SentinelOne Singularity Cloud Security Reviews

We use PingSafe to improve our security posture through evidence-based alerts by detecting and mitigating vulnerabilities.

We sought a CSPM solution that could be configured to adhere to the security policies of our required integrations. PingSafe stood out as a strong candidate due to its compliance with industry standards like ISO and its ability to provide valuable security insights.

PingSafe is a SaaS solution.

PingSafe boasts a user-friendly interface that avoids information overload. The clean layout allows for easy navigation, even for new users, while still offering the ability to delve deeper into the data for a more granular view.

I would rate the evidence-based reporting of PingSafe an eight out of ten.

PingSafe's proof of exploitability is invaluable because it allows us to demonstrate the root cause of security issues to stakeholders clearly and concisely, streamlining the remediation process.

I would rate the offensive security engine's ability to assess and verify exploit paths and prioritize breach potential a nine out of ten.

The easy-to-use UI helps our security team review evidence from a single dashboard.

PingSafe has broadened our viewpoint within our environment, allowing us to see things from multiple angles. This wider perspective provides greater assurance to our team and the entire enterprise.

It has helped reduce around ten percent of the false positives.

Thanks to PingSafe, our cloud security posture has significantly improved. We've effectively mitigated critical and high vulnerabilities, achieving a strong security position from a CSPM perspective.

PingSafe has impacted collaboration between our cloud security application developers and AppSec teams. To address this, we've granted controlled access to PingSafe for all relevant teams. We've also encouraged its use by providing training on the tool itself.

PingSafe stands out for its user-friendly interface and intuitive software, making it easy to navigate and use. It excels at presenting remediation steps in a clear and actionable way. Additionally, the reporting capabilities ensure we maintain compliance. However, the most valuable feature for us is the ability to conduct authentic security testing, providing real-world insights into our vulnerabilities.

The vulnerability scanner generates a high number of false positives that it flags as alerts, even though they're not actual threats. This suggests a configuration issue. We need to address this, especially since some of these flagged vulnerabilities have already been mitigated by other means.

The compliance monitoring dashboard, while helpful, doesn't integrate seamlessly with our entire system. This creates a disconnect: a high volume of alerts doesn't necessarily reflect a decline in compliance. For instance, I might have a thousand alerts on my ISO-related compliance dashboard, yet the compliance itself remains at 99.99 percent. This inconsistency makes it difficult to justify remediating every alert. In other words, I might give a clean bill of health from a compliance standpoint, yet still expect them to resolve the alert, which can be confusing. Therefore, we need to address either the way the dashboard generates alerts or the way we create them. Ideally, alerts should be directly tied to compliance standards and have a clear role in the overall compliance process. If they don't meet these criteria, perhaps they shouldn't be flagged as high or critical in severity.

Crafting customized policies can be tricky. Take creating our own, for instance. It requires a deep dive into the customization options, as the language used can be complex and demands a certain level of skill.

Since Sentinel's acquisition of PingSafe, there has been a decline in both the frequency of new releases and the quality of support. Previously, PingSafe was known for its proactive approach.

PingSafe utilizes additional modules besides CSPN. Ideally, there should be a correlation between these systems. This would ensure that the assets we review for vulnerabilities within PingSafe are consistent with those reviewed in CSPN. This consistency would simplify the process, allowing us to focus on a single review level. This level could be defined from a configuration perspective or by a compliance standard, such as the web application itself. If PingSafe migrates data, this correlation between systems would be especially beneficial to ensure continued integration with all modules.

I have been using PingSafe for six months.

The core modules of PingSafe are stable but some of their new features had bugs in them.

I would rate the stability of PingSafe seven out of ten.

I would rate the scalability of PingSafe ten out of ten.

The technical support is good.

Positive

We've added PingSafe to our existing Palo Alto Prisma Cloud environment. This will allow us to directly compare the results of the two tools.

The implementation is straightforward and takes a couple of days to complete.

We had five to ten people involved, excluding the PingSafe developers.

I would rate PingSafe eight out of ten.

We have PingSafe accessible in multiple departments with a total of 20 users.

There is no maintenance required from our end.

While PingSafe advertises itself as a Cloud-Native Application Protection Platform solution, it offers some CNAPP functionalities but doesn't provide a fully comprehensive picture of your cloud security posture. In essence, it has some CNAPP capabilities, but it's not a complete CNAPP solution yet.

In my organization, we use SentinelOne Singularity Cloud Security to enhance our security posture. The platform provides alerts and recommendations on best practices, policies, and necessary updates to strengthen our infrastructure security.

We implemented SentinelOne Singularity Cloud Security to strengthen our security posture. Previously, we lacked clear guidance on best practices, including password reset policies, patching procedures, and VM updates. SentinelOne provides these best practices and recommendations, significantly improving our infrastructure security.

SentinelOne Singularity Cloud Security is user-friendly.

Evidence-based reporting helps prioritize and solve cloud security issues. When an issue occurs in my infrastructure, I receive an alert on their dashboard and a notification is sent to our common email address. SentinelOne Singularity Cloud Security provides a direct link to the affected resource in the AWS console, allowing me to navigate to the issue and resolve it quickly.

SentinelOne Singularity Cloud Security has improved my organization's security posture significantly. Before its implementation, we lacked an understanding of best practices for security. The solution has clarified our path by providing guidelines and alerts, which have helped us secure our infrastructure effectively.

It has reduced the number of false positives significantly, providing accurate data for our security processes.

SentinelOne Singularity Cloud Security has significantly improved our risk posture.

Prior to implementing SentinelOne Singularity Cloud Security, our mean time to detect ranged from 30 to 35 minutes. Now, with SentinelOne, our MTTD has significantly improved, falling within the range of 5 to 10 minutes.

Our mean time to remediate has been reduced to five minutes since implementing SentinelOne Singularity Cloud Security.

SentinelOne Singularity Cloud Security offers several valuable features, most notably the rapid vulnerability notifications that provide timely alerts regarding our infrastructure. Furthermore, the platform's intuitive interface enables even novice team members to navigate the dashboard with ease, minimizing the need for extensive documentation.

I believe the UI/UX updates for SentinelOne Singularity Cloud Security have room for improvement. While the current interface is excellent, enhancements could make it more user-friendly. Additionally, an improved notification system that sends alerts about vulnerabilities directly to our centralized console would allow for a more prompt response.

I have been using SentinelOne Singularity Cloud Security for almost one and a half years.

I rate the stability of SentinelOne Singularity Cloud Security as nine out of ten.

I rate the scalability of SentinelOne Singularity Cloud Security as ten out of ten.

I have contacted SentinelOne's technical support team once, and they were very helpful. Their communication and product knowledge were excellent.

Positive

The initial cloud-based deployment was straightforward, taking approximately two to three working days with a team of three people.

The implementation was handled internally by my team with guidance from a senior resource.

I rate SentinelOne Singularity Cloud Security nine out of ten.

We have 150 users of SentinelOne Singularity Cloud Security.

I recommend SentinelOne Singularity Cloud Security to others because it is very important from a security standpoint. 

We use the solution for security and monitoring. It helps maintain compliance standards. Multiple policies can be mapped and evaluated and alerts can trigger your attention.

We're using multiple cloud environments and multiple providers, such as AWS, Azure, GCP, and Postgres. It helps us manage multi-cloud security.

The UI is very good. The solution offers very good adaptability.

Its ease of use is pretty good. After using it for nine months, I'm pretty comfortable with it.

The evidence-based reporting helps us prioritize and solve issues. This is a feature that is missing from most platforms.

We use agentless vulnerability scanning. It's a good aspect of the product.

The proof of exploitability and evidence-based reporting are excellent. They gave me a detailed idea of what was exposed. 

We use the infrastructure as code scanning. It really helps manage the policies, which I have been working on. 

The compliance capabilities are helping me most of all. The reports and alerts we get help manage everything and act on issues.

We've reduced the number of false positives we receive by 35% or so.

We've reduced our time to detect by about 20%.

It does take time to remediate, however, we've saved time in terms of time to remediate since we get more details around alerts and can go in and look and solve issues. We've reduced our mean time to remediation by about 30% to 35%.

It can be complex to use at the outset. 

They could have better support. We've had support issues in the past. They need more experienced support personnel. 

I've been using the solution for 8 to 9 months.

The stability is okay, however, it needs more maturity. 

We have 2 to 3 users on the solution currently. We have it in one location right now. 

The scalability depends on the integration.

Technical support has room for improvement. 

Neutral

We did previously use a different solution. We used Prisma. It did offer good pricing and good scalability.

The initial setup only took about 1 week. I was not directly involved in the customer onboarding process. 

The solution does not require any maintenance. 

We see an ROI in the fact that we can better map our best practices. From a security perspective, we're saving around 30% to 40% and we're able to implement more best practices.

The pricing is pretty good. It's comparable to or better than others on the market.

I'm a partner.

The solution is cost-efficient, yet it needs more support accessibility. However, I would recommend this solution to others. I'd rate the product 5 out of 10 overall. 

SentinelOne Singularity Cloud is on our computers and servers, mainly for threat hunting. I use it to ensure our devices remain healthy and are virus-free, ransomware-free, and threat-free.

We've felt more comfortable having SentinelOne Singularity Cloud because we've had a safer environment. The benefits from the platform were immediate.

What is most valuable in SentinelOne Singularity Cloud is that it can detect any threat on a machine or is being installed on a machine, so it is a platform that helps keep the environment safe.

I also found the real-time detection and response capabilities of SentinelOne Singularity Cloud impressive because it is a platform that uses artificial intelligence to determine what is normal and what is abnormal and can lock down any virus it may encounter.

SentinelOne Singularity Cloud has good automated remediation capabilities. It can catch threats that other antiviruses do not.

The platform also has a very good deep visibility feature, enabling you to run scans and find what you need.

SentinelOne Singularity Cloud provides excellent historical data to find what you need.

The platform reduced my organization's mean time to detect and mean time to remediate anywhere from a week to sixty days.

SentinelOne Singularity Cloud also helped free up SOC staff, enabling staff to work on other projects or tasks. Through the platform, the team does not have to spend as much time trying to go through different objects on the machines manually.

SentinelOne Singularity Cloud hasn't had a direct, everyday impact on my organization's productivity. What it has an impact on is uptime whenever there is a threat on a computer because it blocks it.

The platform has good interoperability with third-party solutions and integrates smoothly.

SentinelOne Singularity Cloud is able to support my organization's ability to innovate. It is good in that aspect, though I have yet to work with that extensively.

SentinelOne Singularity Cloud sometimes has false positives, but the main area for improvement I want to see is for it to become less resource-intensive. Right now, it can slow down processes on the machine, and it would be a massive improvement if it were more lightweight than it currently is.

I've been working with SentinelOne Singularity Cloud for about three years.

I found SentinelOne Singularity Cloud stable.

SentinelOne Singularity Cloud is scalable, and it is pretty seamless in terms of autoscaling based on my organization's workload demands.

I have not contacted the SentinelOne Singularity Cloud technical support team.

My organization used Windows Defender but switched because SentinelOne Singularity Cloud was more robust.

Due to its notifications, you can also have the turnout time of obtaining telemetry data from SentinelOne Singularity Cloud automatically, so you do not have to watch it constantly to see the data. The platform automatically shuts down the computer, takes it off the network, and then reports to you versus Windows Defender, which requires you to do a little more research into the items, as it did not provide as much information.

I was involved in the initial setup of SentinelOne Singularity Cloud, which I found pretty straightforward.

We worked with a consultant in implementing SentinelOne Singularity Cloud.

Only two people were involved, and the process took about two weeks.

I believe there is ROI from SentinelOne Singularity Cloud because of its impact on productivity through its ability to remediate and self-resolve some of the items.

I have no information on how much SentinelOne Singularity Cloud costs.

We did not evaluate other options before choosing SentinelOne Singularity Cloud.

If someone were to tell me that they do not believe they need SentinelOne Singularity Cloud because they have a continuous security monitoring solution in place, I would disagree because, with the SentinelOne Singularity Cloud platform, you can allow or disallow items within the machine. It automatically disconnects the machine from the network, helping you determine what is happening.

My organization works with the cloud version of the platform. It is deployed in multiple departments, and about four hundred users work with the endpoints.

SentinelOne Singularity Cloud requires maintenance, but it's not difficult to maintain.

Only one person takes care of the maintenance of the platform.

My advice to other users who would like to start working with SentinelOne Singularity Cloud is that I would highly recommend it based on its abilities and what it can find and remediate for you. It is easy to deploy and maintain, so I would tell others it is a solid platform.

My rating for SentinelOne Singularity Cloud is eight out of ten.

We have an environment in the cloud where we have a bunch of EC2 instances and S3 buckets. We have the SentinelOne agent installed on all of our EC2 instances, to monitor our environment, so we use it quite frequently.

We needed cloud-based endpoint protection that we could install to get a single pane of glass into our security environment. Specifically, we needed to see the version usage of the applications to ensure we didn't have any outdated applications.

It has definitely helped reduce our mean time to detect. It's much quicker than with our last platform. Singularity has also helped free up our staff to work on other projects. We don't usually come into the console unless we get an alert. In that sense, we have been working on many other projects in the last year. Now that everything is set up and running smoothly, we haven't had to spend as much time in the console as before.

And when I consider the solution's impact on overall productivity, features such as the reporting have helped. When we need to run a report on how many endpoints we have in our environment for regulatory requirements, we use the reporting feature of Singularity because we know it's installed on every endpoint, giving us full visibility. From a reporting standpoint, it has certainly helped us.

We really appreciate the Slack integration. When we have an incident, we get an instant notification. We also use Joe Sandbox, which Singularity can integrate with, so we can verify if a threat is legitimate. The third feature we use most often is the VirusTotal integration. That allows us to take the hash of a threat or virus and open it up in VirusTotal.

Also, it's amazing how quickly its real-time detection and response capabilities come through. There have been multiple times where either my coworker or I will be working on something—even in our elevated environment, and even just running a script. We wouldn't expect a pop-up, but it's good to know that it's checking for those anomalies, detecting them, and notifying us of them instantly. We love that feature.

In terms of the historical data record provided by Singularity after an attack, we like to use the Storyline feature for deep dives and threat hunting if needed. It has been very useful in our operations. We can see different event types on each endpoint, which comes in handy. Using the Storyline feature, we can dig in much quicker, connect the dots, and see what caused the alert. So it has quickened remediation.

And the SentinelOne Cloud engine detection types are useful when trying to determine whether a threat could be legitimate or a false positive.

One of our use cases was setting up a firewall for our endpoints, specifically for our remote users. We have a firewall on-premises that comes into play when someone is at our main campus. But we needed something more for our remote users. We were hoping to utilize SentinelOne's firewall capabilities, but there were limitations on how many URLs we could implement. Because of those limitations on the number of URLs, we weren't able to utilize that feature in the way we had hoped to.

I have been using SentinelOne Singularity Cloud for about two years.

Singularity has been very stable. It has never lagged or crashed that I've noticed. In my experience, there has been 100 percent uptime.

The interoperability with AWS has been very straightforward and streamlined, without any major bugs or issues that I've come across.

Its scalability is one of the main reasons we chose SentinelOne. Because it's hosted in the cloud, we can install as many agents as we're licensed for. We've never gone over that limit. As new servers and endpoints come online, it's easy to deploy. It's built into the image.

We do have a unique use case regarding scalability. We use a VDI environment in Azure, and it works. We haven't had any issues. But when we need to run updates on those machines, we have to rebuild the image. We can't have the agent built into the image because of our rebuild process. That makes it a manual process for us every month when we redeploy those desktops. We have it scripted out with a PowerShell script that helps, but it's a manual step for us. That's one area we're trying to address from a scalability standpoint.

As for auto-scaling, we're more of a static environment for most of our endpoints. The VDI is our only more fluid environment, since our VDI endpoints go up and down based on usage. Once the agent has been deployed to those images, the auto-scaling works flawlessly, and we haven't had any issues there.

We used ESET, but the decision to go with Singularity was made before my time with the company.

We have a couple different deployments: our end-user endpoints and our server fleet. I was involved with the server deployment. It was very straightforward, and we didn't run into any issues during that deployment.

The only maintenance involved is when we need to whitelist an application. For example, if a new user installs an application, we might get a false-positive pop-up. That's really the only maintenance we have to do.

We did it ourselves, and there were four people involved.

It's a fair price for what you get. We are happy with the price as it stands.

My advice is that if you want an easy-to-deploy solution where you can have a single pane of glass to get visibility into all of your endpoints and applications, and run reports on those application versions, Singularity makes it a very easy-to-use, straightforward, and streamlined process that has helped us over and over again.

If someone thinks they don't need Singularity because they already have a continuous security monitoring solution in place, using SentinelOne gives us an overarching view from the single console, giving us the entire picture of the timeline of events that happened. Going through the timeline and connecting those dots really helps when threat hunting. It helps to get the full picture instead of just a specific point in time, which is the way some of the legacy antivirus programs work.

The solution has an automated remediation feature, but we don't currently use it because we are a smaller team. We like to remediate manually. For the time being, we haven't had a reason to use the automation feature yet.

One area we're trying to innovate more in is the AWS Security Hub. Singularity, in their marketplace, has a couple of apps related to that. We're trying to build more automations within AWS Security Hub to get better overall visibility, not only of our EC2 endpoints but of our applications as well.

We use the solution for security posture management. It's a safeguard for our cloud. It helps flag misconfiguration or any kind of vulnerability. There are also remediation capabilities, although we're only subscribed to alerts.

It's a safeguard tool for our cloud. When I'm using my cloud I need to make sure whatever I'm doing is secure. So we needed a gatekeeper or something acting as a gatekeeper, to keep an eye out since people can sometimes make mistakes. If there is any kind of event error, it helps us get alerted.

It's a real-time monitoring tool that runs 24/7.

I like the security capabilities. The availability and stability are very good. 

It is very easy to use, and the graphical user interface is nice. It's great that they provide information regarding issues on the front end. The evidence-based reporting is good. There is some heavy investment there. The user interface and ease of use for security operations are very helpful. Everything is easily available, and that's very impressive. 

It works within a certain set of rules. It has enough information to cover 100% of the services we are using. For most of my expectations, the product has covered my needs. They are also adding new features and functionality.

We use the infrastructure as code scanning, which is good. There's very good security scanning. We can scan non-production environments and get a report. We get notifications of issues immediately. Before moving to production, we always look at reports to check for issues. 

We're almost 99% compliant based on the compliance regulations we follow. It's helpful to have good compliance scanning. 

We've been dealing with fewer false positives. It's improved over time. It's too early to say, percentage-wise, how many fewer we're seeing; however, it is noticeable. 

It's lowered our risk posture. We have been satisfied so far. It covers what we need to be covered.

The mean time to remediate has been lowered by about 20% to 30%.

We now have very good collaboration between our cloud security, application developers, and AppSec teams. There's better communication in terms of response. We haven't calculated if it's saved us any engineering time, however. 

They could improve their mean time to detect. It's good, however, it could be lowered further. Detection should be in near real-time. We need these alerts fast as security is our greatest concern.

They could improve reporting and offer better, faster notifications. 

I've used the solution for almost 2 years.

I'd rate the stability 8 out of 10.

We have 10 to 15 people using the solution. 

I'd rate the ability to scale 8 out of 10.

We've had our support directly reach out to theirs. Sometimes they address items slowly; sometimes they are faster. The support response time could be improved. 

Positive

We did use something prior to PingSafe. We had a few things on-premises and on our private cloud. We liked the pricing and feature offering of PingSafe and decided to implement it. 

The initial setup was pretty straightforward. We had to do some integration and it was simple. The deployment itself hardly took an hour. It's integrated with our AWS and that was pretty seamless. 

I don't worry about maintenance. I don't take care of that aspect. However, PingSafe works in the background, maintaining and upgrading the system directly. 

We had a few people from PingSafe involved in the implementation. 

I'm a customer and end-user.

It's a 100% available solution. It covers most of our cloud security requirements and has a nice interface. Support could be faster, though. When we're dealing with security, we don't want lots of time between responses. 

I'd rate the solution 7 out of 10.

As an application developer focused on AWS and cloud components, I rely on SentinelOne Singularity Cloud Security to stay informed about vulnerabilities and maintain best security practices.

I would rate the ease of use of Singularity Cloud Security a nine out of ten. It is very helpful for beginners due to its simplicity and straightforward integration with various cloud platforms like AWS, GCP, and Azure. Its user-friendly interface and familiarity across different cloud environments make it easy to understand and implement, regardless of prior experience.

Singularity Cloud Security prioritizes and resolves critical cloud security issues. When a problem arises in my infrastructure, SentinelOne alerts me, such as an open port in our AWS environment or a deviation from best practices. It provides alerts, suggests solutions, and offers documentation with best practices, which is helpful for those new to cloud platforms. This has reduced my response time by approximately 45 minutes. 

The Offensive Security Engine, powered by impressive AI/ML capabilities, seamlessly integrates with cloud infrastructure to analyze data and provide optimal security solutions. Its AI/ML-driven backend engine effectively identifies and resolves threats, making it a powerful tool for comprehensive security monitoring and protection.

We saw the benefits of SentinelOne Singularity Cloud Security immediately.

SentinelOne Singularity Cloud Security categorizes risk into four levels: low, medium, high, and critical. Teams handle low and medium alerts, which are based on best practices that we must follow. High and critical alerts are very important and require immediate attention. When these critical alerts occur, we contact PingSafe or the SentinelOne data team for support. They help us resolve the issue, identify affected resources, and provide comprehensive information. Occasionally, we receive direct support from SentinelOne, collaborating with them using their tools. The system is reliable and accurate, with no false positives.

It significantly reduced our mean time to detect threats. Previously, we didn't use security tools, so I had to identify and address vulnerabilities independently. To ensure best practices were followed, I had to manually investigate issues within our AWS environment and troubleshoot them alone. SentinelOne has been instrumental in guiding us toward securing our infrastructure by providing insights into best practices and automating threat detection.

SentinelOne Singularity Cloud Security has helped reduce our mean time to remediate.

The most valuable feature is the notification system, providing real-time alerts and comparisons crucial for maintaining security. Additionally, the dashboard's user interface and user experience are intuitive and easy to understand, even for new users.

One potential drawback is the cost of SentinelOne Singularity Cloud Security, which may be prohibitive for smaller businesses or startups, particularly those in regions with lower average incomes, such as India.

I have been using Singularity for around one year.

The customer service and support team is knowledgeable and helpful. Throughout the migration, they remained available for several hours without complaint, providing assistance at every step.

Positive

The initial deployment was not difficult. It was smooth, with support from experienced team members and customer support during the two to three-day migration process.

During migration, more than two people were involved, though only two were necessary.

The pricing is somewhat high compared to other market tools. This cost can be particularly prohibitive for small businesses and startups.

I would rate SentinelOne Singularity Cloud Security nine out of ten.

My responsibility within our infrastructure is limited to the infrastructure itself, excluding the application and database layers. As such, I can only offer guidance on the infrastructure aspects of our implementation. When we deployed SentinelOne Singularity Cloud Security in our hybrid infrastructure, both cloud and data center-based, the migration was smooth, taking approximately two to three days of testing to complete successfully.

We use PingSafe as our Cloud Security Posture Management tool.

PingSafe is easy to use. While some features, like advanced graphics and custom drag-and-drop filters, might have a learning curve, most functionalities are intuitive. Clicking on "Asset Inventory" provides a clear list of all our assets. The filters are logically organized by resource type, account ID, and other relevant categories. In short, most of the platform is straightforward, allowing users to become comfortable within 15 minutes. However, advanced capabilities like custom visualizations and automated filtering through drag-and-drop may require additional time to master.

PingSafe creates a comprehensive inventory of all resources within our cloud infrastructure. It automatically identifies any misconfigurations for each of these resources. The easy-to-track capabilities are further enhanced by automatic integration with Jira. Additionally, PingSafe serves as the primary source of evidence for audits and compliance purposes. It documents the resources we identified with misconfigurations and demonstrates that we have rectified them. This functionality simplifies the process of providing evidence to auditors.

We experienced the benefits of PingSafe immediately after onboarding our entire Cisco setup. However, there was likely a waiting period of up to six hours for the platform to fully populate with information about our infrastructure, resources, and so on. Despite this wait, some immediate benefits were gained. PingSafe likely identified a list of potential misconfigurations across our accounts. This provided a starting point for further investigation and remediation. Of course, to fully leverage PingSafe's capabilities, we might need to integrate it with our existing external tools. However, the initial onboarding process itself yielded some valuable insights.

PingSafe reduces the number of false positives we encounter. Initially, we relied heavily on custom engineering, which created a lot of noise. The code might not have been scalable, or it might have only triggered under specific conditions. We struggled to manage this custom tooling as our environment grew. When we considered scaling our operations, we realized this approach wouldn't be sustainable. PingSafe provided a well-designed system that addressed these challenges. Even during configuration, PingSafe can determine if something is misconfigured or not. However, PingSafe also allows us to suppress findings that might be flagged as security vulnerabilities in a traditional sense, but are expected behavior in our specific context. For example, we might have developed a custom way to handle a specific situation like a three-bucket container for a site. PingSafe allows us to suppress these findings, resulting in a significant reduction in false positives. Integration with PingSafe was very straightforward. Furthermore, suppression occurs at the source where misconfigurations are generated. This eliminates the need for an additional filtering layer. Imagine having 100 issues to address, and needing to manually filter out the ones that are not genuine issues. PingSafe takes care of this filtering within the platform itself.

PingSafe has improved our risk posture by giving us greater visibility into our infrastructure. This includes niche resources and misconfigurations that we weren't previously tracking or aware of. Unlike traditional tools that focus on specific resources or make assumptions, PingSafe performs a holistic scan of our entire account. This has given us a much better understanding of our current attack surface. Once these vulnerabilities were identified, we were able to prioritize and remediate them, leading to a long-term improvement in our overall security posture.

PingSafe has reduced our mean time to remediation. It's slightly better than our previous approach because we were also scanning daily. However, PingSafe also includes scanning for many more resources than we were managing ourselves. So, while the time to fix individual problems might be similar, perhaps slightly less, the reports generated by PingSafe are more comprehensive and complete than what we had before. Additionally, PingSafe helped us identify a number of additional resources that need fixing, which we weren't adequately tracking in the first place. Once a problem is identified and confirmed as a true positive, it takes no more than 15 minutes to fix it.

PingSafe facilitates collaboration between our teams. We have three main groups: application security, infrastructure security, and compliance. The infrastructure team handles the entire PingSafe process, from generating reports and onboarding resources to acting on them. This has streamlined our workflow by consolidating everything into a single view. I now have all the information I need in one place. However, it's important to note that our application security team doesn't currently interact with PingSafe.

The most valuable features of PingSafe are the asset inventory and issue indexing. Once I've onboarded all the cloud accounts I want to manage with PingSafe, it can automatically create an inventory of all resource types across AWS. Additionally, it can identify misconfigurations for those specific resources.

Another key feature we appreciate is the ability to create custom rules for up to ten users. This functionality is useful because PingSafe also collects generic information and metadata about each resource. This allows for granular filtering. For example, we can easily query to find only servers with a specific tag. This filtering capability is valuable for investigations, ad-hoc queries, and data gathering.

Finally, the integration module deserves mention as well. We use Jira internally to track all our tools, security reviews, and bugs. PingSafe can directly push issues to Jira, making it very easy for us to track them. This eliminates the need to constantly return to the PingSafe platform to see which issues were generated.

PingSafe can be improved by developing a comprehensive set of features that allow for automated workflows. While the current dashboard is functional, it could be made more actionable by incorporating additional functionalities. For instance, drag-and-drop functionality would simplify the creation of integrations. Additionally, valuable data can be retrieved from the platform using APIs and displayed on the dashboard, potentially using tools like Tableau for visualization. This is just one example, but it highlights the potential for expanding PingSafe's capabilities by enabling greater integration with other tools, even those not currently supported.

I have been using PingSafe for six months.

There was a phase where we built a proof of concept using the PingSafe platform to understand if it could directly address the problems we're currently facing. After finalizing the POC, we conducted testing and identified a baseline for future comparisons. Then, we moved into the implementation phase, and now the system is fully operational.

PingSafe is stable.

PingSafe is scalable. We have not encountered any issues with the number of accounts and services we are using.

Previously, we managed our cloud security posture with in-house solutions built using open-source tools and custom code. However, as the number of accounts grew, this approach became difficult to scale and maintain. Additionally, the reporting capabilities of our custom tools didn't meet the increasingly stringent compliance requirements. To address these challenges, we sought an external, vendor-managed Cloud Security Posture Management tool.

The initial deployment of PingSafe was easy because their implementation team collaborated closely with one of our cloud security engineers. Since there were no agents or software to install, onboarding accounts simply involved creating a role for them. This role grants the platform read-only access to our infrastructure. The process is very streamlined; our team can onboard an entire account within minutes. However, the first time an account is onboarded, it takes some time to ingest all of its resources and information.

The entire deployment took less than a week. This included not only onboarding accounts but also gaining a holistic understanding of the platform and its capabilities. PingSafe also came to our office to showcase the modules we could leverage and how we could use them effectively. Since this was our first time working with PingSafe, our team actively collaborated with them to resolve any issues we encountered.

One engineer from our organization worked with a team from PingSafe to implement the solution.

Pricing is based on modules, which was ideal for us. We weren't interested in the platform's full capability at first. Our priority was to establish foundational practices like maintaining an asset inventory and identifying misconfigurations. We then aimed to streamline these processes. Thankfully, PingSafe's modular pricing allowed us to pay for only the features we needed, unlike Wiz. With Wiz, we would have paid for the entire platform upfront, potentially leaving us with unused features. This would have been a poor return on investment, especially considering Wiz's high cost. In essence, their pricing model wouldn't have suited our needs. Even if we had eventually used all of PingSafe's features, the initial cost would still have been lower than Wiz in the long run.

After evaluating several options, including PingSafe and Wiz, we determined that PingSafe was the best fit for our needs, particularly in terms of cost. PingSafe provides a comprehensive view of potential security issues in our cloud infrastructure, allowing us to map them to relevant compliance frameworks, custom security requirements, or internal engineering standards. This enables us to effectively track and remediate these issues, ensuring a more secure cloud environment.

The Wiz platform offered a wide range of features that weren't essential for our current needs. For instance, they provided data security and AI-powered security posture management. However, our current security maturity level wouldn't allow us to fully utilize these capabilities. Additionally, Wiz is a comprehensive platform, and individual modules aren't available separately. In contrast, PingSafe allowed for closer collaboration. They could customize the platform's functionalities to meet our specific requirements. Moreover, PingSafe was significantly more cost-effective. While I can't recall the exact price difference, it was a substantial saving. Furthermore, PingSafe's support team was incredibly responsive. They were receptive to our suggestions for features that might be beneficial in the future. This flexibility, along with the platform's affordability, ultimately led us to choose PingSafe.

I would rate PingSafe eight out of ten.

We initially considered the agentless vulnerability scanning as a cloud security management tool, not a host-based security solution. Therefore, we opted against installing agents. Instead, we simply connected our AWS accounts through IAM, allowing the scanner to comprehensively scan all necessary resources and gather the required information.

The maintenance is taken care of by PingSafe directly.

Before deploying PingSafe, it's important to fully understand all its capabilities. While we're currently using one specific feature, PingSafe offers a wide range of functionalities. Gaining a clear internal understanding of your specific needs for PingSafe will help you determine the optimal model. Focusing solely on features without a defined purpose can lead to unnecessary costs. It's more efficient to obtain a quote for the model that aligns with your current needs. As your requirements evolve, you can then expand functionality by integrating additional modules.