I am still using Fortinet products as before. I do not use email security like Perception Point; I use my emails on Outlook, and the security solutions are implemented by their Outlook email solutions through Microsoft Outlook. I did not pursue FortiCNAPP; I considered it, but the use case I wanted it for was not sufficient, so I changed my approach. I am using Fortinet FortiAppSec Cloud as my primary WAF.
Reviews from AWS customer
0 AWS reviews
-
5 star0
-
4 star0
-
3 star0
-
2 star0
-
1 star0
External reviews
35 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Advanced threat protection has reduced financial risk and improves application security visibility
What is our primary use case?
What is most valuable?
Fortinet FortiAppSec Cloud helps my organization detect threats by typically capturing issues, as it usually logs when attacks have occurred. However, many things are in transit. I turned on the advanced bot to see if it would provide value beyond the normal bot mitigation on the system, but during that period, I did not see much difference, even though I did not use it for long, which is why I turned it back off. I did not have any bot-type attacks getting through at the time, but I am looking to review this again, and I might turn it back on because our threat landscape has doubled. The amount of attacks we have seen hit our systems from Q1 last year to Q2 this year is over a 150% increase, so I am reviewing everything and might turn it back on; however, there was not much difference for me between the advanced botnet protection and the default configuration.
I noticed AI-driven threat detection, and I used it for some threat hunting. Currently, I am the CIO, so I no longer manage daily operations, but I was investigating something myself last month. The AI awareness helps correlate and triage IOCs, and the ability to ask it questions, have it answer, explain things, and consult their repositories was helpful. I am currently considering implementing an advanced vulnerability scanner, which I think is a module on Fortinet FortiAppSec Cloud, but it does not come by default; you need to pay for a BYOL for it, and it is not subscribable. I have requested a license for close to two months now and have not received it, but it is an add-on module, different from the normal add-ons since you need to pay for a BYOL license.
Fortinet FortiAppSec Cloud's adaptability to traffic patterns helps in mitigating zero-day vulnerabilities; they have helped in a couple of ways, since the pattern recognition is very good. It is my primary WAF, along with a secondary one from Barracuda and a tertiary from Huawei, which has a specific OEM WAF system. I use Fortinet FortiAppSec Cloud across the board due to its excellent pattern recognition and extensive database for attack signatures.
I have not utilized dynamic learning capabilities for threat updates myself, but in the next few months, I will do a lot of it. I have noticed a couple of functions on our current WAF that we have not been using, which I am going to commission. A lot of the configurations were left as default. As the frequency, velocity, and volume of attacks have doubled, I will have my team start using these very soon, but I have not used that dynamic learning yet as far as I am aware.
What needs improvement?
The issue I have with Fortinet FortiAppSec Cloud is that the real-time analysis is not robust; I am unable to see all the logs of everything that happened, including what is passive. It only logs when there are suspicious activities, which means if something is not considered suspicious by Fortinet, I will not see the full picture. That is a disadvantage because it will not log unless it identifies an IOC or attacks, meaning I cannot see traffic information in a way that helps build more intelligence.
The biggest issue I have with Fortinet FortiAppSec Cloud is that the logging is not as extensive as I would prefer. For instance, if there was an issue two days ago and Fortinet FortiAppSec Cloud did not mark it as a concern, I will not see any information about that, making it challenging to explain to customers if their request did not reach us. It hampers visibility from an API perspective. They need to enhance monitoring and logging to be more extensive and capture even passive activities.
The AI integration in Fortinet FortiAppSec Cloud is still new. The generative models are good, but there is much work left to improve. It is not as intelligent as it could be; thus, enhancements around the AI co-assistant would be beneficial. Additionally, logging and monitoring need improvement as I can capture traffic and investigate offline on my Fortinet firewall, including full traffic view, but Fortinet FortiAppSec Cloud currently focuses only on security concerns, which does not give the complete picture.
For how long have I used the solution?
I have been using Fortinet FortiAppSec Cloud for almost five years now; I met it in this institution I work, and it used to be called FortiWAF before it was recently renamed to Fortinet FortiAppSec Cloud.
How are customer service and support?
I rate Fortinet's technical support around six or seven; it is not so great. Despite their wonderful product, if I am a technical person, I can often figure out issues myself. However, before reaching that point with my highly trained team, there have been situations where raising tickets led to slow responses, especially since I typically deal with high-priority issues classified as severity zero. Fortinet does not allow me to raise severity zero tickets, so I have to log and call their support team, which often leaves me waiting on hold for long periods, particularly when dealing with urgent issues.
What was our ROI?
I have seen ROI with Fortinet products. I see ROI almost every month, typically within the first six months. For security devices, ROI is the ratio of their ability to prevent attacks that could cost significantly more. I run a massive fintech, similar to a bank, and whenever someone compromises my environment, they can take away over one billion Naira, which is millions of USD. The combined cost of my Fortinet devices is less than 200 million Naira, and I face over 500,000 attacks a day across all my firewalls, with nearly seven forming my edge devices. Thus, if just one attack gets through, I see it immediately. Therefore, I do have ROI from all the attacks I can clearly see that have been blocked. My favorite Fortinet device is the FortiGate next-gen firewall itself; it is a complete suite with intrusion prevention, intrusion detection, anti-malware, anti-DDoS, and SD-WAN functionalities. It is an impressive device and my top security choice.
What's my experience with pricing, setup cost, and licensing?
I think the pricing of Fortinet FortiAppSec Cloud is reasonable for the flexibility it offers. I have almost ten or more Fortinet devices, including next-gen firewalls, FortiAuthenticators, FortiManagers, and I subscribe to FortiCloud. I have Fortinet FortiAppSec Cloud and was going to buy FortiCNAPP; I am also considering FortiSIEM and FortiAnalyzer. Fortinet's pricing is cheaper than most competitors for its functions, which I appreciate. They made a major change recently regarding the purchasing method. Initially, for a Fortinet BYOL license, I had to buy it perpetually, which made it hard for SMEs due to high entry fees. Now I can pay a subscription bundle instead of a large upfront cost, which makes it more accessible. Although it is still somewhat high, the new option of around $5,000 a year for a four-core SKU is an improvement from the previous $30,000 starting point.
What other advice do I have?
I did use Fortinet FortiAppSec Cloud's advanced bot mitigation temporarily; I might go back on it, but I did temporarily. Fortinet FortiAppSec Cloud's adaptability to traffic patterns helps in mitigating zero-day vulnerabilities; they have helped in a couple of ways, since the pattern recognition is very good. It is my primary WAF, along with a secondary one from Barracuda and a tertiary from Huawei, which has a specific OEM WAF system. I use Fortinet FortiAppSec Cloud across the board due to its excellent pattern recognition and extensive database for attack signatures. I would rate this product eight out of ten overall.
Web protection has improved security posture and prevents advanced bot and zero-day attacks
What is our primary use case?
Fortinet FortiAppSec Cloud is used as a WAF solution.
What is most valuable?
In my opinion, the best features of Fortinet FortiAppSec Cloud are usability and price, which are the two strongest features from Fortinet security products.
We use the advanced bot mitigation, which supports credential stuffing, account takeover prevention, and stopping layer 7 DDoS and OWASP Top 10 attacks.
With the bot mitigation in Fortinet FortiAppSec Cloud, we control end users whenever they connect to our website, checking that they are not bots and allowing access only after verification.
We run AI detection in a testing phase, using both basic and advanced security measures, including API security and XML protection. AI helps by providing machine learning that suggests which policies need tuning and which signatures need to be added to our policy.
Fortinet FortiAppSec Cloud's adaptability to traffic patterns helps mitigate zero-day vulnerabilities through machine learning.
Fortinet FortiAppSec Cloud helps our organization by relying on Fortinet threat intelligence, which provides information on newly emerging zero-day attacks, allowing us to run signatures to stop these attacks.
We utilize the dynamic learning capabilities for threat updates.
What needs improvement?
Real-time traffic analysis has posed an issue for us because we did not see logs for legitimate traffic. A separate license is needed for Fortinet FortiAppSec Cloud to send logs to other cloud servers.
There is room for improvement in Fortinet FortiAppSec Cloud, especially since we need to see legitimate traffic as the current setup only provides logs for malicious traffic.
For how long have I used the solution?
I have been using Fortinet FortiAppSec Cloud for less than one year.
What do I think about the stability of the solution?
We have not seen any lags or crashing, and it is very good regarding stability.
I rate the stability at a 10.
What do I think about the scalability of the solution?
With only three administrators, it is still a scalable solution for my business.
Fortinet FortiAppSec Cloud is very good in scalability as it is a cloud service.
How are customer service and support?
I always give Fortinet's technical support a rating of 10.
How was the initial setup?
The deployment of Fortinet FortiAppSec Cloud is easy to deploy.
Fortinet FortiAppSec Cloud took only two days to fully implement.
What was our ROI?
We have seen a reduction in incidents and a good return on investment from Fortinet FortiAppSec Cloud.
Our return on investment is around 60%.
Which other solutions did I evaluate?
Compared to other solutions such as Imperva, AWS, and Cloudflare, Fortinet FortiAppSec Cloud is the easiest to use and provides great usability.
What other advice do I have?
We are a customer running Fortinet FortiAppSec Cloud for both our organization and one for our customer.
Three users use Fortinet FortiAppSec Cloud.
As administrators, it is easy to maintain.
Using dynamic learning has helped us identify zero-day attacks.
I think Fortinet FortiAppSec Cloud is affordable.
My advice for others looking to implement Fortinet FortiAppSec Cloud is to check their situations beforehand, especially if they want to see logs for legitimate traffic or need legitimate traffic logs on Fortinet FortiAppSec Cloud. This should be reviewed with Fortinet before configuration.
I give this product a 10 rating overall.
Easy-to-Implement AppSec with Strong Signature Detection, Bot Protection, and Cloud Integration
What do you like best about the product?
While we use it as an mirror alternate to AWS WAF for our China accounts, It brings in lot of value ad interms of very less manual effort and almost covers all of our security aspects for both our internal and external apps.
Its Signature based detection and Advanced Bot protection defn needs a praise.
Synthetic Testing, Fabric Connector options really put forti's Appsec in driver position.
Its very easy implementation, to use and configuration and integration with cloud (AWS & Azure market place pfferings) comes in handy.
Its Signature based detection and Advanced Bot protection defn needs a praise.
Synthetic Testing, Fabric Connector options really put forti's Appsec in driver position.
Its very easy implementation, to use and configuration and integration with cloud (AWS & Azure market place pfferings) comes in handy.
What do you dislike about the product?
Just like any other software, its initial setup initial setup can be a head-scratching because the platform offers an overwhelming number of useful but complex options.
Reporting is some what limited which we got to knwo during our training and it pretty much remained the same today.
Reporting is some what limited which we got to knwo during our training and it pretty much remained the same today.
What problems is the product solving and how is that benefiting you?
Since AWS WAF is not allowed in China mainland, we use Forti products to cover our applications in place of this. Due to its general availability in AWS/Azure market place, we sort of setteled on this and it continue to impress us securing our products from almost all attacks.
Because of its powerful and multi option features, it covers all ur firewall needs not just for our application but DNS, ELB's nd other API security needs as part of our hybrid security strategy
Because of its powerful and multi option features, it covers all ur firewall needs not just for our application but DNS, ELB's nd other API security needs as part of our hybrid security strategy
Streamlines Web Security but Needs UI Enhancements
What do you like best about the product?
I really like the ease of deployment and the AI-powered automation in FortiAppSec Cloud, which make protecting and accelerating web apps and APIs much more manageable. The initial setup was very straightforward and I appreciate the unified management and reduced complexity it offers.
What do you dislike about the product?
I find the custom rule tuning tricky at first and the UI/UX lacks intuitiveness. It could use better incident timelines and risk scoring for an overall polish. There's also occasional performance dip or latency under high traffic or complex rules.
What problems is the product solving and how is that benefiting you?
I use FortiAppSec Cloud to protect web apps and APIs, handling issues like false positives, evolving threats, and security challenges.
Secure, User-Friendly with Great Support, Minor Lag Issues
What do you like best about the product?
I really appreciate the ease of access with FortiAppSec Cloud, along with its reliable customer support which is very beneficial for me. The dashboard is also great because it allows us to monitor all activities conveniently. I found the initial setup process to be very easy, and we got everything set up in under one hour.
What do you dislike about the product?
There's some lag in the platform when we reach a large number of endpoints.
What problems is the product solving and how is that benefiting you?
FortiAppSec Cloud helps us deliver secure endpoints in the cloud to customers, with ease of access and reliable customer support.
Robust Protection with Room for UI Improvement
What do you like best about the product?
I like the FortiAppSec Cloud's clean dashboard, which lets me quickly understand what’s happening without digging through endless logs. I also appreciate that I can log in and immediately see what types of attacks are being blocked, where traffic is coming from, and whether there are any unusual spikes. It's our security shield in front of our applications.
What do you dislike about the product?
The UI is clean overall, but sometimes when you're trying to troubleshoot something specific, you have to click around more than you'd like. A more straightforward log search or clearer explanations inside the dashboard would help. The UI is not customizable as well. I would love to see that option.
What problems is the product solving and how is that benefiting you?
I use FortiAppSec Cloud as a security shield for our web apps and APIs, providing deep visibility into traffic, reducing bot activity, preventing web attacks, and simplifying security reporting.
Strong Security but Initial Setup Woes
What do you like best about the product?
I think the automatic security and centralized dashboard in FortiAppSec Cloud are pretty good. It's easy to integrate with Fabric, which is helpful, and it's pretty fast and easy to deploy and scale. The automatic security reduces manual rule tuning, and the centralized dashboard improves visibility and response time. The Fabric integration allows automated threat sharing across network and application layers, which improves both security posture and operational efficiency and also improves application latency.
What do you dislike about the product?
The initial configuration and setup for complex rules can be tricky, which is challenging for first-time users. Also, the UI and UX could be improved, particularly with richer incident storytelling like timeline-based views and smarter risk scoring. Sometimes, there's a bit of performance issue during peak traffic, and there's a lack of detailing in incident reports.
What problems is the product solving and how is that benefiting you?
I use FortiAppSec Cloud to reduce bot traffic, prevent API abuse, and protect from DDoS attacks and credential stuffing. It reduces manual rule management, improves visibility, and enhances security posture and operational efficiency.
Centralized Threat Management, Easy Setup
What do you like best about the product?
I use FortiAppSec Cloud to secure and monitor our web applications and APIs. It helps us detect vulnerabilities, manage security policies, and maintain visibility into potential threats in our cloud environment. FortiAppSec Cloud centralizes monitoring, improves alerting, and helps us respond to risks more efficiently. One of the best features is its centralized board and control center, which offers a consolidated view of application health, threat activity, and policy status in one place. This allows me to quickly see recent alerts, traffic patterns, and any flagged vulnerabilities from a single screen. The initial setup was pretty easy.
What do you dislike about the product?
I think the personalized UI could be improved. I would like to be able to change the data into a format I like, including the color scheme.
What problems is the product solving and how is that benefiting you?
I use FortiAppSec Cloud to secure and monitor our web applications and APIs, centralizing monitoring and improving alerting. It solves the problem of requiring multiple tools and manual effort. I appreciate the consolidated view of application health, threat activity, and policy status from a single dashboard.
Robust WAF Security and Bot Mitigation in a Single Console
What do you like best about the product?
I evaluated it for WAF solution & liked it's security, bot mitigation measures, & everything security under single console. I particularly liked how it's designed to handle coming of age security threats, with agentic AI proliferation.
What do you dislike about the product?
I felt there are improvements possible in it's overall UI/UX experience & onboarding flows, making it a li'll more intuitive & performant will help smoothen the experience
What problems is the product solving and how is that benefiting you?
I like the strong AI driven security approach in its solution & offerings, allowing teams to focus on business problems, modernize their infrastructure with least worries about it's security.
Easy Web and API Security at Scale
What do you like best about the product?
The ease of use and the way it can protect applications and APIs effectively while aggregating all logs into one system that requires little maintenance.
What do you dislike about the product?
Greater reporting and analytics capabilities (more customization, flexibility). Would help with visibility/troubleshooting.
No big problems reported so far, but the product could be a bit more user-friendly and have better reporting.
No big problems reported so far, but the product could be a bit more user-friendly and have better reporting.
What problems is the product solving and how is that benefiting you?
FortiAppSec Cloud offers an answer to the problem of securing web applications and APIs against modern threats, including OWASP Top 10 attacks, bots, and abuse – without increasing operational complexity. To that end, it helps us in mitigating risk, simplifying security administration and increasing visibility of apps.
showing 1 - 10