We have multiple environments. Some applications are in Oracle Cloud, some are in Azure, some are in GCP, and some are on-prem. We wanted a single solution for web applications, and that's why we chose FortiWeb. In the case of the cloud, we don't even have to manage it. It's a managed service from Fortinet.
We have not been using it for a very long time. It has only been eight months, and so far, there have been two main benefits. The first benefit is that if I have an on-prem solution, I can buy their hardware and deploy it, but the configuration is the same. If I have a cloud, I can use FortiWeb as a service or as a virtual machine. It depends on requirements, but the configuration remains the same. The configuration doesn't change. We have a lot of global parts and a lot of teams are working on it, so it gets easy to communicate and verify the configuration and create a baseline.
Costing is another benefit. The cost is based on the traffic. If an application is used, we pay for it, but if it's not used, we don't have to pay for it. With other solutions, we have to buy the solution, and then we have to purchase or take licenses. If they aren't used, we are just burning money without any use.
We are using anomaly detection and bot mitigation. In terms of anomaly detection, it is able to find the behavior. We have some applications where normal users are logging from India, and if the behavior changes, it gives us an alert, but in terms of bot mitigation, I haven't found much.
It's easy to use. I don't have to do any changes in my environment. For example, if I use Azure WAF, I have to use a traffic gateway, load balancer, or something similar, whereas, with FortiWeb, I don't have to change any architecture. I just have to change my DNS entry. That's it. If I'm able to change my DNS entry, FortiWeb works.
Adding new applications is also quite easy. You just add the application and change the DNS settings, and you are good to go. Whether you want to block or unblock, or you want the learning mode or protection mode, you can enable or disable it with just one click, and you are good to go. Most of the settings are already there if you want to tweak them. It has a GUI. You must have to click here and there. The documentation is also good. If I don't know something, their documentation is quite helpful. A lot of people are using Fortinet, so YouTube videos and articles are also available.
The configuration part is easy. The configuration and implementation process is streamlined. We don't have to change anything. We don't have to follow 10 processes. It's a single process with which everybody is familiar. Manpower and manhours are saved because a lot of discussions are avoided. It also helps us in creating a baseline. We now have a baseline of what we need. So, from an instant response point of view, it's easy for us because we are getting the same results out of it.
It has reduced false positives. As compared to my old solution, there is at least a 17% to 18% reduction.
It has reduced the number of alerts that our organization receives. There is a 50% to 60% reduction in alerts.
It has saved us time. We were spending around three to four days setting up our old solution, whereas now, we are spending a maximum of four hours.