Micro Focus Fortify on Demand Review

It works to identify security flaws that any of our applications might have.


What is most valuable?

The solution simply identifies any security flaws that any of our applications might have.

How has it helped my organization?

This identification provides us an advantage in that the service itself works to stay abreast and knowledgeable about emerging threats. Rather than have a security team dedicated to that effort, we don’t have to deal with that in a time consuming, direct manner. We don't need to have these skills in-house.

What needs improvement?

I find that while it does find a lot of legitimate threats, it tends to have a lot of false positives, and there are more false positives than I would like to see. It flags threats that sometimes are not, and when we have to investigate that it takes time. If they could improve the intelligence then I think it could really help the system function more efficiently. The dynamic time scan takes about seven days, and this could be a bit quicker. We like to incorporate the scan into every build cycle and if we have to wait for a seven day business cycle it has to go into our scheduling. If that could be improved there would be a lot of happy people.

For how long have I used the solution?

It predates my employment; I’m certain we signed up in 2013 – roughly three years ago.

What was my experience with deployment of the solution?

We have had no issues with the deployment.

What do I think about the stability of the solution?

I would say it’s fairly stable. It’s a web application so of course there are browser hiccups but I would give it a high score for stability. Once in a while there is a page refresh, but nothing major.

What do I think about the scalability of the solution?

We have four applications and we’ve been able to get them all in there, I don’t see it having a limit.

How are customer service and technical support?

Customer Service:

Customer service has been good once we get attention, which comes back to the false positive issue.

Technical Support:

Sometimes the results need clarifications. They could be a bit more responsive as once we get someone the interactions have been good and helpful.

Which solution did I use previously and why did I switch?

This was our first foray into a hosted service.

How was the initial setup?

The deployment was super easy as the interface is straightforward. It was almost too easy.

What other advice do I have?

If you haven’t run any formal scan be prepared for it to come back and be a bit scary.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
1 Comment
author avatarOmar Sánchez (Mr.Tech)
TOP 5LEADERBOARDConsultant

Support is offered through phone and a password-protected web portal, and also through email. In addition, the standard price allows for quarterly updates for the latest security tests for code review. Phone support is available 6 a.m. to 6 p.m. Pacific Standard Time.

Guest
Sign Up with Email