquiring and cobbling together individual pieces of CNAPP into a ‘platform’ that isn’t truly integrated and is expensive and inefficient for customers,” Fortinet Chief Marketing Officer John Maddison wrote in a blog post. “In the CNAPP market, most vendors are either helping customers contextualize their risks or helping customers contextualize their threats.  One vendor stood out from the rest for its ability to do both on a single, unified data-driven platform that was built organically: Lacework.”

One of Lacework’s flagship features is a tool for catching vulnerable application code before it’s deployed to production. The company’s CNAPP can catch issues in both open-source libraries and the code that a company’s developers write in-house. From there, Lacework ranks the vulnerabilities it finds by severity to help administrators prioritize their remediation efforts.

Another set of features in the company’s platform detects vulnerabilities that are caused by issues other than flawed application code. According to Lacework, its algorithms can detect security weak points in the scripts that administrators use to configure a cloud environment. The software is likewise capable of identifying user accounts that have access to more sensitive workloads than strictly necessary.

Besides detecting vulnerabilities, Lacework can also spot when hackers attempt to exploit them. The platform uses artificial intelligence models to detect malicious activity in cloud environments. After detecting a potential breach, the AI models flag all the file changes and other events that might be associated with the incident.

Once the acquisition closes later this year, Fortinet plans to integrate Lacework’s CNAPP into its product portfolio. The company intends to combine the cybersecurity platform with its existing lineup of tools for protecting web applications and application programming interfaces from breach attempts. “The combination will allow customers to protect what’s happening inside the cloud app along with what’s happening between the app and the outside world,” Maddison explained. 

Photo: Fortinet