What is our primary use case?
This typical use case was a situation where there are mature Java applications that will be replaced by a new system. However, the new apps will not be available for some time and the existing apps need to be secured until then.
The customer deployed Protect with their current apps and Protect was able to detect attempted exploits and report the vulnerabilities and details of the attacks in real-time.
What is most valuable?
The Protect solution allows applications to continue to run, even with known vulnerabilities, but will report or block attempts to exploit the vulnerabilities.
The product can be configured to either notify or block activity that attempts to exploit a vulnerability. If it blocks the attack, but permits the application to run, blocking only the attacking transactions. Attack details are sent to the customer SIEM in real-time.
This company used Contrast products (Protect and Assess) as a way to reduce the cost of penetration testing and accelerate release cycles.
What needs improvement?
Additional languages and platforms - on the product roadmap.
For how long have I used the solution?
I've used the solution for almost three years at this point. We've been using it over the last 12 months.
What do I think about the stability of the solution?
No problems with stability. Occasional a minor problem with a new release, but quickly resolved.
In terms of general stability, there is nothing out of the ordinary and there's not anything that would be a flag for using it.
What do I think about the scalability of the solution?
The scalability is great. The SaaS side of the solution is very strong. Their ability to serve a lot of applications or a lot of developers at the same time is great. They've solved the cloud side of it. As they serve more big customers, Contrast better understands what those customers need in terms of actionable results.
There have been improvements and continued refinements in the ability to filter and connect. Notifications can be done in anything from email to Slack, to something more generic. It can scale, there's no question.
How are customer service and support?
Tech support gets very high ratings. They're responsive and knowledgeable. They're available and if there's something that's escalated, it gets the necessary attention. There are daily escalation meetings that get attention at a very high-level to prioritize issues.
How was the initial setup?
It's actually very straightforward to deploy. The complexities generally reflect the complexities of the overall system and environment. For example, the apps may be hosted at many different locations across multiple business units.
Protect also has integrations with other tools, such as logging and SIEM products.
The solution's setup complications just typically reflect what's unique about the customer's environment due to the nature of the company.
What's my experience with pricing, setup cost, and licensing?
Protect pricing is based on the number of application, but the price depends on the overall relationship.
What other advice do I have?
I'm not sure which version of the solution we're using. We updated the product about a year ago and at that time it was the latest.
The product has an agent that's deployed wherever the applications are running, whether that's on-prem or in the cloud. It connects with our service, which is SaaS, which is in the cloud. From there it provides a dashboard, a console of activities, and other integrations.
I would recommend the solution. It's a way to provide the protection until a future release or a re-work of that whole application set.
Overall, I would rate the solution at a nine out of ten. It's a very strong product overall.
*Disclosure: My company does not have a business relationship with this vendor other than being a customer.
