Vicarius vRx Reviews

We're an MSP managing about 300 companies. I am responsible for seven of those. We're primarily using Vicariuse to protect against vulnerabilities and malware. 

One of Vicarius' biggest benefits is patchless protection, which enables us to address vulnerabilities in applications that do not have a patch yet. This has reduced our remediation time. To start with, it's easy to deploy the agents to the endpoints. Once they're deployed, you can patch whichever application you want with one click. You can also automate updates and patching with scripts. We can complete all these tasks in a quarter of the time. 

In the past, we spent maybe 25 percent of our time patching because we had to write the automation scripts, push them out after hours, and ensure the patch was applied correctly. With Vicarius, I've never seen a patch that failed or had to be rolled back. We're saving quite a bit of time.

Our clients using vRx haven't had any issues, and they've easily established patching for all their endpoints. If there aren't any problems, I assume it's doing its job and protecting the endpoints. 

My favorite feature is patchless protection. It's the primary reason we decided to use Vicarius. It can block malware for applications that don't have current patches. We were less interested in having a solution that could do multiple features simultaneously because we already have existing solutions for vulnerability scanning. We were looking for something that could patch a wide variety of applications easily. 

I also like how easy it is to use. We instructed some companies on how to use it, provided them with an account, and gave them the ability to deploy and patch. They could quickly figure it out. We can spend an hour in the office showing someone how everything works, and they're good to go. It's the same with our customers. 

One difficult thing is all the name changes. I sometimes get confused about what the product is called. It's called connect in some places and vRx in others. When you log into the website, it says it's in beta, which confuses me because it seems like a full-fledged product.  

Another complaint we've gotten is that the portal doesn't remember your username and password. You tell them your email, and it sends an invitation. You need to click that, and it takes you to a new portal, where you can finally log in. Maybe it's a security precaution, but it seems like a lot of extra steps to log in.

I have used Vicarius for seven months.

I rate Vicarius vRx eight out of 10. We haven't experienced any crashes or lagging. Initially, I was concerned about how deploying five or six patchless protections to an endpoint would affect resource usage. However, I tested it with 30, and it didn't seem to degrade the quality or use a ton of resources. I don't think I've reached the limit.

I give Vicarius vRx a 10 out of 10 for scalability. It's infinitely scalable. When we add a new company, we can deploy to their endpoints without any problems. Deploying to multiple tenants is effortless. 

I rate Vicarius support eight out of 10. I've only contacted them once with a question. They were very responsive. They got back to me in an hour or two. I can't remember the issue, but they resolved it quickly. 

Positive

Vicarius vRx is very easy to deploy. We did it all in-house because it's simple. I deployed it alone. After playing with it for around an hour, I could start deploying it to endpoints. You don't need a consultant or anything. They have it for Linux, too. If I recall correctly, the Linux deployment was a little trickier. The Windows-based deployment was much simpler. After deployment, it doesn't require much maintenance. 

We're an MSP, so we're always looking for new products to sell to our clients at a markup to make a profit. You can explain the product's benefits in three or four minutes, and we don't need to push the clients very hard. We already have seven or eight customers who use it, including one of our larger clients. 

We saw the benefits almost immediately because it's bringing us monthly profits, and it's an easy sell. It's almost like some of them just wanted to sign up on their own without any push from the sales department.

The price of vRx seems fair. None of our clients complained about the pricing. They all thought it was reasonable. Once people understood what it does, it didn't take much to get them to sign up.

We didn't consider anything else. We already have multiple layers of security and several patching tools that are giving alerts and updating with malware signatures. We never compared vRx with a short list of other products. It had features that we didn't already have, so we signed up for it.

I rate Vicarius vRx seven out of 10. It's a relatively new product, so I could increase my rating as they add more features. If you already have a vulnerability patching tool, I recommend using both to see if you like it more. I haven't seen another product with patchless protection.

If you are considering vRX, I suggest talking with the Vicarius team. The vRx team doesn't seem very large, but I think that's normal because the product is pretty new. Talk with someone there and do a trial or schedule an hour-long meeting. That should be enough time, so you don't have to click around on your own and figure it out. Have one of the vRx employees walk you through setting up a deployment and adding a tenant. It'll save you time in the end.

We use Vicarius vRx as a vulnerability detection or overall vulnerability management system. Their agents discover and report vulnerabilities on Windows endpoints, and their solution assists in patching endpoints.

Our previous solution was doing well with vulnerability detection and reporting. However, we wanted to try an agent-based patching system. That particular product would have doubled the cost. My supervisor discovered Vicarius, and he wanted to try a POC. So, the primary reason was that we wanted to include the ability to patch endpoints based on vulnerability discovery.

Vicarius is valuable because it combines vulnerability discovery, prioritization, and remediation into a single platform. Traditionally, these functions are separated and often managed by different teams, such as security teams handling discovery and infrastructure teams responsible for patching. This division requires significant coordination and communication regarding vulnerabilities, necessary patches, and prioritization. Vicarius streamlines this process by directly linking identified vulnerabilities to required patches, enhancing efficiency.

We have automated some of the patching using vRx's ability to perform that function. My infrastructure team handles the patching side, and we have shared access to the platform. I know that at least ten different tasks are automated, but I'm unsure if they've progressed even more. The gathering of patches that have been released, staged, and ready to go has been automated. So, all patches are already available, and we have some pre-done schedules that will automatically launch and start patching at predetermined times without further intervention.

The automation process has saved at least 30 percent of our manual tasks.

It takes two to three months to get a good overall vulnerability picture. The deployment takes a little while and some time to get used to the reporting. However, we saw decent data within two months and started asking questions about reporting and numbers. After three months, the overall dataset was good. Even now, we're still working on reporting, asking questions of Vicarius and trying to tweak some of the different reporting features.

Vicarius has helped us reduce our mean time to remediate vulnerabilities. Because we can examine endpoints, the best use case I can think of as an example for shortening remediation time is when we start spot-checking and looking at the dashboard for endpoints that, for some reason, have a high count of vulnerabilities or a much higher count of more severe vulnerabilities, we can immediately go into patching from that console and start pushing things out. So it helps us to immediately take care of delinquent workstations, for example, those that have not been connected or a person just keeps leaving their workstation off during prescribed patching periods. Overall, I would say remediation time is 25 to 30 percent shorter. The biggest impact is on case-by-case patching. We follow a regular patching cadence. We're a Microsoft shop, so the largest number of patches we have to apply, like most others, is on Patch Tuesdays when Microsoft releases stuff. Since that's on a regular cadence, I wouldn't say that Vicarius has greatly affected that. But there's a great improvement when we perform cleanup work and try to catch all the outliers and delinquent machines.

Agent-based scanning is the most valuable feature. Previously reliant on network scanning, we faced limitations when devices were offline or remote, such as laptops. This inconsistency in scan results is resolved through agent-based scanning, which provides more consistent data collection as long as the device has internet access. Additionally, integrated patching is highly desirable. While we have other software deployment and patching systems, their reliance on network connections creates similar inconsistencies in reaching all endpoints at scheduled times. Agent-based patching significantly improves this process.

Vicarius is an agent-based platform focusing on Windows, Linux, and Mac endpoints. While we know they're developing traditional network scanning capabilities and plan to demonstrate them soon, this feature is currently missing. Unlike previous vulnerability management systems that relied on network scanning appliances to discover and assess endpoints, Vicarius' agent-based approach is less effective for devices like switches, routers, and printers where agent installation is impractical. Although they suggest using Nmap as a workaround, we find it insufficient. We eagerly await the implementation of network scanning to manage vulnerabilities across our entire infrastructure comprehensively.

I have been using Vicarius vRx for almost seven months.

We began using vRx around mid-January as a proof of concept and have since progressed to full production implementation. I'm uncertain if we are officially considered a 100 percent customer, as my supervisor and his manager have been negotiating the contract with Vicarius. There's some ambiguity about whether all our data remains on US soil or if it's stored in other countries, so the contract finalization is still pending. Nevertheless, we are currently utilizing vRx in our production processes.

We have not experienced any issues with the agents on the endpoints. The portal has been very reliable. It has not gone down, and we have not known of any instance where we couldn't get in to see and view our data. So, we have not experienced any noteworthy issues at all at this point.

Our shop currently supports approximately 800 endpoints, and the system handles this load without issue. Given the system's cloud-based architecture and demonstrated ability to scale quickly, I anticipate that increasing resources on the cloud side would easily accommodate a more extensive deployment if necessary.

At this time, I rely more on opening tickets, and they do have online chat support. Their answers have been good, and the responses have been very quick. I find the support staff helpful, especially when I ask for a call so we can work together on the system. The response has always been excellent and efficient.

Positive

We previously used QualysGuard Express. We switched to Vicarius because we saw the opportunity to go with a product that had a similar pricing range, but at the same time, it included the patching ability.

Deployment was very easy. We did not encounter any issues with installing agents on endpoints.

For us, deployment was a collaborative effort, particularly in vulnerability identification, research, and patching. While we've divided these tasks into two teams, it's feasible that a single individual could handle vulnerability analysis, research, and reporting. However, given our additional responsibilities, a two-person team currently offers greater efficiency. Ultimately, the feasibility of a one-person approach post-deployment depends on the organization's size and complexity.

We initially started with a small test group of about twenty workstations to gather preliminary information. This was essentially a proof of concept or evaluation phase. Once the decision was made to proceed, we successfully deployed agents to all endpoints within a month. In total, the evaluation and full deployment process took one to two months.

We implemented Vicarius with the guidance of vRx, but it was not complex.

Vicarius' pricing was reasonable compared to the other systems we evaluated.

Before selecting Vicarius, we evaluated two other solutions, including Rapid7.

I would rate Vicarius vRx eight out of ten. We need Vicarius to implement the network scanning site.

Vicarius is still a relatively new system, so its content will likely improve. While I find user communities less helpful than technical support knowledge bases when working with any product or system, Vicarius has been okay. However, I rely more on their technical support for my needed information.

We have not yet implemented the patchless protection feature, as other systems also offer it. We are exercising caution and selectively choosing which vulnerabilities warrant this resource-intensive solution. Our decision will depend on the severity of the vulnerability and the priority of addressing it without a traditional patch. Until then, we have not actively engaged with patchless protection.

I can't say that Vicarius saved us a lot of time on patching. Our previous patch deployment system was also very good at getting patches ready and having everything set to go. The biggest difference between the two is that one is agent-based, and the other is not. So, we're not as dependent on a patching window anymore.

I've never used integrated patching since, in our eyes, it was not affordable. I don't know how good the other patching solutions are. I do like Vicarius' reporting better. The dashboard right out of the package is a little more understandable. Strangely, that dashboard information is not always very helpful in every vulnerability system I've worked with. Vicarius has been a bit more clear, and maybe it's just because I like to see certain kinds of numbers. Vicarius offers additional reporting solutions to enhance what it provides through its portal. They provide a Linux-based reporting server that we can put on prem that ingests all the vulnerability information from our portal and helps provide additional reporting. From that, I can export Excel sheets, which makes certain tasks easier, such as analyzing numbers and getting detailed information.

The system itself has not required much maintenance. It automatically updates agents, so there's not much to do to maintain it. It's more about managing the reporting and patching processes.

Given the pricing, the cost of acquiring both vulnerability management and patching capabilities would be comparable to purchasing vulnerability management alone for many equivalent systems. However, the added benefit of simultaneous patching is significant. While it doesn't need to be a primary patching tool, having a secondary option is valuable. To accurately compare options, I would inquire about the nature of the customer's current software deployment and patching system: is it agent-based or network-based? Similarly, if the system is not agent-based, it is still effective. Adding agent-based patching would enhance their ability to address outdated systems promptly. Considering Vicarius's pricing, it's a worthwhile investment regardless of existing patch management solutions. The integration with vulnerability discovery is highly beneficial, supplementing any existing patching capabilities.

We use vRx to do the patch management, vulnerability assessment, and remediation.

Vicarius vRx helps consolidate multiple tools for patching and remediation. It's critical that Vicarius combines vulnerability discovery, prioritization, and remediation in a single platform. We selected it for that reason. It protects us well. We use other tools, but we always go back to Vicarius to ensure everything's in line.

It reduces the time needed to detect and remediate threats by about an hour. I would estimate it saves us about 20 hours each month that we can allocate to something else. 

I like that vRx is cloud-based. It protects the health of applications against zero-day threats. We tried patchless protection, but I don't think we've ever tested it. I don't know if it's ever been triggered, but I believe we'll see a value from it the day it's triggered.

I don't like logging in. The portal could be a better process. You could use some third-party push notification rather than sending an email, waiting for the link to generate, and clicking on it. That would be good. It's somewhat frustrating when I need to log in.

I have used vRx for one year.

Vicarius vRx is pretty stable.

Vicarius vRx's scalability is fine.

We used Acronis and Qualys before switching to Vicarius vRx. Vicarius' dashboard is much better and it's easier to use.

Deploying Vicarius vRx is easy and takes about 10 minutes. One person is enough to deploy it.

Vicarius vRx is slightly expensive. It could be a little lighter on the wallet.

I rate Vicarius vRx 10 out of 10. I recommend vRx because there's a lot of automation you could do. There are many opportunities from a special automation perspective to define and execute your playbooks. If you have third-party tools and controls, you should ensure that you have them ready in advance to push out the application. 

The primary use case is mainly for updating servers and client PCs. These are the main devices we update or patch with the software. 

The reason we went forward with this software is due to the fact that we needed a solution to patch servers, and it wasn't being done on a regular schedule.

We were using Microsoft Endpoint Manager to configure the update range for our devices across the organization. However, it wasn't getting all of the patches to the software we deployed regularly. We implemented this to supplement the updates alongside patch management. We didn't have a robust patch management solution which made the process of updating and installing cumbersome. Vicarius expedited the process for us.

We did not have any visibility before over the vulnerabilities that were within our network, other than what independent research provided. We'd have to read news and blogs. Now we have a simplified dashboard that highlights those vulnerabilities, including zero-days and the risk level of each vulnerability.

The dashboard has been really great. We can now see trends. We can see the vulnerabilities that are being detected and mitigated. 

It's helped us with challenges in an educational organization. It's made a big impact. It's improved the level of flexibility we have to deploy patches. We do get a lot more granularity and can see what kind of patches we want to deploy, the timeframe, and the groupings and various options we have for deployment. If we had devices that only need a certain patch due to specific software and other schools don't, we can isolate out groups and deploy patches to specific groups.

The solution consolidates vulnerability discovery, prioritization, and remediation all in one single platform. It eliminates the need for other services and simplifies management while expediting and streamlining vulnerabilities and patch management.

We've been able to reduce mean time to remediate vulnerabilities. We're on a good schedule for implementing updates and patches based on the level of severity. However, we can deploy patches on the fly if the need is severe and critical. This is the first time we've implemented patch management in this organization, so I can't speak to how much time has been saved. That said, prior to implementation, all patches were remotely handled by Windows updates. The reduction in mean time has positively affected operations as it's made it easier on our side. IT no longer has to manually research and do analysis. That part is almost non-existent. In the past, there was a lot of research into updates and trends. Vicarius does all the hard work for us. We get real-time, accurate information on the latest cybersecurity trends in order to respond accordingly. They have a robust library of scripts that we can deploy as opposed to not just knowing there is a vulnerability but having to create a script.

We've been able to reduce the amount of time spent on patching. We used to do it manually. If it wasn't possible to do it through a Windows update or if the Intune process did not get the patch applied, we would have to try and get all devices across all organizations to the latest versions and make sure the software was also patched. It's saved us an incredible amount of time. We no longer have to touch those systems. We can just rely on the automated system and the schedules we've set. It's a huge time saver. It's saved us hundreds of hours. 

Patchless Protection helps protect us from vulnerabilities that may not yet have patches from the manufacturer. I've used it for a piece of software that we don't have a patch for. It monitors that software, analyzes it, and makes sure nothing nefarious is going on when it's vulnerable. 

The scripting engine enables us to create custom scripts. I haven't written any scripts; however, I have used it to push out an upgrade, for example. They have a ton of scripts provided by the community. Since I started with the solution, the growth of the library has been extensive. I've been excited with what I've seen and I know I'll be able to use it in the future.

They have a great forum. I haven't used it and haven't felt like I needed to, although I have used their FAQ and documentation, and that's been really helpful. 

It's great for keeping our environment protected. It does an extremely good job of patching everything we need it to.

While it's not under their control, I would like to see more ways to get some apps with vulnerabilities patched. They do a good job of giving us a good inventory of what we really need to keep an eye on. However, if they can work with the vendors a bit more to find some solutions to open vulnerabilities, it would be ideal.

I've given Vicarius some feedback in regards to granular naming or groupings of devices. We have so many sites that I've asked if it's possible to make changes. For the most part, they've been helpful in addressing this. They've been really trying to take any feedback to their engineers and they do try to implement our requests. 

We deploy our applications via Microsoft Endpoint Manager to our devices. However, when Vicarius rolls out a patch, and we roll it out via Microsoft, the version changes on that application. Endpoint Manager will determine if the app is no longer installed and try to update the app. It needs to not trigger Microsoft so that Microsoft no longer thinks the app is installed. However, the workaround is that we can install it from their platform console instead of Microsoft, and that seems to fix the issue. 

They do have a search function for device names. They already have a list of all our devices, however, if I'm looking for something, sometimes the name does not come up at the top of the list. I have to search. And when you have thousands of devices, that process can become quite tedious. I've given this feedback and they've mentioned that's an issue they want to fix.

I've used the solution for about a year.

Technical support and VicariousRx (vRx) has been great. They are professional and responsive. We've met with them frequently - once or twice a month - to go through questions we have or them getting feedback after an implementation. Even their chat system has been helpful. I've used it to ask questions, and I've gotten a response within a few minutes. The communication is great.

Positive

Compared to other solutions, it's more robust as a remediation solution. Not only dos it handle patch management, but we can deploy applications from Vicarius instead of Microsoft or any other MDM. We can leverage their inventory management as well. 

Their scripts have helped us. We needed to upgrade Windows 10 to Windows 11, and they had a great script that was community-driven. We were able to leverage that to upgrade a lot of our computers remotely. We could send the script and have it run in the background and it's saved us a lot of time. 

I ran into one issue when I was deploying their software to our servers. However, it turned out to be a configuration change that had to be done on our end. That's the only issue. We've had no issues deploying. 

It did take a while to deploy more due to my schedule. That said, it shouldn't take too long. If they had a more automated setup system, it would be ideal. Some I have to deploy manually.

We're a customer and end-user. 

As a unified vulnerability remediation platform, I'd suggest that clients who already have a patch management tool consider Vicarius. There are many great products on the market. However, from personal experience, if someone is looking for something better, I'd recommend Vicarius. Their team is very helpful. We've dealt with vendors where product managers don't have control. Vicarius has a team that is extremely helpful, accommodating, responsive, and knowledgeable. They made the whole setup process easy, and if we need help, they are ready to assist. When you can't find someone who is able to give you the support you need, it's frustrating. Vicarius is 100% ready to provide solutions when they see a problem, and they are great at letting us know about the roadmap of features. They're on top of making our systems better. 

We noted the benefits of Vicarius pretty immediately - within a month or so. That's when I first started deploying it to a large amount of devices. I was able to see the progress of the updates I was pushing and the remediations. The benefits were pretty apparent right away.

I'd rate the solution nine out of ten. They are a young company, and I see a lot of good things on the horizon. Their team is growing, and they will be implementing a lot of stuff. They are going to have a well-polished product very soon. 

We use vRx for third-party patching, OS patching, and vulnerability scanning.

We realized the benefits pretty quickly. One of our clients, who is in the financial sector, required a vulnerability solution. It has reduced our mean vulnerability resolution time. I wouldn't say it's reduced our vulnerability patching time, but it has enabled us to catch some things that were missed by our primary patching tool. 

We like Vicarius' vulnerability scanning and patching. The solution is also useful as a backup for our RMM. It helps to catch some things that may have been missed, but vulnerability scanning typically benefits our clients the most.

We were looking for a tool that combines vulnerability discovery and remediation. We've used vRx's patchless protection feature a few times. It doesn't come up that often, but we have had success with it when we've tried to use it. 

Some of vRx's reporting is difficult to configure. It requires multiple steps, especially if you're configuring more than one report at the same time. 

I have used Vicarius vRx for around six months.

I've never had issues with vRx's stability in the six months that I've used it. 

We only have about four clients. 

I haven't contacted Vicarius support, but some other team members have. It was related to account creation. Some users were locked out. They were responsive and helpful. 

We also use CyberCNS. Vicarius has a more user-friendly interface. It's a more premium tool, but it's also more expensive. On the other hand, CyberCNS has a more feature-rich AP compared to other solutions on the market. Vicarius vRx is more robust. 

Deploying vRx is straightforward. One instance takes about one or two hours to deploy. Onboarding takes a few hours. We had help from Vicarius during deployment. They spent 30 minutes to an hour showing us things. We were able to pick it up from there and deploy it on our own. It doesn't require any maintenance. 

I'm not involved in purchasing, but vRx isn't cheap. It's one of the more expensive tools. 

I rate Vicarius vRx nine out of 10. Even if you already have a patching product, your primary patch management tool will always miss some things. It's always good to have a second tool for validation, especially for clients that deal with heavy regulation, such as financial services or government contracting. You need to be confident they are fully patched and have reports to provide to the auditors.