The easiest route - we'll conduct a 15 minute phone interview and write up the review for you.
Use our online form to submit your review. It's quick and you can post anonymously.
We are using Cloudflare for our DNS needs as well as for our WAF and security needs. We are hosting our main website on Cloudflare, managing all of our A records and MX records within Cloudflare, and we have created many security rules on Cloudflare to mitigate rate limiting and bot mitigation.
The best feature Cloudflare has is the CDN; the CDN is very good, and the cache feature is also good. We are really enjoying their WAF and bot mitigation feature.
With the CDN, it has increased the loading speed quite a lot, and with the cache, the websites are loading quite well.
Cloudflare has positively impacted our organization by giving us flexibility to manage the DNS part, being quite fast, and allowing us to manage everything from a single dashboard, which is quite handy. Since we can add multiple admins to the dashboard, it has become quite beneficial, and we are quite happy to use Cloudflare.
I think Cloudflare is already quite good; I do not feel any issues with Cloudflare at this time, as everything seems to be working fine. The dashboard is quite nice, the features are quite good, and it is quite easy to use.
The dashboard could be improved a bit to provide us with more insight about the security threats and alerts, and the email notification could also be improved.
In my current field, I have been working for over 15 years.
In my experience, Cloudflare is stable. Cloudflare's reliability and uptime has met my expectations; it has been quite good in general, apart from the recent few downtimes.
Cloudflare's scalability is quite good; it is very easy to scale whenever we want to include multiple domains, and it is very straightforward and easy.
Cloudflare's customer support is good; although we have not opened many cases, their customer support has been good whenever needed.
We did try using other solutions before Cloudflare, but at the end of the day, we were unable to replace Cloudflare with any other solution. Before choosing Cloudflare, we did evaluate other options, such as F5 Distributed Cloud and on-premises solutions, such as Akamai.
At this time, we are not integrating Cloudflare with any other solution, and since I have not used the integration capabilities, I do not have considerable insight about that feature.
The return on investment for me is significant as time is the critical aspect. Cloudflare does save time, and the time savings is the only thing I would like to add, as it saves a great deal of time.
The pricing, setup cost, and licensing for Cloudflare are a bit on the higher side overall.
The learning curve for new users adopting Cloudflare in my organization is quite good; it is a quite easy solution to learn with no difficult things, and the interface is quite user-friendly.
Cloudflare handles compliance and regulatory requirements for our organization by having all of the required compliances. We are using ISO 27001, which Cloudflare is also certified.
I find Cloudflare's documentation and resources very helpful, as we often use those documents to fine-tune our services and learn new features.
I feel that our environment is quite secure with Cloudflare in place; we have not faced any issues in the past, and we feel it is quite safe.
My advice to others looking into using Cloudflare is that it is quite easy to use, with an intuitive interface, a good learning curve, and good usability. I would rate this review a 9 out of 10.
I am still using Fortinet products as before. I do not use email security like Perception Point; I use my emails on Outlook, and the security solutions are implemented by their Outlook email solutions through Microsoft Outlook. I did not pursue FortiCNAPP; I considered it, but the use case I wanted it for was not sufficient, so I changed my approach. I am using Fortinet FortiAppSec Cloud as my primary WAF.
Fortinet FortiAppSec Cloud helps my organization detect threats by typically capturing issues, as it usually logs when attacks have occurred. However, many things are in transit. I turned on the advanced bot to see if it would provide value beyond the normal bot mitigation on the system, but during that period, I did not see much difference, even though I did not use it for long, which is why I turned it back off. I did not have any bot-type attacks getting through at the time, but I am looking to review this again, and I might turn it back on because our threat landscape has doubled. The amount of attacks we have seen hit our systems from Q1 last year to Q2 this year is over a 150% increase, so I am reviewing everything and might turn it back on; however, there was not much difference for me between the advanced botnet protection and the default configuration.
I noticed AI-driven threat detection, and I used it for some threat hunting. Currently, I am the CIO, so I no longer manage daily operations, but I was investigating something myself last month. The AI awareness helps correlate and triage IOCs, and the ability to ask it questions, have it answer, explain things, and consult their repositories was helpful. I am currently considering implementing an advanced vulnerability scanner, which I think is a module on Fortinet FortiAppSec Cloud, but it does not come by default; you need to pay for a BYOL for it, and it is not subscribable. I have requested a license for close to two months now and have not received it, but it is an add-on module, different from the normal add-ons since you need to pay for a BYOL license.
Fortinet FortiAppSec Cloud's adaptability to traffic patterns helps in mitigating zero-day vulnerabilities; they have helped in a couple of ways, since the pattern recognition is very good. It is my primary WAF, along with a secondary one from Barracuda and a tertiary from Huawei, which has a specific OEM WAF system. I use Fortinet FortiAppSec Cloud across the board due to its excellent pattern recognition and extensive database for attack signatures.
I have not utilized dynamic learning capabilities for threat updates myself, but in the next few months, I will do a lot of it. I have noticed a couple of functions on our current WAF that we have not been using, which I am going to commission. A lot of the configurations were left as default. As the frequency, velocity, and volume of attacks have doubled, I will have my team start using these very soon, but I have not used that dynamic learning yet as far as I am aware.
The issue I have with Fortinet FortiAppSec Cloud is that the real-time analysis is not robust; I am unable to see all the logs of everything that happened, including what is passive. It only logs when there are suspicious activities, which means if something is not considered suspicious by Fortinet, I will not see the full picture. That is a disadvantage because it will not log unless it identifies an IOC or attacks, meaning I cannot see traffic information in a way that helps build more intelligence.
The biggest issue I have with Fortinet FortiAppSec Cloud is that the logging is not as extensive as I would prefer. For instance, if there was an issue two days ago and Fortinet FortiAppSec Cloud did not mark it as a concern, I will not see any information about that, making it challenging to explain to customers if their request did not reach us. It hampers visibility from an API perspective. They need to enhance monitoring and logging to be more extensive and capture even passive activities.
The AI integration in Fortinet FortiAppSec Cloud is still new. The generative models are good, but there is much work left to improve. It is not as intelligent as it could be; thus, enhancements around the AI co-assistant would be beneficial. Additionally, logging and monitoring need improvement as I can capture traffic and investigate offline on my Fortinet firewall, including full traffic view, but Fortinet FortiAppSec Cloud currently focuses only on security concerns, which does not give the complete picture.
I have been using Fortinet FortiAppSec Cloud for almost five years now; I met it in this institution I work, and it used to be called FortiWAF before it was recently renamed to Fortinet FortiAppSec Cloud.
I rate Fortinet's technical support around six or seven; it is not so great. Despite their wonderful product, if I am a technical person, I can often figure out issues myself. However, before reaching that point with my highly trained team, there have been situations where raising tickets led to slow responses, especially since I typically deal with high-priority issues classified as severity zero. Fortinet does not allow me to raise severity zero tickets, so I have to log and call their support team, which often leaves me waiting on hold for long periods, particularly when dealing with urgent issues.
I have seen ROI with Fortinet products. I see ROI almost every month, typically within the first six months. For security devices, ROI is the ratio of their ability to prevent attacks that could cost significantly more. I run a massive fintech, similar to a bank, and whenever someone compromises my environment, they can take away over one billion Naira, which is millions of USD. The combined cost of my Fortinet devices is less than 200 million Naira, and I face over 500,000 attacks a day across all my firewalls, with nearly seven forming my edge devices. Thus, if just one attack gets through, I see it immediately. Therefore, I do have ROI from all the attacks I can clearly see that have been blocked. My favorite Fortinet device is the FortiGate next-gen firewall itself; it is a complete suite with intrusion prevention, intrusion detection, anti-malware, anti-DDoS, and SD-WAN functionalities. It is an impressive device and my top security choice.
I think the pricing of Fortinet FortiAppSec Cloud is reasonable for the flexibility it offers. I have almost ten or more Fortinet devices, including next-gen firewalls, FortiAuthenticators, FortiManagers, and I subscribe to FortiCloud. I have Fortinet FortiAppSec Cloud and was going to buy FortiCNAPP; I am also considering FortiSIEM and FortiAnalyzer. Fortinet's pricing is cheaper than most competitors for its functions, which I appreciate. They made a major change recently regarding the purchasing method. Initially, for a Fortinet BYOL license, I had to buy it perpetually, which made it hard for SMEs due to high entry fees. Now I can pay a subscription bundle instead of a large upfront cost, which makes it more accessible. Although it is still somewhat high, the new option of around $5,000 a year for a four-core SKU is an improvement from the previous $30,000 starting point.
I did use Fortinet FortiAppSec Cloud's advanced bot mitigation temporarily; I might go back on it, but I did temporarily. Fortinet FortiAppSec Cloud's adaptability to traffic patterns helps in mitigating zero-day vulnerabilities; they have helped in a couple of ways, since the pattern recognition is very good. It is my primary WAF, along with a secondary one from Barracuda and a tertiary from Huawei, which has a specific OEM WAF system. I use Fortinet FortiAppSec Cloud across the board due to its excellent pattern recognition and extensive database for attack signatures. I would rate this product eight out of ten overall.
