Share your experience using Continuous Dynamic (formerly WhiteHat Dynamic)

I have been using Aikido Security for a little over a year now, mainly as a part of our DevSecOps pipeline. It fits in smoothly with our existing Git workflow, which made adoption easier for the team. What stood out early on was how quickly it started surfacing real vulnerabilities without overwhelming us with noise. Over time, it has become a core part of how we approach secure development.

Our main use case for Aikido Security is continuous code and dependency scanning across multiple repos. We rely on it to catch vulnerabilities early in the development lifecycle, especially in open-source dependencies. It also helps us maintain compliance standards without needing a separate security team for every project. Essentially, it acts as a guardrail during development. A specific example that stands out is when Aikido Security flagged a vulnerable version of a logging library we were using in our microservices. It highlighted a known CVE with a clear severity rating and even suggested a safer version upgrade. We were able to patch that within a few hours, avoiding what could have been a serious exploitation path. Before this, similar issues would sometimes slip through tests.

When Aikido Security flagged that vulnerability, the alert came directly into our pull request, so the developer who introduced the dependency saw it immediately. Instead of escalating it to a separate security review, the developer patched it on the spot using the suggested version upgrade. We verified the fix in the same pipeline run and merged it within a few hours. It was a much faster turnaround compared to our old process, which would take a couple of days.

Beyond basic scanning, we also use Aikido Security for container security and infrastructure as code checks. It integrates nicely with CI/CD pipelines, so every pull request gets scanned automatically. We have also customized some rules to align with our internal policies. It has been quite flexible in adapting to our workflow.

The best feature in my opinion is its low false-positive rate compared to other tools we have used. Aikido Security gives actionable insights rather than flooding us with alerts. The unified dashboard is another highlight. It consolidates code, dependency, and container vulnerability in one place. That saves a lot of context-switching time.

The dashboard in Aikido Security is something our team interacts with pretty much every day. It gives us a single view of vulnerabilities across code dependencies, containers, and even infrastructure as code, so we are not jumping between multiple tools anymore. For example, during our daily stand-ups, we quickly review any new high-severity issues and assign them right away, which keeps things moving. It also helps that the issues are prioritized well, so we are not wasting time chasing low-impact alerts.

What I appreciate is the automatic fix suggestion. It does not just point out an issue; it often suggests exact version upgrades or patches. The GitHub integration is also very smooth, making it easy to track and resolve issues within PRs. That level of automation really boosts productivity.

Deeper customization in reporting would improve it a little bit. While the default reports are good, more flexibility in tailoring them for different stakeholders would help. Also, support for more niche programming languages would be useful. It is not a deal-breaker, but something to improve.

Monitoring and logging could be enhanced with more granular insight. For example, having better historical trend analysis of vulnerabilities would be valuable. Right now, it is good, but not very deep. More integration with observability tools would also help.

Stability has been solid so far. We have not experienced any major downtime or disruption. Scans run consistently as part of our pipeline. That reliability is important for us.

Scalability is another strong point. As our number of repos grew, Aikido Security handled the increase without any noticeable performance drop. It scales well with the team size and project complexity. That has been reassuring.

Customer support has been responsive and helpful. We have reached out a few times for integration questions, and they usually respond within a day. The guidance has been practical, not just generic feedback. That has made a huge difference.

Before Aikido Security, we were using a combination of open-source tools and manual checks. The setup was fragmented and often missed critical issues. We switched because we needed a more unified and reliable solution. Aikido Security filled that gap very well.

Pricing was straightforward and relatively transparent. Setup took less than a day for our core repo. Compared to other tools, the onboarding experience was quite smooth. It did not require heavy configuration upfront.

In terms of ROI, we have seen clear gains. We saved roughly 25% in time spent on manual security reviews. Incident response costs dropped as well, probably by around 15% to 20%. Overall, it has been a worthwhile investment.

We evaluated tools like Dependabot during our selection process. While they were strong in certain areas, Aikido Security offered a more comprehensive and less noisy experience. That all-in-one approach was a key deciding factor. It felt more streamlined.

Aikido Security is reliable, easy to use, and genuinely improves security workflow. The few gaps in customization and advanced reporting keep it from being a full 10. But overall, it is a strong product. I give this product a rating of 8 out of 10.

Integrate Aikido Security early in your development lifecycle. Do not treat it as an afterthought once your lifecycle is complete. Also, spend some time tuning the alerts to match your workflow. That helps get the most value out of it.

Overall, I think Aikido Security is a solid choice for teams looking to improve their security posture without adding complexity. It strikes a good balance between automation and usability. While there is room for improvement, it delivers strong value. I would definitely recommend it.

I am still using Fortinet products as before. I do not use email security like Perception Point; I use my emails on Outlook, and the security solutions are implemented by their Outlook email solutions through Microsoft Outlook. I did not pursue FortiCNAPP; I considered it, but the use case I wanted it for was not sufficient, so I changed my approach. I am using Fortinet FortiAppSec Cloud as my primary WAF.

Fortinet FortiAppSec Cloud helps my organization detect threats by typically capturing issues, as it usually logs when attacks have occurred. However, many things are in transit. I turned on the advanced bot to see if it would provide value beyond the normal bot mitigation on the system, but during that period, I did not see much difference, even though I did not use it for long, which is why I turned it back off. I did not have any bot-type attacks getting through at the time, but I am looking to review this again, and I might turn it back on because our threat landscape has doubled. The amount of attacks we have seen hit our systems from Q1 last year to Q2 this year is over a 150% increase, so I am reviewing everything and might turn it back on; however, there was not much difference for me between the advanced botnet protection and the default configuration.

I noticed AI-driven threat detection, and I used it for some threat hunting. Currently, I am the CIO, so I no longer manage daily operations, but I was investigating something myself last month. The AI awareness helps correlate and triage IOCs, and the ability to ask it questions, have it answer, explain things, and consult their repositories was helpful. I am currently considering implementing an advanced vulnerability scanner, which I think is a module on Fortinet FortiAppSec Cloud, but it does not come by default; you need to pay for a BYOL for it, and it is not subscribable. I have requested a license for close to two months now and have not received it, but it is an add-on module, different from the normal add-ons since you need to pay for a BYOL license.

Fortinet FortiAppSec Cloud's adaptability to traffic patterns helps in mitigating zero-day vulnerabilities; they have helped in a couple of ways, since the pattern recognition is very good. It is my primary WAF, along with a secondary one from Barracuda and a tertiary from Huawei, which has a specific OEM WAF system. I use Fortinet FortiAppSec Cloud across the board due to its excellent pattern recognition and extensive database for attack signatures.

I have not utilized dynamic learning capabilities for threat updates myself, but in the next few months, I will do a lot of it. I have noticed a couple of functions on our current WAF that we have not been using, which I am going to commission. A lot of the configurations were left as default. As the frequency, velocity, and volume of attacks have doubled, I will have my team start using these very soon, but I have not used that dynamic learning yet as far as I am aware.

The issue I have with Fortinet FortiAppSec Cloud is that the real-time analysis is not robust; I am unable to see all the logs of everything that happened, including what is passive. It only logs when there are suspicious activities, which means if something is not considered suspicious by Fortinet, I will not see the full picture. That is a disadvantage because it will not log unless it identifies an IOC or attacks, meaning I cannot see traffic information in a way that helps build more intelligence.

The biggest issue I have with Fortinet FortiAppSec Cloud is that the logging is not as extensive as I would prefer. For instance, if there was an issue two days ago and Fortinet FortiAppSec Cloud did not mark it as a concern, I will not see any information about that, making it challenging to explain to customers if their request did not reach us. It hampers visibility from an API perspective. They need to enhance monitoring and logging to be more extensive and capture even passive activities.

The AI integration in Fortinet FortiAppSec Cloud is still new. The generative models are good, but there is much work left to improve. It is not as intelligent as it could be; thus, enhancements around the AI co-assistant would be beneficial. Additionally, logging and monitoring need improvement as I can capture traffic and investigate offline on my Fortinet firewall, including full traffic view, but Fortinet FortiAppSec Cloud currently focuses only on security concerns, which does not give the complete picture.

I have been using Fortinet FortiAppSec Cloud for almost five years now; I met it in this institution I work, and it used to be called FortiWAF before it was recently renamed to Fortinet FortiAppSec Cloud.

I rate Fortinet's technical support around six or seven; it is not so great. Despite their wonderful product, if I am a technical person, I can often figure out issues myself. However, before reaching that point with my highly trained team, there have been situations where raising tickets led to slow responses, especially since I typically deal with high-priority issues classified as severity zero. Fortinet does not allow me to raise severity zero tickets, so I have to log and call their support team, which often leaves me waiting on hold for long periods, particularly when dealing with urgent issues.

I have seen ROI with Fortinet products. I see ROI almost every month, typically within the first six months. For security devices, ROI is the ratio of their ability to prevent attacks that could cost significantly more. I run a massive fintech, similar to a bank, and whenever someone compromises my environment, they can take away over one billion Naira, which is millions of USD. The combined cost of my Fortinet devices is less than 200 million Naira, and I face over 500,000 attacks a day across all my firewalls, with nearly seven forming my edge devices. Thus, if just one attack gets through, I see it immediately. Therefore, I do have ROI from all the attacks I can clearly see that have been blocked. My favorite Fortinet device is the FortiGate next-gen firewall itself; it is a complete suite with intrusion prevention, intrusion detection, anti-malware, anti-DDoS, and SD-WAN functionalities. It is an impressive device and my top security choice.

I think the pricing of Fortinet FortiAppSec Cloud is reasonable for the flexibility it offers. I have almost ten or more Fortinet devices, including next-gen firewalls, FortiAuthenticators, FortiManagers, and I subscribe to FortiCloud. I have Fortinet FortiAppSec Cloud and was going to buy FortiCNAPP; I am also considering FortiSIEM and FortiAnalyzer. Fortinet's pricing is cheaper than most competitors for its functions, which I appreciate. They made a major change recently regarding the purchasing method. Initially, for a Fortinet BYOL license, I had to buy it perpetually, which made it hard for SMEs due to high entry fees. Now I can pay a subscription bundle instead of a large upfront cost, which makes it more accessible. Although it is still somewhat high, the new option of around $5,000 a year for a four-core SKU is an improvement from the previous $30,000 starting point.

I did use Fortinet FortiAppSec Cloud's advanced bot mitigation temporarily; I might go back on it, but I did temporarily. Fortinet FortiAppSec Cloud's adaptability to traffic patterns helps in mitigating zero-day vulnerabilities; they have helped in a couple of ways, since the pattern recognition is very good. It is my primary WAF, along with a secondary one from Barracuda and a tertiary from Huawei, which has a specific OEM WAF system. I use Fortinet FortiAppSec Cloud across the board due to its excellent pattern recognition and extensive database for attack signatures. I would rate this product eight out of ten overall.