Independent comparison for cloud-native application protection platforms. Updated May 2026.
Quick verdict: Choose Wiz when the Security Graph attack-path prioritisation, broad multi-cloud parity, and rapid agentless onboarding align with cloud-native engineering teams that want to consolidate CSPM, CWPP, CIEM, and DSPM under one platform. Choose Lacework when the Polygraph behavioural anomaly detection model matters for runtime workload threat detection, when usage-based simplified pricing is preferred, or when the Fortinet acquisition roadmap aligns with broader Fortinet platform consolidation. The differentiator is graph-based exposure prioritisation versus behavioural anomaly-driven runtime detection.
| Criteria | Wiz | Lacework |
|---|---|---|
| Rating | 4.7 / 5.0 (1,200 reviews) | 4.3 / 5.0 (640 reviews) |
| Architecture | Agentless first, Security Graph | Agentless + agent, Polygraph behavioural model |
| CSPM | Deep multi-cloud, identity-aware | Strong, mature configuration analysis |
| CWPP | Agentless scanning + Runtime Sensor | Polygraph runtime anomaly detection |
| CIEM | Native, integrated in Graph | Native, separate workflow |
| DSPM | Native, integrated in Graph | Limited, evolving |
| Multi-Cloud Depth | AWS, Azure, GCP, OCI, Alibaba parity | AWS, Azure, GCP |
| Owner | Independent (private) | Fortinet (acquired 2024) |
| Best For | Fast time-to-value, developer-friendly CNAPP | Runtime anomaly detection, AWS-heavy estates |
Wiz combines agentless cloud-account scanning with a unified Security Graph that connects misconfigurations, vulnerabilities, identities, secrets, exposed services, and sensitive data. The Graph surfaces toxic combinations — an internet-exposed VM with a critical CVE and access to a database holding PII — and ranks findings by exploitable attack path rather than raw severity. Wiz extends the agentless-first model with optional Runtime Sensor for live workload protection, native CIEM, DSPM for data security posture, and AI-SPM for AI/ML workload discovery. The developer-friendly UX and rapid onboarding (often hours) have driven adoption with engineering-led security teams.
Lacework built its platform around the Polygraph model — a behavioural baseline of process, network, and user activity per workload, with anomaly detection flagging deviations from learned normal behaviour. The agent-based runtime delivers strong threat detection for cloud workloads, containers, and Kubernetes without requiring rule-writing for each new threat. Lacework added agentless CSPM, vulnerability scanning, CIEM, and IaC scanning to broaden into full CNAPP. The Fortinet acquisition in 2024 positions Lacework as the cloud security tier within the broader Fortinet Security Fabric, with roadmap integration into FortiGate, FortiSIEM, and FortiSOAR.
The architectural difference shapes evaluation outcomes. Wiz typically wins on exposure context, prioritisation, multi-cloud depth, and developer adoption. Lacework typically wins on runtime anomaly detection in stable workload environments and on simplified usage-based pricing. Compare additional CNAPP options in the cybersecurity category or evaluate against Wiz vs Prisma Cloud.
Wiz pricing is per-cloud-workload based, structured around number of cloud accounts and average workload count. Enterprise contracts commonly land in the $200,000-$1,500,000+ ARR range depending on estate size. Wiz pricing is widely viewed as premium relative to competitors but justified by faster deployment and lower operational overhead.
Lacework uses simplified usage-based pricing tied to monitored resources and data volume. Mid-market deployments commonly start in the $40,000-$150,000 ARR range; enterprise deployments scale to $500,000+. Following the Fortinet acquisition, Lacework appears in bundle discussions with FortiGate, FortiSIEM, and other Fortinet platform components, which can materially shift the effective cost for Fortinet-aligned buyers.
Choose Wiz when multi-cloud parity across AWS, Azure, GCP, OCI, and Alibaba matters, when Graph-based attack-path prioritisation aligns with the security operating model, or when developer-led security adoption is a primary success criterion. Wiz is also typical for organisations evaluating consolidated CSPM, CWPP, CIEM, DSPM, and AI-SPM on a single agentless-first platform.
Choose Lacework when behavioural anomaly detection on runtime workloads is a primary requirement, when usage-based simplified pricing aligns with procurement, or when Fortinet platform consolidation (FortiGate, FortiSIEM, FortiSOAR) is part of the broader security architecture. Lacework is also typical for AWS-heavy environments where the Polygraph model has the longest deployment history.