The easiest route - we'll conduct a 15 minute phone interview and write up the review for you.
Use our online form to submit your review. It's quick and you can post anonymously.
I am still using Fortinet products as before. I do not use email security like Perception Point; I use my emails on Outlook, and the security solutions are implemented by their Outlook email solutions through Microsoft Outlook. I did not pursue FortiCNAPP; I considered it, but the use case I wanted it for was not sufficient, so I changed my approach. I am using Fortinet FortiAppSec Cloud as my primary WAF.
Fortinet FortiAppSec Cloud helps my organization detect threats by typically capturing issues, as it usually logs when attacks have occurred. However, many things are in transit. I turned on the advanced bot to see if it would provide value beyond the normal bot mitigation on the system, but during that period, I did not see much difference, even though I did not use it for long, which is why I turned it back off. I did not have any bot-type attacks getting through at the time, but I am looking to review this again, and I might turn it back on because our threat landscape has doubled. The amount of attacks we have seen hit our systems from Q1 last year to Q2 this year is over a 150% increase, so I am reviewing everything and might turn it back on; however, there was not much difference for me between the advanced botnet protection and the default configuration.
I noticed AI-driven threat detection, and I used it for some threat hunting. Currently, I am the CIO, so I no longer manage daily operations, but I was investigating something myself last month. The AI awareness helps correlate and triage IOCs, and the ability to ask it questions, have it answer, explain things, and consult their repositories was helpful. I am currently considering implementing an advanced vulnerability scanner, which I think is a module on Fortinet FortiAppSec Cloud, but it does not come by default; you need to pay for a BYOL for it, and it is not subscribable. I have requested a license for close to two months now and have not received it, but it is an add-on module, different from the normal add-ons since you need to pay for a BYOL license.
Fortinet FortiAppSec Cloud's adaptability to traffic patterns helps in mitigating zero-day vulnerabilities; they have helped in a couple of ways, since the pattern recognition is very good. It is my primary WAF, along with a secondary one from Barracuda and a tertiary from Huawei, which has a specific OEM WAF system. I use Fortinet FortiAppSec Cloud across the board due to its excellent pattern recognition and extensive database for attack signatures.
I have not utilized dynamic learning capabilities for threat updates myself, but in the next few months, I will do a lot of it. I have noticed a couple of functions on our current WAF that we have not been using, which I am going to commission. A lot of the configurations were left as default. As the frequency, velocity, and volume of attacks have doubled, I will have my team start using these very soon, but I have not used that dynamic learning yet as far as I am aware.
The issue I have with Fortinet FortiAppSec Cloud is that the real-time analysis is not robust; I am unable to see all the logs of everything that happened, including what is passive. It only logs when there are suspicious activities, which means if something is not considered suspicious by Fortinet, I will not see the full picture. That is a disadvantage because it will not log unless it identifies an IOC or attacks, meaning I cannot see traffic information in a way that helps build more intelligence.
The biggest issue I have with Fortinet FortiAppSec Cloud is that the logging is not as extensive as I would prefer. For instance, if there was an issue two days ago and Fortinet FortiAppSec Cloud did not mark it as a concern, I will not see any information about that, making it challenging to explain to customers if their request did not reach us. It hampers visibility from an API perspective. They need to enhance monitoring and logging to be more extensive and capture even passive activities.
The AI integration in Fortinet FortiAppSec Cloud is still new. The generative models are good, but there is much work left to improve. It is not as intelligent as it could be; thus, enhancements around the AI co-assistant would be beneficial. Additionally, logging and monitoring need improvement as I can capture traffic and investigate offline on my Fortinet firewall, including full traffic view, but Fortinet FortiAppSec Cloud currently focuses only on security concerns, which does not give the complete picture.
I have been using Fortinet FortiAppSec Cloud for almost five years now; I met it in this institution I work, and it used to be called FortiWAF before it was recently renamed to Fortinet FortiAppSec Cloud.
I rate Fortinet's technical support around six or seven; it is not so great. Despite their wonderful product, if I am a technical person, I can often figure out issues myself. However, before reaching that point with my highly trained team, there have been situations where raising tickets led to slow responses, especially since I typically deal with high-priority issues classified as severity zero. Fortinet does not allow me to raise severity zero tickets, so I have to log and call their support team, which often leaves me waiting on hold for long periods, particularly when dealing with urgent issues.
I have seen ROI with Fortinet products. I see ROI almost every month, typically within the first six months. For security devices, ROI is the ratio of their ability to prevent attacks that could cost significantly more. I run a massive fintech, similar to a bank, and whenever someone compromises my environment, they can take away over one billion Naira, which is millions of USD. The combined cost of my Fortinet devices is less than 200 million Naira, and I face over 500,000 attacks a day across all my firewalls, with nearly seven forming my edge devices. Thus, if just one attack gets through, I see it immediately. Therefore, I do have ROI from all the attacks I can clearly see that have been blocked. My favorite Fortinet device is the FortiGate next-gen firewall itself; it is a complete suite with intrusion prevention, intrusion detection, anti-malware, anti-DDoS, and SD-WAN functionalities. It is an impressive device and my top security choice.
I think the pricing of Fortinet FortiAppSec Cloud is reasonable for the flexibility it offers. I have almost ten or more Fortinet devices, including next-gen firewalls, FortiAuthenticators, FortiManagers, and I subscribe to FortiCloud. I have Fortinet FortiAppSec Cloud and was going to buy FortiCNAPP; I am also considering FortiSIEM and FortiAnalyzer. Fortinet's pricing is cheaper than most competitors for its functions, which I appreciate. They made a major change recently regarding the purchasing method. Initially, for a Fortinet BYOL license, I had to buy it perpetually, which made it hard for SMEs due to high entry fees. Now I can pay a subscription bundle instead of a large upfront cost, which makes it more accessible. Although it is still somewhat high, the new option of around $5,000 a year for a four-core SKU is an improvement from the previous $30,000 starting point.
I did use Fortinet FortiAppSec Cloud's advanced bot mitigation temporarily; I might go back on it, but I did temporarily. Fortinet FortiAppSec Cloud's adaptability to traffic patterns helps in mitigating zero-day vulnerabilities; they have helped in a couple of ways, since the pattern recognition is very good. It is my primary WAF, along with a secondary one from Barracuda and a tertiary from Huawei, which has a specific OEM WAF system. I use Fortinet FortiAppSec Cloud across the board due to its excellent pattern recognition and extensive database for attack signatures. I would rate this product eight out of ten overall.
Fortinet FortiAppSec Cloud is used as a WAF solution.
In my opinion, the best features of Fortinet FortiAppSec Cloud are usability and price, which are the two strongest features from Fortinet security products.
We use the advanced bot mitigation, which supports credential stuffing, account takeover prevention, and stopping layer 7 DDoS and OWASP Top 10 attacks.
With the bot mitigation in Fortinet FortiAppSec Cloud, we control end users whenever they connect to our website, checking that they are not bots and allowing access only after verification.
We run AI detection in a testing phase, using both basic and advanced security measures, including API security and XML protection. AI helps by providing machine learning that suggests which policies need tuning and which signatures need to be added to our policy.
Fortinet FortiAppSec Cloud's adaptability to traffic patterns helps mitigate zero-day vulnerabilities through machine learning.
Fortinet FortiAppSec Cloud helps our organization by relying on Fortinet threat intelligence, which provides information on newly emerging zero-day attacks, allowing us to run signatures to stop these attacks.
We utilize the dynamic learning capabilities for threat updates.
Real-time traffic analysis has posed an issue for us because we did not see logs for legitimate traffic. A separate license is needed for Fortinet FortiAppSec Cloud to send logs to other cloud servers.
There is room for improvement in Fortinet FortiAppSec Cloud, especially since we need to see legitimate traffic as the current setup only provides logs for malicious traffic.
I have been using Fortinet FortiAppSec Cloud for less than one year.
We have not seen any lags or crashing, and it is very good regarding stability.
I rate the stability at a 10.
With only three administrators, it is still a scalable solution for my business.
Fortinet FortiAppSec Cloud is very good in scalability as it is a cloud service.
I always give Fortinet's technical support a rating of 10.
Positive
The deployment of Fortinet FortiAppSec Cloud is easy to deploy.
Fortinet FortiAppSec Cloud took only two days to fully implement.
We have seen a reduction in incidents and a good return on investment from Fortinet FortiAppSec Cloud.
Our return on investment is around 60%.
Compared to other solutions such as Imperva, AWS, and Cloudflare, Fortinet FortiAppSec Cloud is the easiest to use and provides great usability.
We are a customer running Fortinet FortiAppSec Cloud for both our organization and one for our customer.
Three users use Fortinet FortiAppSec Cloud.
As administrators, it is easy to maintain.
Using dynamic learning has helped us identify zero-day attacks.
I think Fortinet FortiAppSec Cloud is affordable.
My advice for others looking to implement Fortinet FortiAppSec Cloud is to check their situations beforehand, especially if they want to see logs for legitimate traffic or need legitimate traffic logs on Fortinet FortiAppSec Cloud. This should be reviewed with Fortinet before configuration.
I give this product a 10 rating overall.
