SentinelOne Singularity Cloud Security Reviews

We use PingSafe as a Cloud Native Application Protection tool to identify anomalies or deviations from best practices in our cloud environment.

We chose PingSafe because it meets our compliance requirements.

We have integrated PingSafe with all of our AWS accounts. By default, when PingSafe identifies an issue, it automatically creates a Jira ticket. Our Security Operations Center team then investigates all these Jira tickets and takes appropriate action.

PingSafe is user-friendly.

PingSafe's evidence reporting is valuable for prioritizing and resolving the most critical cloud security issues. Any issue it identifies, whether it warrants a Jira ticket or not, can be directly accessed through a provided link. The PingSafe dashboard then displays all vulnerabilities, including how the issue was identified, the type of scan used, and the affected code location. This can include details from secret scanning, pinpointing the specific repository, file, and location where a secret was leaked within GitHub. This level of detail makes it very easy to verify and prioritize remediation efforts.

We leverage IaC scanning because our infrastructure is defined using Terraform. This allows our DevOps team to proactively identify potential security vulnerabilities. These vulnerabilities can include accidentally embedding secrets directly in the IaC code, such as committing them to the GitHub repository. By utilizing IaC scanning, we can detect such issues and promptly notify the responsible DevOps team member for remediation.

PingSafe helps identify issues in container configuration files early in the development process.

In the past, we relied on multiple tools for latency scanning and Kubernetes security scanning. This meant using separate portals and logging tickets manually in Jira. Now, with PingSafe, we have a centralized solution. It provides a single point of access for everything, from security issues to the latest threat intelligence reports. This makes it user-friendly and saves our team significant time. We can investigate issues more efficiently and even create Jira tickets directly within PingSafe, eliminating the need for manual logging. Overall, PingSafe offers both time savings and improved accuracy.

The real-time detection offered by PingSafe is crucial because we manage all our data using Kubernetes. This makes it critical to identify any vulnerabilities within the running dependencies.

We rely on PingSafe's comprehensive compliance monitoring to maintain regulatory compliance. We utilize all its features to maximize its effectiveness.

PingSafe has a user-friendly interface. It provides a visual flow diagram that makes it easy to navigate between different AWS accounts and services. When we receive an alert, we can quickly see which account and service it's related to. Overall, it's a well-designed tool.

PingSafe has removed 80 percent of our false positives.

PingSafe has improved our mean time to detection by 100 percent.

PingSafe has reduced our mean time to remediation by 70 percent. This is because we can now quickly obtain a list of all issue tickets logged in Jira, allowing our SoC team to take action on them promptly.

PingSafe improved the collaboration between the cloud developers and AppSec teams.

Having a system that can identify and alert us to misconfigurations in our 3 data storage buckets is helpful for our organization's penetration testers. Since all our company data resides on cloud platforms, PingSafe allows the AppSec team to automatically detect vulnerabilities before manual penetration testing begins. While this automation might seem to reduce the AppSec team's workload for cloud security specifically, it would ultimately benefit both teams. The security operations team would be relieved of the burden of manually logging and ticketing every issue identified within AWS services.

PingSafe has helped save 90 percent of the engineering team's time.

We have successfully integrated PingSafe with AWS and have also integrated the GitHub organization. These integrations were implemented to identify potential issues on our cloud platform. PingSafe is also used for IaC and secret scanning within our organization. Fortunately, these integrations have been running smoothly and haven't caused any problems.

PingSafe's graph explorer is a valuable tool that lets us visualize all connected services. For instance, we can see all running Kubernetes clusters, including their components and nodes. If there are any problems with cluster components or nodes, the graph explorer will highlight them, allowing us to easily address the issues.

The threat intelligence section also focuses on identifying new vulnerabilities emerging in the market. PingSafe scans our existing infrastructure to pinpoint all affected resources. This allows us to easily identify any at-risk resources with a single click.

PingSafe can improve by eliminating 100 percent of the false positives.

Another area of improvement is for PingSafe to auto-remediate the alerts. 

I have been using PingSafe for 6 months.

I would rate the stability of PingSafe 10 out of 10.

I would rate the scalability of PingSafe 10 out of 10.

We connect with the PingSafe technical support on Slack and they are always helpful and knowledgable. They can help with any of our questions and issues.

Positive

In the past, we relied on open-source tools like Terraform scanning and Gitleaks to scan our infrastructure as code and identify secrets. However, this approach demanded significant manpower and time investment, and we were inundated with false positives. To address these challenges, we transitioned to PingSafe.

I would rate PingSafe 9 out of 10.

For our organization, PingSafe must include evidence of exploitability in its evidence-based reporting and it does.

We have 6 people in our organization that utilize PingSafe.

PingSafe does not require maintenance from our end.

I recommend PingSafe to others because it offers several advantages. One key benefit is that it saves a significant amount of manpower. This frees up our security engineers to focus on other assigned tasks. PingSafe is a valuable tool for automating tasks.

I work for an insurance company whose infrastructure is on the cloud, so we use PingSafe for security management and vulnerability detection. 

PingSafe is a valuable tool for managing infrastructure security. It offers advanced features like container security management, microservices security management, and Configuration Drift Remediation, which helps identify and address unauthorized configuration changes. These features are comprehensive and adaptable. Even for custom infrastructure modifications, such as XYZ, the PingSafe team can be contacted for guidance and policy adjustments to ensure a smooth adoption process.

Infrastructure as Code is valuable because the code itself defines the infrastructure. This means any vulnerabilities or misconfigurations in the IaC code will be deployed to our infrastructure. However, IaC tools can scan the code and alert us to potential problems before deployment, allowing us to fix them proactively.

We saw the benefits of PingSafe immediately.

It helped reduce the amount of false positives.

It has reduced our mean time to detection and remediation.

PingSafe improved collaboration between our cloud security developers and the application security teams.

The collaboration helped us save time, which is one of the reasons we have continued to use PingSafe.

The cloud misconfiguration is the most valuable feature. It highlights any misconfiguration that can make our infrastructure vulnerable.

I would like PingSafe to add real-time detection of vulnerabilities and cloud misconfigurations.

I have been using PingSafe for almost 2 years.

I would rate the stability of PingSafe 10 out of 10.

I would rate the scalability of PingSafe 10 out of 10.

The technical support is good. They are knowledgeable and prompt.

Positive

The deployment was straightforward. One person was required from our end.

The implementation process itself was very smooth. The PingSafe team provided excellent assistance in integrating the solution with our existing infrastructure and account. This made the integration process hassle-free. We've also recently integrated a new CDR feature using PingSafe.

I would rate PingSafe 10 out of 10.

No maintenance is required for PingSafe.

Once you've acquired PingSafe, it's essential to review all your existing organizational policies. If these policies are compatible with your infrastructure, you can proceed without modifications. However, if there are any incompatibilities, you'll need to make adjustments to ensure your infrastructure triggers accurate alerts. Skipping this step can lead to a flood of false positives.

Cloud Native Security helps us identify security issues related to cloud configuration and containers. We leverage cloud synchronization for real-time incident notification.

Cloud Native Security is easy to use. Its user-friendly features make integrating new tools a breeze. Everything can be connected through a simple API. The intuitive dashboard and effortless ticket submission further enhance the user experience.

One of Cloud Native Security's most valuable features is its offensive security engine. This engine excels at identifying vulnerabilities caused by misconfigurations, which could potentially be exploited by external attackers. In these cases, Cloud Native Security's offensive security engine findings are highly accurate, with a proven positive detection rate.

Cloud Native Security has helped reduce the false positive rate. The reduction in false positives has improved our operations.

As a small startup, implementing all security best practices across the organization can be challenging. Additionally, security awareness may not be widespread. However, Cloud Native Security, a cloud-based security tool, helps us address these limitations. Cloud Native Security acts as a vigilant watchdog, continuously monitoring our infrastructure for misconfigurations. This includes detecting unauthorized access attempts, such as someone opening a specific port or granting historical access from an external AWS account. By integrating Cloud Native Security with our Slack channel, we receive immediate alerts whenever such suspicious activity occurs. The notification will highlight the potential risk and provide details, allowing us to investigate and take prompt action. Previously, we unknowingly stored sensitive information, known as hard-coded secrets, in our public GitHub repository. Since integrating Cloud Native Security with GitHub, these secrets are identified immediately and flagged through Slack alerts. This enables us to address the issue swiftly and reduce our overall security exposure.

It is far more effective at reducing our meantime to detection compared to the open-source solution we used previously.

Cloud Native Security's findings have led to increased collaboration with our infrastructure team. While our application is a separate product and doesn't reside in the cloud, Cloud Native Security has still proven valuable in this way.

Cloud Native Security's best feature is its ability to identify hard-coded secrets during pull request reviews. This helped my organization identify nearly 10,000 secrets added across our repositories, many of which had a significant security impact. Integrating Cloud Native Security with GitHub alone allowed us to identify all these secrets. This is a key feature that has been instrumental in improving our security posture through testing.

Secondly, Cloud Native Security's cloud SIEM feature has been essential in preventing our most critical security incidents.

We are experiencing problems with Cloud Native Security reporting. Our organization primarily uses Jira for issue tracking. While Cloud Native Security offers input options for reporting vulnerabilities, the "connect action" it provides to link issues isn't replicating information to Jira. This is happening for approximately half of the company and is causing difficulties for developers and stakeholders in fully understanding the reported issues.

Cloud Native Security's proof of exploitability is not that useful when it relates to container images. More detail should be included in the reporting.

Cloud Native Security can identify hard-coded secrets within our code and tell us if they're valid or not. However, in some cases, Cloud Native Security may flag a valid secret as hard-coded without specifying its exact location within the codebase. This lack of detail makes it difficult for developers to identify where the secret is used. Ideally, Cloud Native Security should provide the specific location of valid hard-coded secrets. This would significantly improve the developer experience by allowing them to easily locate and manage these secrets.

Cloud Native Security integrates with Jira and Slack through APIs, which is great. However, I would also like to see Cloud Native Security offer APIs that allow us to directly build dashboards within the platform. This would be incredibly helpful for visualizing vulnerabilities, security settings, and Cloud Native Security usage reports. Imagine if Cloud Native Security provided these APIs. We could create custom dashboards for specific purposes, like offensive security, cloud misconfiguration monitoring, or even integrating ISS scans. Essentially, any customer could easily build dashboards tailored to their needs. Unfortunately, Cloud Native Security doesn't currently offer this functionality. Other security products provide this level of customization. Adding this feature to Cloud Native Security would significantly improve its overall solution. 

I have been using Cloud Native Security for two years.

Cloud Native Security is extremely stable and we have not encountered any issues.

Cloud Native Security is scalable.

We contact technical support weekly. They are helpful and respond quickly. Additionally, there is a built-in chatbot that allows us to submit support tickets.

Positive

We also rely on AWS built-in features that alert us if there are any misconfigurations along with Cloud Native Security.

Regarding the license model, I believe their approach is appropriate based on the customer workload data we're tracking. It seems like an ideal way to proceed.

For pricing, it currently seems to be in line with market rates. However, I recall Cloud Native Security charging a slightly higher premium previously.

I would rate Cloud Native Security nine out of ten.

We receive notifications from Cloud Native Security whenever maintenance is required, and they provide instructions to complete the process.

New users should be prepared to have a dedicated staff member manage Cloud Native Security. This person will handle alerts, configurations, and integrations. You should continuously evaluate all the findings that Cloud Native Security provides, as it performs daily scans. However, it's possible to miss vulnerabilities that have already been fixed. Therefore, careful attention is needed when raising issues with developers. To optimize your use of Cloud Native Security and potentially reduce workload, consider providing feedback to improve the product. Additionally, try to utilize as many features as possible, as they can all have a positive impact on your organization's infrastructure.

We have an environment in the cloud where we have a bunch of EC2 instances and S3 buckets. We have the SentinelOne agent installed on all of our EC2 instances, to monitor our environment, so we use it quite frequently.

We needed cloud-based endpoint protection that we could install to get a single pane of glass into our security environment. Specifically, we needed to see the version usage of the applications to ensure we didn't have any outdated applications.

It has definitely helped reduce our mean time to detect. It's much quicker than with our last platform. Singularity has also helped free up our staff to work on other projects. We don't usually come into the console unless we get an alert. In that sense, we have been working on many other projects in the last year. Now that everything is set up and running smoothly, we haven't had to spend as much time in the console as before.

And when I consider the solution's impact on overall productivity, features such as the reporting have helped. When we need to run a report on how many endpoints we have in our environment for regulatory requirements, we use the reporting feature of Singularity because we know it's installed on every endpoint, giving us full visibility. From a reporting standpoint, it has certainly helped us.

We really appreciate the Slack integration. When we have an incident, we get an instant notification. We also use Joe Sandbox, which Singularity can integrate with, so we can verify if a threat is legitimate. The third feature we use most often is the VirusTotal integration. That allows us to take the hash of a threat or virus and open it up in VirusTotal.

Also, it's amazing how quickly its real-time detection and response capabilities come through. There have been multiple times where either my coworker or I will be working on something—even in our elevated environment, and even just running a script. We wouldn't expect a pop-up, but it's good to know that it's checking for those anomalies, detecting them, and notifying us of them instantly. We love that feature.

In terms of the historical data record provided by Singularity after an attack, we like to use the Storyline feature for deep dives and threat hunting if needed. It has been very useful in our operations. We can see different event types on each endpoint, which comes in handy. Using the Storyline feature, we can dig in much quicker, connect the dots, and see what caused the alert. So it has quickened remediation.

And the SentinelOne Cloud engine detection types are useful when trying to determine whether a threat could be legitimate or a false positive.

One of our use cases was setting up a firewall for our endpoints, specifically for our remote users. We have a firewall on-premises that comes into play when someone is at our main campus. But we needed something more for our remote users. We were hoping to utilize SentinelOne's firewall capabilities, but there were limitations on how many URLs we could implement. Because of those limitations on the number of URLs, we weren't able to utilize that feature in the way we had hoped to.

I have been using SentinelOne Singularity Cloud for about two years.

Singularity has been very stable. It has never lagged or crashed that I've noticed. In my experience, there has been 100 percent uptime.

The interoperability with AWS has been very straightforward and streamlined, without any major bugs or issues that I've come across.

Its scalability is one of the main reasons we chose SentinelOne. Because it's hosted in the cloud, we can install as many agents as we're licensed for. We've never gone over that limit. As new servers and endpoints come online, it's easy to deploy. It's built into the image.

We do have a unique use case regarding scalability. We use a VDI environment in Azure, and it works. We haven't had any issues. But when we need to run updates on those machines, we have to rebuild the image. We can't have the agent built into the image because of our rebuild process. That makes it a manual process for us every month when we redeploy those desktops. We have it scripted out with a PowerShell script that helps, but it's a manual step for us. That's one area we're trying to address from a scalability standpoint.

As for auto-scaling, we're more of a static environment for most of our endpoints. The VDI is our only more fluid environment, since our VDI endpoints go up and down based on usage. Once the agent has been deployed to those images, the auto-scaling works flawlessly, and we haven't had any issues there.

We used ESET, but the decision to go with Singularity was made before my time with the company.

We have a couple different deployments: our end-user endpoints and our server fleet. I was involved with the server deployment. It was very straightforward, and we didn't run into any issues during that deployment.

The only maintenance involved is when we need to whitelist an application. For example, if a new user installs an application, we might get a false-positive pop-up. That's really the only maintenance we have to do.

We did it ourselves, and there were four people involved.

It's a fair price for what you get. We are happy with the price as it stands.

My advice is that if you want an easy-to-deploy solution where you can have a single pane of glass to get visibility into all of your endpoints and applications, and run reports on those application versions, Singularity makes it a very easy-to-use, straightforward, and streamlined process that has helped us over and over again.

If someone thinks they don't need Singularity because they already have a continuous security monitoring solution in place, using SentinelOne gives us an overarching view from the single console, giving us the entire picture of the timeline of events that happened. Going through the timeline and connecting those dots really helps when threat hunting. It helps to get the full picture instead of just a specific point in time, which is the way some of the legacy antivirus programs work.

The solution has an automated remediation feature, but we don't currently use it because we are a smaller team. We like to remediate manually. For the time being, we haven't had a reason to use the automation feature yet.

One area we're trying to innovate more in is the AWS Security Hub. Singularity, in their marketplace, has a couple of apps related to that. We're trying to build more automations within AWS Security Hub to get better overall visibility, not only of our EC2 endpoints but of our applications as well.

SentinelOne Singularity Cloud Security is deployed on all our servers except for user machines. When Singularity identifies a downloaded application as malicious, it triggers an alert sent to our SIEM console. We can then investigate the alert details, including associated logs, to determine if the malware is static or actively malicious. We can also investigate suspicious IP addresses or domains. Additionally, Singularity monitors process creation and can provide forensic data on security incidents, including information about backdoor connections and the applications involved, like Chrome or other browsers.

SentinelOne Singularity Cloud Security stands out for its user-friendliness compared to competitors like CrowdStrike, FireEye HX, and Microsoft Defender. Unlike these tools, which can be cumbersome for tasks like running queries or searching for logs, Singularity offers intuitive interfaces and delivers results in seconds, even for complex searches across various hash formats, like MD5, SHA256, etc., without needing conversion.

Our existing SIEM console allows us to analyze alerts triggered by the SOC team. We can investigate potential false positives or conduct tests directly within the console. Additionally, the console facilitates quick searches for IOCs to identify malicious communications. Furthermore, Singularity Cloud Security offers a central management console for automated machine reboots, containment, and even self-maintenance in response to high-severity security alerts. This eliminates the need for manual intervention.

We saw the benefits of SentinelOne Singularity Cloud Security within the first two months of transitioning from FireEye HX. Singularity was easy to manage, and we were able to identify vulnerabilities.

SentinelOne Singularity Cloud Security has helped reduce the false positives we receive by 15 percent compared to FireEye HX.

Singularity has helped reduce our mean time to detect. The automatic containment of the infected machine is done within the first ten seconds of detection.

Singularity has helped reduce our mean time to remediate. 

The user-friendliness is the most valuable feature.

SentinelOne Singularity Cloud Security offers a custom search function with a default 14-day limit. Extending this period to 30 days requires an additional license. A two-month grace period for extended searches would be a valuable improvement. Additionally, enhancements to the threat-hunting capabilities of the hunter module are recommended.

I have been using SentinelOne Singularity Cloud Security for two years.

We had an incident in which they pushed a patch without notifying us and without testing, damaging all of our security controls. 

Neutral

We previously used FireEye HX but shifted to Singularity because we saw the potential while the POC was going on. The top three endpoint security solutions are SentinelOne Singularity, Microsoft Defender, and CrowdStrike. FireEye HX is not one of them.

The initial deployment's complexity was moderate. The entire deployment took six months to complete.

The implementation was completed with the help of the vendor.

I would rate SentinelOne Singularity Cloud Security seven out of ten. The lack of a 60-day search option for the log source lowers the overall score.

The endpoint security team does the maintenance.

SentinelOne Singularity Cloud Security is a good product that is easy to use. 

We leverage PingSafe for cloud security posture management, which continuously monitors our cloud configuration for vulnerabilities. When PingSafe detects an issue, we prioritize the alert from our cloud-native security solution and route it directly to the DevOps team for remediation.

We have PingSafe deployed on AWS, Azure, and GCP.

PingSafe has significantly reduced the number of false positives in our cloud-native security environment from 30 percent down to five percent. This is especially helpful since we receive notifications and alerts from various sources like AWS and Cloudflare, all with their own security policies. With PingSafe, I feel confident that these alerts are accurate, reducing the workload on our security team and giving us peace of mind for the past two years.

The threat detection capabilities have improved our overall security by safeguarding our cloud data transfers, and protecting both incoming and outgoing files.

With a large number of domains under our management, PingSafe's incident response feature is crucial for identifying and swiftly addressing any data corruption issues that may arise within them.

PingSafe has a user-friendly interface, making it a breeze to learn the fundamentals and navigate the dashboard.

Our Infrastructure as Code effectively identifies potential problems in templates and configuration files during the preproduction phase. This information is then relayed to our support team who can address these issues proactively.

Before implementing PingSafe, our cloud security was inadequate, resulting in inaccurate data visibility. To ensure complete data encryption and client invisibility, we adopted PingSafe, which successfully secured our cloud environment.

Reducing false positives has strengthened our security posture. While we transitioned from Prisma Cloud to PingSafe for our GCP and AWS environments, Prisma offered more advanced features. However, PingSafe prioritizes customer requests, addressing security needs faster than Prisma's release cycle, ultimately improving our security efficiency.

PingSafe has strengthened our risk posture by implementing access controls to ensure only authorized personnel can reach our data, and by safeguarding it to minimize security risks.

PingSafe has reduced our mean time to detection by 15 percent.

The implementation of PingSafe has improved collaboration between our cloud security application developers and AppSec teams. By granting those teams write access, PingSafe streamlines interaction and fosters a more efficient working environment.

Our engineering time has been saved thanks to the visibility that PingSafe provides.

The visibility PingSafe provides into the Cloud environment is a valuable feature.

The user interface is well-designed and easy to use, and retrieving data is smooth and effortless. 

PingSafe's cloud filtering has a limitation: implementing single sign-on requires a pre-class account feature, which is currently not available.

I have been using PingSafe for one year.

I would rate the stability of PingSafe seven out of ten. It is stable when it comes to securing our data.

I would rate the scalability of PingSafe eight out of ten. We have scaled many times.

The technical support team is both responsive and efficient, promptly resolving our issues.

Positive

While Prisma Cloud initially managed our cloud security, their slow feature implementation ultimately led us to switch to PingSafe. PingSafe's responsiveness in delivering the features we need has been a major improvement. Also, the visibility and dashboard of PingSafe are superior.

The deployment of PingSafe spanned several weeks as each cloud platform we deployed it on required one to two weeks for the process to complete.

PingSafe is affordable.

I would rate PingSafe seven out of ten.

We have around 20,000 users and have PingSafe deployed in multiple locations.

While PingSafe does require maintenance, our engineering team prioritizes keeping it up-to-date to ensure the accuracy and security of the data that underpins our cloud security posture.

I recommend PingSafe to others.

We use the tool for cloud security management. We check the vulnerabilities in the cloud during the configuration phase using PingSafe. We check how many cloud assets are being covered and how many issues have been identified from multiple cloud assets. We check different types of issues. We look into cloud network configuration, Offensive Security, Kubernetes security, and vulnerabilities. We also use the ThreatWatch option to check for active attacks happening worldwide. We can also check compliance, analytics, and asset inventory. We use the tool in multiple locations.

Without the product, we cannot know the configurations and the issues that are present in the cloud assets. PingSafe helps us to know such details easily. It guides us and shows the flaws or vulnerabilities present in the cloud assets. It also provides good remediation processes with screenshots. It is easy to tackle and remediate the issues present in the cloud assets.

The solution provides detailed visibility into the security state of the assets and workloads across all the platforms. The remediation process is good. It clearly provides every step required in the resolution with screenshot links. I like it very much. The product helps us identify the misconfigurations and flaws present in our organization. We meet with the concerned teams and resolve the issues. It helps us a lot by finding all the issues in the cloud assets.

We use the solution's agentless vulnerability scanning. There are different categories in the product. It is useful for us that PingSafe includes proof of exploitability in its evidence-based reporting. It is required for every company that uses clouds. PingSafe has helped reduce the number of false positives we deal with. Most of the time, we do not get false positives. It is usually below 10%.

The product has improved our risk posture by 50%. We can detect vulnerabilities faster. PingSafe has sped up the process by 80% to 90%. PingSafe provides us with the remediation process. It has reduced the mean time to remediate. Without the tool, we wouldn't know the process to remediate. We can get some things on Google, but the product provides the exact process we need to follow. The solution improves the mean time to remediate by 70%. It is a very helpful tool for remediation.

PingSafe is a collaborative tool. It is very easy to use. Anyone can easily use it. We can easily check the flaws and collaborate with other teams. PingSafe has helped us save engineering time by 50%. We use other tools for compliance. We have endpoint security solutions and antivirus products for normal assets. Similarly, we need a tool for the cloud assets. I will recommend PingSafe to everyone who uses the cloud.

Under the containers section, we have a cluster. It is a link between the organization and PingSafe. We don't get any notifications from PingSafe when the clusters are down. The PingSafe database doesn't receive any updates. It doesn't trigger any alerts. We must check things manually. It must be improved in future releases. If notifications are available, then it will be more helpful, easy, and time-saving. We can easily contact the team, check why the cluster is down, and restart things.

I have been using the solution for one and a half years.

The solution is stable. I rate the stability an eight out of ten.

We have eight users in our organization. The solution does not need any maintenance. I rate the scalability a nine out of ten.

The technical support is good. The team responds within 24 hours and resolves all the issues we raise. The team also arranges monthly meetings for updates. The support team educates us about the upcoming updates in the tool. The team helps us if an individual or a team has issues with PingSafe. The support people also help us with the remediation process if we are stuck at any stage.

Positive

The tool is deployed on the cloud. The deployment can be done in a day. One or two people from our organization and two to three people from the development team of PingSafe were involved in the deployment. The solution was easy to deploy. It was not complicated.

The product has saved us time, money, and resources. We have saved 80% of time, 20% of resources, and 80% of money.

The tool is cost-effective. It is neither cheap nor expensive.

The tool is easy to use. Compared to other products, PingSafe is the most easy to use. There are different severity categories, such as critical, high, medium, and low. We get notifications for critical things. Critical issues have the highest priority. The ability to prioritize the issues is helpful for us.

Overall, I rate the product an eight out of ten.

We primarily use PingSafe for compliance purposes because we work with banks and the fintech industry, so we must follow some standards like PCI DSS.

We use PingSafe for compliance and security purposes, and it has helped a lot. We face many audits, and during each audit, we must conduct a vulnerability assessment. PingSafe gives us a list of vulnerabilities that we remediate to raise our compliance score. It's our only tool for vulnerability assessments. The benefits are mostly immediate. PingSafe helped reduce the number of false positives, which has been difficult.

We like PingSafe's vulnerability assessment and management features, and its vulnerability databases. The interface isn't too complex. It's quite easy to use. The agentless vulnerability scan is the feature we use the most.

The categorization of the results from the vulnerability assessment could be improved. 

We have used PingSafe for 2 years. 

I have never faced any downtime.

PingSafe's scalability is quite good. We have multiple projects, and scalability isn't an issue. 

I rate PingSafe 8 out of 10 based on the features I have used. I haven't used all the features, but I give the vulnerability and compliance features 8 out of 10. I can recommend PingSafe for vulnerability scanning and compliance. There are many competitors, but I find PingSafe quite good, which is why we haven't switched to something else for the past 2 years.