Fortinet FortiAppSec Cloud is used as a WAF solution.
The easiest route - we'll conduct a 15 minute phone interview and write up the review for you.
Use our online form to submit your review. It's quick and you can post anonymously.
Fortinet FortiAppSec Cloud is used as a WAF solution.
In my opinion, the best features of Fortinet FortiAppSec Cloud are usability and price, which are the two strongest features from Fortinet security products.
We use the advanced bot mitigation, which supports credential stuffing, account takeover prevention, and stopping layer 7 DDoS and OWASP Top 10 attacks.
With the bot mitigation in Fortinet FortiAppSec Cloud, we control end users whenever they connect to our website, checking that they are not bots and allowing access only after verification.
We run AI detection in a testing phase, using both basic and advanced security measures, including API security and XML protection. AI helps by providing machine learning that suggests which policies need tuning and which signatures need to be added to our policy.
Fortinet FortiAppSec Cloud's adaptability to traffic patterns helps mitigate zero-day vulnerabilities through machine learning.
Fortinet FortiAppSec Cloud helps our organization by relying on Fortinet threat intelligence, which provides information on newly emerging zero-day attacks, allowing us to run signatures to stop these attacks.
We utilize the dynamic learning capabilities for threat updates.
Real-time traffic analysis has posed an issue for us because we did not see logs for legitimate traffic. A separate license is needed for Fortinet FortiAppSec Cloud to send logs to other cloud servers.
There is room for improvement in Fortinet FortiAppSec Cloud, especially since we need to see legitimate traffic as the current setup only provides logs for malicious traffic.
I have been using Fortinet FortiAppSec Cloud for less than one year.
We have not seen any lags or crashing, and it is very good regarding stability.
I rate the stability at a 10.
With only three administrators, it is still a scalable solution for my business.
Fortinet FortiAppSec Cloud is very good in scalability as it is a cloud service.
I always give Fortinet's technical support a rating of 10.
Positive
The deployment of Fortinet FortiAppSec Cloud is easy to deploy.
Fortinet FortiAppSec Cloud took only two days to fully implement.
We have seen a reduction in incidents and a good return on investment from Fortinet FortiAppSec Cloud.
Our return on investment is around 60%.
Compared to other solutions such as Imperva, AWS, and Cloudflare, Fortinet FortiAppSec Cloud is the easiest to use and provides great usability.
We are a customer running Fortinet FortiAppSec Cloud for both our organization and one for our customer.
Three users use Fortinet FortiAppSec Cloud.
As administrators, it is easy to maintain.
Using dynamic learning has helped us identify zero-day attacks.
I think Fortinet FortiAppSec Cloud is affordable.
My advice for others looking to implement Fortinet FortiAppSec Cloud is to check their situations beforehand, especially if they want to see logs for legitimate traffic or need legitimate traffic logs on Fortinet FortiAppSec Cloud. This should be reviewed with Fortinet before configuration.
I give this product a 10 rating overall.
My main use case for Aikido Security is to utilize it as part of our vulnerability management program, where we also scan our images, codes, and manage our SBOM.
A specific example of how I use Aikido Security in our vulnerability management program occurs every time new code is pushed into our repositories. Aikido scans for this new code and raises new vulnerabilities within these new codes. Then, with our automations, a Jira ticket gets created, our engineering team takes a look at it, and adjusts security if needed, resolving it within a few days.
Additionally, we use Aikido Security to generate a current status of our software, and I have created an automation that daily exports all of the vulnerabilities our software has, groups them by severity, and generates a report that can be shared with our customers.
In my experience, the best feature Aikido Security offers is its ease of use, as it was really easy to onboard our engineers into adopting Aikido Security in their day-to-day lives.
The reason onboarding my engineers with Aikido Security was so easy is the user interface. The first thing our engineers see when they log in is a feed of vulnerabilities that their own repositories are affected by, which helps them focus only on their work at hand.
I would also like to add that the integrations part is really useful, as all of the integrations we have added so far, mainly Jira, IDE, and API integrations, are really easy to use because they are backed by strong documentation that they maintain daily. This is a commendation to them.
Aikido Security has positively impacted our organization by helping us reduce the complexity in managing our vulnerabilities. We now have a single source of truth with Aikido Security, allowing us to get rid of manually maintained automations that we previously had.
I think Aikido Security could be improved by addressing its Jira integration, which I feel needs a bit of work. For my preferences, it is a bit too rigid. They recently added the capability of having custom fields, but before that, they did not have it.
Additionally, I would love to see a Terraform module for Aikido Security, although I know this might be a bit much to ask.
Customer support for Aikido Security is incredibly efficient. I can get an answer to a question within two or three minutes.
I chose a rating of ten because after reviewing several other products, Aikido Security was the easiest to use, the easiest to onboard, and the one with the most active customer support. I have a Slack channel with them where I can ask whatever I need and they will respond within minutes, which really helps us.
Positive
We previously used community Trivy, and we switched mainly because we did not want a solution that needed maintenance. Community Trivy was run within our automations, and we wanted something that would run without our intervention.
My experience with the pricing, setup cost, and licensing was very easy, as all information is already public. They have their pricing tiers publicly available to everyone. We also had help from our customer success manager who was with us the whole way.
While I cannot talk about money saved because I do not manage any financial decisions or have access to financial information, I can say that we have saved a lot of time. We no longer need our internal automations that were running in our internal Lambda deployments, which were quite slow and needed a lot of maintenance from our engineers. Since we got rid of that, our productivity has increased, I believe, by thirty-two percent.
Before choosing Aikido Security, we evaluated Aqua Security and Ox Security.
Since switching to Aikido Security, I have noticed a positive impact on my team's productivity with measurable results, as we now have measurements. Before, we did not even know how many vulnerabilities were raised per new functionality. We lacked a lot of visibility because reporting of vulnerabilities was not automated. New vulnerabilities were being raised by our automations, but tickets were not created automatically. We have gained a lot of productivity by not having to review the vulnerability reports themselves, but only needing to review the Jira tickets, which makes it much easier for our engineers.
My advice for others looking into using Aikido Security is to invest time in reading their documentation, as Aikido Security functionality can be exploited very much. I would rate this review a ten overall.
