Fortinet FortiAppSec Cloud is used as a WAF solution.
The easiest route - we'll conduct a 15 minute phone interview and write up the review for you.
Use our online form to submit your review. It's quick and you can post anonymously.
Fortinet FortiAppSec Cloud is used as a WAF solution.
In my opinion, the best features of Fortinet FortiAppSec Cloud are usability and price, which are the two strongest features from Fortinet security products.
We use the advanced bot mitigation, which supports credential stuffing, account takeover prevention, and stopping layer 7 DDoS and OWASP Top 10 attacks.
With the bot mitigation in Fortinet FortiAppSec Cloud, we control end users whenever they connect to our website, checking that they are not bots and allowing access only after verification.
We run AI detection in a testing phase, using both basic and advanced security measures, including API security and XML protection. AI helps by providing machine learning that suggests which policies need tuning and which signatures need to be added to our policy.
Fortinet FortiAppSec Cloud's adaptability to traffic patterns helps mitigate zero-day vulnerabilities through machine learning.
Fortinet FortiAppSec Cloud helps our organization by relying on Fortinet threat intelligence, which provides information on newly emerging zero-day attacks, allowing us to run signatures to stop these attacks.
We utilize the dynamic learning capabilities for threat updates.
Real-time traffic analysis has posed an issue for us because we did not see logs for legitimate traffic. A separate license is needed for Fortinet FortiAppSec Cloud to send logs to other cloud servers.
There is room for improvement in Fortinet FortiAppSec Cloud, especially since we need to see legitimate traffic as the current setup only provides logs for malicious traffic.
I have been using Fortinet FortiAppSec Cloud for less than one year.
We have not seen any lags or crashing, and it is very good regarding stability.
I rate the stability at a 10.
With only three administrators, it is still a scalable solution for my business.
Fortinet FortiAppSec Cloud is very good in scalability as it is a cloud service.
I always give Fortinet's technical support a rating of 10.
Positive
The deployment of Fortinet FortiAppSec Cloud is easy to deploy.
Fortinet FortiAppSec Cloud took only two days to fully implement.
We have seen a reduction in incidents and a good return on investment from Fortinet FortiAppSec Cloud.
Our return on investment is around 60%.
Compared to other solutions such as Imperva, AWS, and Cloudflare, Fortinet FortiAppSec Cloud is the easiest to use and provides great usability.
We are a customer running Fortinet FortiAppSec Cloud for both our organization and one for our customer.
Three users use Fortinet FortiAppSec Cloud.
As administrators, it is easy to maintain.
Using dynamic learning has helped us identify zero-day attacks.
I think Fortinet FortiAppSec Cloud is affordable.
My advice for others looking to implement Fortinet FortiAppSec Cloud is to check their situations beforehand, especially if they want to see logs for legitimate traffic or need legitimate traffic logs on Fortinet FortiAppSec Cloud. This should be reviewed with Fortinet before configuration.
I give this product a 10 rating overall.
I use Imperva Application Security Platform for API security, which has a cloud solution where normal traffic flows horizontally, and a copy of the traffic goes to the cloud to be inspected. If there is something suspicious, it could be blocked depending on the action configured. Imperva Application Security Platform also has a solution for Database Activity Monitoring (DAM) as well as API security. I have been working with these solutions for around one and a half years, more than one year, as a partner collaborating with the vendor. The communication from the vendor flows through us, then to the clients, particularly the financial institutions and banks.
The data center for the bank is usually the headquarter, where the main data center is located in our country, and there are branches at every street. For the branches, every access is through the firewall and the core banking application server, and there is an integration between banks from different institutions. In this case, every communication is done through the API, necessitating API inspection and API security.
The main benefit is the use case my clients find valuable. For the product and security, there is good API inspection. If any abnormal API appears or there are any similarities due to changes, the API security features will catch that because there is access for third-party applications from one bank to another. This setup ensures there is segmentation, and allowed APIs will get access while others will be blocked. It serves as the main channel for third-party application integration, and without API security, any similar URL related access could affect core banking, which is vital for every financial transaction.
For real-time analysis, the deployment is arranged so as not to interrupt transactions. The normal traffic flow will continue, while a copy of the API traffic will be mirrored to Imperva Application Security Platform for deep inspection. If any abnormalities are detected, even unusual behaviors for transactions, checks are done continuously, and actions are sent accordingly if any suspicious traffic is found.
For the fast response of signature-based comparisons, traffic will be matched against the solutions stored in the database to release actions if similarities occur. However, the main drawback for signature-based approaches happens when there is a new zero-day attack that is not in the database. Solutions usually include integrity with lab environments so that zero-day attack signatures are sent through subscriptions to provide the latest updates.
The comparison for API protection varies across solutions. For F5, API protection is part of WAF, and similarly for Fortinet. While Imperva Application Security Platform has basic features as part of WAF, its dedicated API protection solution is a strong point.
On the negative side, API security mainly supports cloud-based solutions, while most of my customers prefer on-prem setups, so achieving high performance with on-prem solutions would be beneficial. The attractiveness of Imperva Application Security Platform is that not all data is exposed to the cloud. Only a mirrored copy goes to the cloud and is inspected, allowing actions to be taken on-prem. To convince my clients, a purely on-prem solution would be ideal since they are financial institutions.
I have been using the solution for more than one year.
I am more than happy with the technical support from Imperva Application Security Platform regarding data security and API security. For the support, however, one notable drawback is that, unlike Fortinet, which offers fast track labs and continuous enablement, Imperva Application Security Platform lacks lab access and fast track labs for enablement and product advertising. This weakness has shifted the marketplace toward other vendors. When creating a ticket for support during deployment, the response is satisfactory, though the gaps in enablement and lab sessions are clear.
I find Imperva Application Security Platform to be a scalable product, as long as I subscribe and pay for the application I wish to use. It is scalable, and for about one and a half years, I have experienced no challenges in this area. I have not even needed support after deployment, since it has remained stable.
When creating a ticket for support during deployment, the response is satisfactory, though the gaps in enablement and lab sessions are clear. Overall, I would rate support around an eight or nine, and my overall experience with security products spans around four years, with my particular engagement with Imperva Application Security Platform mainly during project deployment and client training.
Positive
For installation, it primarily involves a cloud-based service, and I was using that as an operator. For database activity monitoring, I have deployed it, and while it is somewhat complex, there is a support channel where I communicate with vendors to resolve issues. The main challenge during installation is not unique to Imperva Application Security Platform. It is faced by many on-prem and virtual appliance products, particularly ensuring integrity with the virtualization environment and integration with third-party applications.
I am not using CyberArk, as it is only a proposal for identity and access management that I have proposed for my clients.
Apart from One Identity, I am working with SentinelOne for AI, and I was looking for that. For Purple AI, I was communicating with the vendors and the distributor, and I have considered proposing it for my clients. Currently, I am using the load balancer Radware as an application load balancer. For the on-prem WAF, I am using Fortinet, regarding the WAF and the load balancer, Radware and Fortinet.
I am not working with some email security products, some EDR, or endpoint protection as an implementation. I was just looking into it and have proposed it for my clients, and I am waiting for the financial evaluation for FortiMail. For Fortinet, I am involved more with FortiMail, WAF, ADC, FortiGate firewall, NAC, WAF, and FortiClient EMS.
Regarding Check Point and WatchGuard, I have worked with Check Point for the firewall, specifically the perimeter firewall. For Check Point, I have already worked with the firewall only, which is a next-generation firewall, using a physical appliance on-prem. Most of my customers, particularly financial institutions, even if they invest their resources in the cloud, need an on-prem solution. It could be a virtual appliance deployed on a server or a physical appliance, but they mostly need on-prem.
Regarding the price, I find Imperva Application Security Platform affordable, with moderate pricing. My overall rating for this solution is eight out of ten.
