Contrast Security Protect Reviews

Our use case is normal support on top of the WAF for protecting our environment. We have it on the development side and the production side. We're not using it much anymore because we had some performance issues.

Protect provides us with more in-depth visibility into ongoing attacks. 

Protect's reporting GUI is very basic. To get all statuses from the APIs, we needed to write our own KPI dashboard to provide reports. 

I think the product is solid, but it uses twice the resources, so you need to increase memory and CPU in order to utilize the product.

I haven't had trouble with scaling, but we're not protecting a large environment. However, we have a lot of transactions. Our testing benchmark is 30 users per second, but I don't know what the real throughput is.

Contrast Security's support is great. They're willing to spend a lot of time on your problem. When we were optimizing CPU utilization, they spent a lot of time working with us to try to bring that down. They've been awesome. 

The initial setup is straightforward if you know how to implement the agents in your environment. You need basic experience with onboarding applications. To use Contrast with something like AppDetective, the RASP project has to be loaded first before the monitoring application.

Protect costs around $100,000 for a three-year license. 

I rate Contrast Security Protect eight out of 10. Overall, it's a solid product, but I deduct a couple of points because of the interface and some shortcomings in the reporting. 

If you have a large enterprise where you're dealing with a lot of servers, then it makes sense not to use the internal MySQL database. You should use something like Oracle or Microsoft SQL, but if you don't have many transactions, the embedded MySQL database works great.

We use the product for DevSecOps. 

The product gives a few false positives. We get 99 percent true positives. 

Contrast Security Protect needs to improve integration. 

I have been using the product for a year. 

Contrast Security Protect is stable. 

The solution is scalable. My company has ten users. 

We take help from the support team. We raise a ticket, and they help us. It is easy and good. They offer us the solution within 30 minutes to one hour. 

Positive

The tool's deployment is neither easy nor difficult. It is a tedious task that requires a reasonable amount of time and effort. 

Contrast Security Protect is worth its money. 

I rate Contrast Security Protect an eight out of ten. 

This typical use case was a situation where there are mature Java applications that will be replaced by a new system. However, the new apps will not be available for some time and the existing apps need to be secured until then.

The customer deployed Protect with their current apps and Protect was able to detect attempted exploits and report the vulnerabilities and details of the attacks in real-time.

The Protect solution allows applications to continue to run, even with known vulnerabilities, but will report or block attempts to exploit the vulnerabilities.  

The product can be configured to either notify or block activity that attempts to exploit a vulnerability. If it blocks the attack, but permits the application to run, blocking only the attacking transactions.  Attack details are sent to the customer SIEM in real-time. 

This company used Contrast products (Protect and Assess) as a way to reduce the cost of penetration testing and accelerate release cycles.

Additional languages and platforms - on the product roadmap.

I've used the solution for almost three years at this point. We've been using it over the last 12 months.

No problems with stability. Occasional a minor problem with a new release, but quickly resolved.  

In terms of general stability, there is nothing out of the ordinary and there's not anything that would be a flag for using it.

The scalability is great. The SaaS side of the solution is very strong. Their ability to serve a lot of applications or a lot of developers at the same time is great. They've solved the cloud side of it. As they serve more big customers, Contrast better understands what those customers need in terms of actionable results. 

There have been improvements and continued refinements in the ability to filter and connect. Notifications can be done in anything from email to Slack, to something more generic. It can scale, there's no question.

Tech support gets very high ratings. They're responsive and knowledgeable. They're available and if there's something that's escalated, it gets the necessary attention. There are daily escalation meetings that get attention at a very high-level to prioritize issues. 

It's actually very straightforward to deploy. The complexities generally reflect the complexities of the overall system and environment. For example, the apps may be hosted at many different locations across multiple business units. 

Protect also has integrations with other tools, such as logging and SIEM products.

The solution's setup complications just typically reflect what's unique about the customer's environment due to the nature of the company. 

Protect pricing is based on the number of application, but the price depends on the overall relationship. 

I'm not sure which version of the solution we're using. We updated the product about a year ago and at that time it was the latest.

The product has an agent that's deployed wherever the applications are running, whether that's on-prem or in the cloud. It connects with our service, which is SaaS, which is in the cloud. From there it provides a dashboard, a console of activities, and other integrations.

I would recommend the solution. It's a way to provide the protection until a future release or a re-work of that whole application set. 

Overall, I would rate the solution at a nine out of ten. It's a very strong product overall.