Tomcat is an open-source web server supported by Apache.
N/A
Lacework
Score 6.0 out of 10
N/A
Lacework is a cloud-native application protection platform offered as-a-Service; delivering build-time to run-time threat detection, behavioral anomaly detection, and cloud compliance across multicloud environments, workloads, containers, and Kubernetes.
N/A
Pricing
Apache Tomcat
Lacework
Editions & Modules
No answers on this topic
No answers on this topic
Offerings
Pricing Offerings
Apache Tomcat
Lacework
Free Trial
No
No
Free/Freemium Version
No
No
Premium Consulting/Integration Services
No
No
Entry-level Setup Fee
No setup fee
No setup fee
Additional Details
—
—
More Pricing Information
Community Pulse
Apache Tomcat
Lacework
Features
Apache Tomcat
Lacework
Application Servers
Comparison of Application Servers features of Product A and Product B
Excellent value for companies wishing to host Java applications in the cloud. Utilizing hosting tools such as load balancers and network and application firewalls, Tomcat can be part of a powerful system to host web applications to thousands of users. There has been consistency in the development and support of Tomcat since its initial release in the late '90s and the best commonalities have been carried forward. If you host Java web applications, Tomcat is as good as any for an application server.
Lacework is well suited for behavioral analysis. One thing to consider thought is in the early stages there will be quite a bit of noise generated by Lacework. There will be a higher volume alerts generated initially - until a good baseline is generated. Overall Lacework is good with alert handling - integration with Slack is good.
Using tomcat manager to troubleshoot is not very informative. Error messages are vague, you have to dig into log files for more information about the problems.
Is great for simple web applications, but may not work for heavy development which may require a full J2EE stack, might like JBoss better.
Security in tomcat is not straightforward, as I discovered that you have to understand how to set up realms in tomcat in order to hash passwords, which I was not overly familiar with, which is a big deal when setting up users in the tomcat-users.xml file.
Tomcat has a very rich API set which allows us to implement our automation script to trigger the deployment, configure, stop and start Tomcat from the command line. In our projects, we embedded Tomcat in our Eclipse in all of the developer's machines so they could quickly verify their code with little effort, Azure Webapp has strong support for Tomcat so we could move our application to Azure cloud very easy. One drawback is Tomcat UI quite poorly features but we almost do not use it.
Tomcat doesn't have a built-in watchdog that ensures restart upon failure, so you have to provide it externally. A very good solution is java service wrapper. The community edition is able to restart Tomcat upon out of memories exceptions.
Tomcat support to customize memory used and allow us to define the Connection pool and thread pool to increase system performance and availability, Tomcat server itself consume very little memory and almost no footprint. We use Tomcat in our production environment which has up to thousands of concurrent users and it is stable and provides a quick response.
Eclipse Jetty is the best alternative for Apache Tomcat because which is also an open-source and lightweight servlet container like Tomcat. A major advantage of this over Tomcat is that Jetty server can easily be embedded with the source code of web applications. Since it requires less memory to operate, you may realize that it is very efficient.
Compared to Sysdig Falco (the free open-source IDS), Lacework helps security teams by providing actionable alerts and a user-friendly interface that gives you an overview of all workloads being monitored, and detailed insights into these workloads if needed. Falco requires you to build your own integration and interface around it, including a mechanism to whitelist certain alerts. This made it harder for the security team to focus their time on potential intrusions.
Tomcat is cheap and very quick to deploy, so it has benefited much when situation needs applications to be deployed quickly without wasting time on licensing and installations.
Plenty of documentation available so no vendor training is required. Support contract is not needed as well.
Being a FinTech company, financial institutions who partner with us want to know that we are appropriately maintaining a Security, Risk and Compliance program that maintains a level of comfort for their vendor management. Lacework gives us the ability to monitor and maintain a level of security for our infrastructure that puts our partners at ease, reduces the revenue cycle for new partners and opens doors to the future.
