What needs improvement with PingSafe?

Sometimes, I am not able to see the flow when there is an issue. When anyone complains and I have to troubleshoot it, I find it difficult to search. The documentation that I use for the initial setup can be more detailed or written in a more user-friendly language to avoid troubles.

Once all components, including the cloud piece and container runtime piece, integrate further and incorporate an AI layer for better comprehension, it will greatly enhance the utility of Singularity Cloud Security.

While the future roadmap presented by SentinelOne appears promising, I hope the envisioned advancements are realistically achievable and that the gap between current offerings and long-term goals is not too significant. If SentinelOne can deliver on its vision, it will be truly impressive, and we will continue to support its efforts.

SentinelOne Singularity Cloud Security could be improved with easier integrations to the Singularity Data Lake, particularly for various vendors. Additionally, the platform would benefit from an enhanced ability to provide a deeper, holistic view of the entire application deployment cycle, extending beyond effective run times.

They can provide some kind of alert when a new type of risk is there. There can be a specific type of alert showing that a new type of risk has been identified. We use Jira for pushing any changes. If any kind of integration is possible between Jira and the Singularity Cloud Native Security dashboard, it will be easier for us to track. Before approving in Jira, I can ensure that any issues in Singularity Cloud Native Security are closed. Such an integration will be helpful. Its pricing model is a little bit inflexible. Different organizations have different structures. We have multiple business units. Based on the different verticals, we have to create different subscriptions for them. If I create a new subscription and add it to Singularity Cloud Native Security, as per the current licensing model, I have to pay more for that. It should not be like that. It should be based on the number of servers. This kind of flexibility would help customers like us.

I request that SentinelOne investigate this false positive, as SentinelOne has a higher false positive rate than other XDR solutions. While false positives are an expected part of incident response, excessive numbers can indicate accuracy issues with the tool.

All EDRs are made of different modules. There is a firewall module, an IPS module, and an application module. The application module focuses on the different codes and libraries that can be run on the machines. It is very important for Singularity EDR to detect what type of codes and what type of libraries can run in the machine. If they can implement a white list or a black list of codes or libraries that can be used in the machine, it would be very helpful. They can focus more on the application module.

A recurring issue caused frustration: a vulnerability alert would appear, and we'd fix it, but then the same alert would return the next day. We reported this to both our internal team and SentinelOne for investigation and resolution. This needs improvement to prevent these repetitive alerts. In a future update, it would be beneficial to have both an AI chat function and a more modern user interface.

SentinelOne currently lacks a break glass account feature, which is critical for implementing Single Sign-On. SentinelOne should prioritize the development of a break glass account feature. We've encountered some filtering difficulties, resulting in a few areas of the interface needing improvement.

Singularity Cloud Security currently lacks a break-glass account function, which is a critical component for implementing Single Sign-On as it allows for regaining access in emergencies.

We repeatedly get alerts on the tool dashboard that we've already solved on our end, but they still appear. That is somewhat irritating.

While PingSafe offers real-time response, there is room for improvement in alert accuracy. We've encountered instances where misconfigurations created by teammates were not flagged promptly by PingSafe, leading to downstream issues.

In addition to the console alerts, I would like PingSafe to also send email notifications.

PingSafe filtering has some areas that cause problems, and to achieve single sign-on functionality, a break-glass feature, which is currently unavailable, is necessary.

PingSafe's cloud filtering has a limitation: implementing single sign-on requires a pre-class account feature, which is currently not available.

A beneficial improvement for PingSafe would be integration with Jira, allowing for a more streamlined ticketing system.

The reporting works well, but sometimes the severity classifications are inaccurate. Sometimes, it flags an issue as high-impact, but it should be a lower severity. For example, it might highlight an exposed AWS encryption key, a critical compliance issue, but it isn't tagged as a high-risk problem. That only happens about 10 percent of the time. It shows a true positive 80-90 percent of the time.

I do not know if it is possible, but in AWS Cloud, there are multiple features or services, and if they can collaborate with them, it would be helpful. The Infrastructure as Code service available in PingSafe and the services available in AWS cloud security can be merged so that we can get the security data directly from AWS cloud in PingSafe. This way, all the data related to security will be in one single place. Currently, we have to check a couple of things on PingSafe, and we have to validate that same data on the AWS Cloud to be sure. If they can collaborate like that, it will be great. It will be an amazing tool.

The vulnerability scanner generates a high number of false positives that it flags as alerts, even though they're not actual threats. This suggests a configuration issue. We need to address this, especially since some of these flagged vulnerabilities have already been mitigated by other means. The compliance monitoring dashboard, while helpful, doesn't integrate seamlessly with our entire system. This creates a disconnect: a high volume of alerts doesn't necessarily reflect a decline in compliance. For instance, I might have a thousand alerts on my ISO-related compliance dashboard, yet the compliance itself remains at 99.99 percent. This inconsistency makes it difficult to justify remediating every alert. In other words, I might give a clean bill of health from a compliance standpoint, yet still expect them to resolve the alert, which can be confusing. Therefore, we need to address either the way the dashboard generates alerts or the way we create them. Ideally, alerts should be directly tied to compliance standards and have a clear role in the overall compliance process. If they don't meet these criteria, perhaps they shouldn't be flagged as high or critical in severity. Crafting customized policies can be tricky. Take creating our own, for instance. It requires a deep dive into the customization options, as the language used can be complex and demands a certain level of skill. Since Sentinel's acquisition of PingSafe, there has been a decline in both the frequency of new releases and the quality of support. Previously, PingSafe was known for its proactive approach. PingSafe utilizes additional modules besides CSPN. Ideally, there should be a correlation between these systems. This would ensure that the assets we review for vulnerabilities within PingSafe are consistent with those reviewed in CSPN. This consistency would simplify the process, allowing us to focus on a single review level. This level could be defined from a configuration perspective or by a compliance standard, such as the web application itself. If PingSafe migrates data, this correlation between systems would be especially beneficial to ensure continued integration with all modules.

When I joined my organization, I saw that PingSafe was already implemented. I started to use the tool's alerting features and dashboard functionalities. Considering how much I used the product, I don't see any areas in it where improvements are required since everything seems fine. Sometimes, there are alerts that don't have proper messaging attached. The tool can improve the alerting notifications. In PingSafe, the alerts also show the affected resource that has a particular issue, but sometimes, the account shows as not applicable, and it isn't very helpful since you need to know the account the tool aims to point out. The alerting system of the product is an area that I look at and sometimes get confused about. I feel the alerting feature needs improvement.

I am unsure as to what kind of subscriptions my company has taken from PingSafe. I am not sure about what other things are there in the product that can help our company. Based on whatever subscriptions related to the product my company has taken, I can say that though one of the security groups is open to my company's premises, it still stays that it is open, which, for my company, makes it secure, but for PingSafe, it is not secure, so I am not pretty sure about how it can check and update it. I am not sure if a feature to deal with the aforementioned area already exists in the solution and if my company has not taken a subscription to use it. Let us assume that there is a ticket that states that one port is vulnerable in the security groups from AWS since it is exposed to the public. When the tool states that it is exposed to the public, it means that it is exposed to the IPs in the company premises and not the public. Let us assume that there is a database that is exposed to all the IPs in an office. If I have 10 to 12 sets of IPs, I can use them for 10 to 12 Wi-Fi or VPN connections, and it is exposed on the company premises, but the tool states that it is exposed to the public and that the company needs to shut it down. My organization needs to expose the database so that our development team can access it over our office IPs. If you do not expose the database to office IPs, the development team cannot access DBs to manipulate or check data. In general, the database is exposed to the office IPs, not to the public, but the tool states that it is exposed to the public since it cannot identify whether the IP is a public IP or office IP. I am not very sure if there is a setting in the product that allows the office to give its set of IPs to the tool, and scanning can be done through them so that the tool can identify if the resources are inside or outside of the IP range, according to which can state whether it is safe or not. In general, the tool should offer users the ability to mark IPs as public and private ones so that the product can identify them. It would be good if a customer could provide the tool with a set of ten IPs and state that it will be okay and secure if any of the resources are exposed to them since they are inside the office premises. One of the issues with the product stems from the fact that it clubs different resources under one ticket. If I have 10 resources in 10 accounts, there might be a problem if, from those 10 accounts, 5 resources have the same issues and they get clubbed together under a single ticket, which makes it somehow a difficult process since I have to get inside the ticket to get the resources and the account details.

We'd like to have better notifications. We'd like them to happen faster. It can take too much time to detect and then see the issue.

They could have more comprehensive reporting. I'd like to see more details. We've found a lot of false positives. It has not helped us reduce our level of false positives. We'd like them to work on integration between networks. If I deployed the solution with another layer of security, they can't talk to each other. PinGSafe basically needs to integrate with more tools, especially on the security side.

We deployed PingSafe for AWS and Oracle Cloud but we encountered issues with Oracle Cloud. The integration with Oracle has room for improvement.

I'm not convinced that PingSafe's features offer significant value for our SecOps team. While it might be useful for stakeholders and management to have a tool that aligns with business goals and provides insights, we could potentially achieve this with open-source CSPM tools. In its current state, I don't see PingSafe directly addressing our specific needs. While agentless vulnerability scanning is a positive feature, PingSafe lacks the ability to effectively group and customize the provided metrics. This creates a significant limitation, as we cannot easily create the specific metrics that are most useful for our needs. For example, if we want to group a specific set of metrics by a particular label or namespace, there is no straightforward way to do so within PingSafe. The UI offers visualizations for the provided metrics, but it lacks the functionality to segregate and customize them. This inability to create user-defined metrics is a major drawback of PingSafe. PingSafe helped reduce the number of false positives in the previous version of PingSafe 1.0. Users reported a high volume of false positives with the newer version, and it wasn't clear how PingSafe 2.0 would address this issue. Additionally, users have to manually mute many false positives in PingSafe 2.0, which is a significant drawback. I would rate PingSafe's mean time to detect ability a 6 out of 10. While Cloud Security Posture Management tools offer valuable functionality, selling a product solely based on open-source CSPM solutions can be challenging. To differentiate themselves, PingSafe should focus on two key areas: security and workload protection within the CI/CD pipeline. Firstly, PingSafe needs to provide robust security features beyond basic CSPM capabilities. This could involve advanced threat detection and mitigation functionalities. Secondly, workload protection within the CI/CD pipeline is crucial. Here, PingSafe should offer insightful metrics that are well-organized and allow for user customization. This means providing granular control over metric segmentation. Users should be able to define their own metrics and choose how they want them aggregated. Ideally, PingSafe should allow users to import custom metrics and create custom segregations based on their specific needs, such as namespaces or custom levels. For example, if PingSafe gathers metrics from Kubernetes clusters, users should be able to define their own metrics alongside the pre-defined ones and organize them into relevant categories. This level of customization allows stakeholders to focus on the metrics that matter most to them, potentially reducing the overwhelming volume of data from thousands of records to a more manageable set of hundreds. In conclusion, PingSafe should prioritize UI improvements and offer advanced data segregation capabilities to truly stand out in the marketplace. This will empower users to tailor their security posture management experience to their specific needs. PingSafe's current documentation could be improved to better assist customers during the cluster onboarding process. Providing comprehensive documentation with clear and abundant examples would greatly enhance the user experience for new customers. This would empower them to set up their clusters efficiently and effectively.

The categorization of the results from the vulnerability assessment could be improved.

Under the containers section, we have a cluster. It is a link between the organization and PingSafe. We don't get any notifications from PingSafe when the clusters are down. The PingSafe database doesn't receive any updates. It doesn't trigger any alerts. We must check things manually. It must be improved in future releases. If notifications are available, then it will be more helpful, easy, and time-saving. We can easily contact the team, check why the cluster is down, and restart things.

Based on our application requirements, we discussed some improvement points with the PingSafe team. However, after the new updates, what we asked for was not implemented. The exceptions we requested from the PingSafe team were not included in the console. When we request any changes, they must be reflected in the next update.

PingSafe takes 4-5 hours to detect and highlight an issue, and that time should be reduced. Sometimes, the solution shows false alerts. The comments section has also been turned off for the last 10 to 15 days. These are the two issues I'm facing right now in PingSafe.

When you find a vulnerability and resolve it, the same issue will not occur again. I want PingSafe to block the same vulnerability from appearing again. I want something like a playbook where the steps that we take to resolve an issue are repeated when that issue happens again.

I would like PingSafe to add real-time detection of vulnerabilities and cloud misconfigurations.

There's room for improvement in the graphic explorer. We'd like something that helps us visualize traffic between different ports and containers. Currently, we can see host networking, like communication between instances or perhaps within Kubernetes. However, we're looking for a tool that can also visualize port-to-port communication and display it as a graph. This would give us a clearer picture of our network traffic and help strengthen our network security. The dashboard currently displays CVEs, but it would be beneficial to receive proactive email notifications in addition to this. I would also like to have runtime security in PingSafe.

PingSafe can improve by eliminating 100 percent of the false positives. Another area of improvement is for PingSafe to auto-remediate the alerts.

We encountered issues with some of the configured security rules. The vulnerability recommendations provided by PingSafe were inaccurate. In some cases, the rules are strictly enforced but do not align with real-world use cases. To address this, I recommend revising the security rule definitions to better reflect practical scenarios and provide clearer explanations. We encountered a problem with PingSafe. They required a broad security policy, but we requested that they implement least privileged access and grant fewer permissions than they initially required. It took them over six months to respond to our request.

I used to work on AWS. At times, I would generate a normal bug in my system, and then I would check PingSafe. The alert used to come after about three and a half hours. It used to take that long to generate the alert about the vulnerability in my system. If a hacker attacks a system and PingSafe takes three to four hours to generate an alert, it will not be beneficial for the company. It would be helpful if we get the alert in five to ten minutes. Another issue was that when there was a new alert, I did not get an email or notification on my personal email. I had to log in and refresh the screen to check if any new alerts came. It would be beneficial if an email or a notification could be sent to a personal email or mobile number. We had a few false positives. For example, for Amazon EBS volumes, PingSafe sometimes used to give an alert saying that an EBS volume was created in the East US region, whereas no EBS volume was created. It was a false alert. We discussed these false alerts with the PingSafe team and gave them feedback. We muted those alerts, but such a thing should not happen. However, the number of false positives reduced over time. Initially, if we had 10 false positives, then later on, we had only one or two. They can enhance the dashboard and make it more user-friendly. They can also provide more information in the alerts about remediation.

Its reporting is bad. I export CSV. I cannot export graphs. Restricting it to the CSV format has its own disadvantages. These are all machine IP addresses and information. I cannot change it to the JSON format. The export functionality can be improved. The graphical representation of different resources is super cool, but the problem is that you cannot do anything with it. For example, if you just take the subnets and VPN and put them in a diagram, it becomes so big. I pretty much cannot use it. There is no point. If I am drawing a graph or bringing up a graph, but I am not able to show it to a person, what is the use of that? It is pointless. Its scalability can be improved.

For vulnerabilities, they are showing CVE ID. The naming convention should be better so that it indicates the container where a vulnerability is present. Currently, they are only showing CVE ID, but the same CVE ID might be present in multiple containers. We would like to have the container name so that we can easily fix the issue. This is a feature request that we have. We are trying to get that done as soon as possible.

We wanted it to provide us with something like Claroty Hub in AWS for lateral movement. For example, if an EC2 instance or a virtual machine is compromised in a public subnet based on a particular vulnerability, such as Log4j, we want it to not be able to reach some of our databases. This kind of feature is not supported in PingSafe. If there is any virtual machine running on your public subnet, it is accessible outside your network. It is accessible via the Internet. If it has any Log4j or remote accessibility vulnerability, the attacker would be able to access the machine. From the private machine, the attacker can do NS Lookup and reach our DBs. It creates a channel for vulnerabilities. Such a feature is not present in PingSafe.

It is a very secluded solution. It works only as CNAPP. It does not bring much threat intel from the outside world. All it does is scan. If it can also correlate things, it will be better. It can discover the threats from the outside world. It can discover the threats or vulnerabilities happening across those assets. If it can bring that in and evaluate, it will be good.

In terms of ease of use, initially, it is a bit confusing to navigate around, but once you get used to it, it becomes easier. Initially, I had problems finding a few things and creating the policies. It was a bit difficult for me, but after going through the documentation, it got easier. I was checking the IaC checks that they have, and they can add something for auto-remediating IaC. They can integrate something that will help auto-remediate on IaC and make needed changes to the code. They can also integrate something like CoPilot. Other than that, I do not have any input. They have covered quite a bit. They are doing a good job. The features are good for what we are using it for right now.

There should be more documentation about the product. Sometimes we have to go to customer support to get clarification.

They could improve their mean time to detect. It's good, however, it could be lowered further. Detection should be in near real-time. We need these alerts fast as security is our greatest concern. They could improve reporting and offer better, faster notifications.

It can be complex to use at the outset. They could have better support. We've had support issues in the past. They need more experienced support personnel.

There is a bit of a learning curve for new users. The ease of use could be better. We've had an issue where we muted a false positive, however, when we made some changes to a cloud configuration, it popped up again. So it hasn't really reduced false positives; you just need to manually ignore them.

We'd like the integration with Jira to be stronger in some areas. For example, we'd like to be able to create multiple tickets for multiple instances. Right now, we can only create one ticket and cannot be specific enough. There's no way to create multiple tickets. It's very difficult to assign multiple teams the same Jira ticket. Scanning capabilities should be added for the dark web.

We've had a glitch in PingSafe where it has fed us false positives in the past. Sometimes, it takes a few hours to detect a misconfiguration. It would be ideal if that happened faster. Detections should happen in minutes, not hours.

They could improve on their UI. Sometimes it's not clear where to look when seeking information. Support often can direct us by giving us the correct link to what we are looking for. I'd like to see better onboarding documentation. If we want to be able to integrate something new, such as new assets, it can be difficult.

I want PingSafe to integrate additional third-party resources. For example, PingSafe is compatible with Azure and AWS, but Azure AD isn't integrated with AWS. If PingSafe had that ability, it would enrich the data because how users interact with our AWS environment is crucial. All the identity-related features require improvement.

The resolution suggestions could be better, and the compliance features could be more customizable for Indian regulations. Overall, the compliance aspects are good. It gives us a comprehensive list, and its feedback is enough to bring us into compliance with regulations, but it doesn't give us the specific objects.

We use PingSafe and also SentinelOne. If PingSafe integrated some of the endpoint security features of SentinelOne, it would be the perfect one-stop solution for everything. We wouldn't need to switch between the products. At my organization, I am responsible for endpoint security and vulnerability management. Integrating both functions into one application would be ideal because I could see all the alerts, heat maps, and reports in one console.

When we get a new finding from PingSafe, I wish we could get an alert in the console, so we can work on it before we see it in the report. It would be very useful for the team that is actively working on the PingSafe platform, so we can close the issue the same day before it appears in the daily report.

PingSafe is an excellent CSPM tool, but the CWPP features need to improve, and there is a scope for more application security posture management features. There aren't many ASPM solutions on the market, and existing ones are costly. I would like to see PingSafe develop into a single pane of glass for ASPM, CSPM, and CWPP. Another feature I'd like to see is runtime protection.

I would like PingSafe's detections to be openly available online instead of only accessible through their portal. Other tools have detections that are openly available without going through the tool. We have one feature request that we've already discussed with PingSafe. We want a category feature for exceptions that developers have already accepted. We don't want PingSafe to identify the issue next time because the developer has already done the risk assessment.

I wish PingSafe provided clearer solutions or remediation steps. The recommended actions aren't always specific, so it might suggest recommendations that don't apply to the particular infrastructure code I'm reviewing. I would appreciate the ability to customize the severity levels in PingSafe as the current defaults do not meet my needs.

PingSafe can be improved by developing a comprehensive set of features that allow for automated workflows. While the current dashboard is functional, it could be made more actionable by incorporating additional functionalities. For instance, drag-and-drop functionality would simplify the creation of integrations. Additionally, valuable data can be retrieved from the platform using APIs and displayed on the dashboard, potentially using tools like Tableau for visualization. This is just one example, but it highlights the potential for expanding PingSafe's capabilities by enabling greater integration with other tools, even those not currently supported.

There is room for improvement in the current active licensing model for PingSafe. As both a customer and service provider, I believe a more comprehensive package could be developed that would be mutually beneficial. I recommend including endpoint monitoring functionality in a future release of PingSafe. While we currently scan our endpoints manually through an external vendor, integrating this capability within PingSafe would offer significant advantages. Additionally having real-time detection of malicious activity in our network would be beneficial.

Customized queries should be made easier to improve PingSafe.

There is a bit of a learning curve. However, you only need 2 to 3 days to identify options and get accustomed. They could separate or differentiate between different kinds of frameworks.

We can customize security policies but lack auditing capabilities. Ideally, we should be able to review logs and track user access.

We requested additional capabilities as we began deploying and scanning beyond the initial setup. Specifically, we wanted the ability to: * Continuously monitor configurations 24/7. * Gain immediate visibility of all assets as they are deployed and ensure they are included in the system. * Identify underlying configuration issues. Another valuable enhancement is compliance management for various standards like ISO, PCI, HIPAA, GDPR, etc. As organizations move to the cloud, a cloud posture management tool that offers complete cloud visibility becomes crucial for maintaining compliance. One area for improvement could be the internal analysis process, specifically the guidance provided for remediation. While the classification system itself might be industry standard, the remediation steps could be more specific. A vulnerability might be critical according to the scoring system, but its urgency depends on the context. For instance, a critical vulnerability signed by PingSafe or any other product might be less urgent if it affects a non-production development environment undergoing UAT compared to a production environment.

While only 5 percent of our workload resides on the Google Cloud Platform, we would still like PingSafe to be configured with automatic remediation capabilities for GCP. In Prisma, there's a dedicated tab for managing high and medium-severity alerts. This allows us to easily enable or disable specific policies based on our current needs. With PingSafe, we can't selectively enable or disable alerts based on our specific use case.

They can add additional modules to see scanning alerts. Adding additional modules will give us a better view. They can work on policies based on different compliance standards. They can add more modules to the current subscription that we have. If they can merge some of the two modules, it would be great. For example, if they can merge Kubernetes Security with other modules related to Kubernetes, that would help us to get more modules in the current subscription.

In addition to our telecom and Slack channels, it would be helpful to receive PingSafe security notifications in Microsoft Teams.

Maybe container runtime security could be improved. But with the acquisition by a bigger company, things might roll out faster, potentially including this feature.

There's an array of upcoming versions with numerous features to be incorporated into the roadmap. Customers particularly appreciate the service's emphasis on intensive security, especially the secret scanning aspect. During the proof of concept (POC) phase, the system is required to gather logs from the customer's environment. This process entails obtaining specific permissions, especially in terms of gateway access. While most permissions for POC are manageable, the need for various permissions may need improvement, especially in the context of security.