One area for improvement is clarity in the results column of vulnerability reports. Currently, the path where the vulnerability lies is not clear, so Vulcan needs to work on specifying the correct path or vulnerability result. Another improvement needed is in sending notifications directly from the tool. Even though the option exists, the process is tedious because I must manually input a lot of information. These are the two areas that should be improved.
We wish we had more insights into how they weigh the risks associated with the threat intel. It's pretty good at triaging risks. However, it's been touch and go. Some of the recent data has been off. Some of the dates have been incorrect. In terms of the the way Vulcan Cyberseparates the CVEs from the QIDs, some of those CVEs are actually no longer active on the network, yet from time to time, it will state that it has detected those vulnerabilities. More training resources are necessary. Better training, documentation, and videos would be beneficial. While the features aren't entirely new, not many companies offer them, so many people aren't aware of their capabilities. When using the tool, there isn't sufficient training available. The main support is based in Vulcan Cyber, and their work schedule doesn't align with ours, as they are off on Fridays and Saturdays. We've faced situations where we required support on a Friday, and support wasn't available.
Monitoring of the evolution of campaigns and perhaps having more customized options for monitoring them would be great. They have an option called Campaigns when creating a campaign for a specific stakeholder. Having it more customized or providing more customization options for me would be beneficial.
It would be extremely helpful to have a community group for the product. I have mentioned this to our account manager. We have community support with several other products, and it allows us to learn best practices or examples from other organizations using the same product. Additionally, while most of the documentation around the product is quite good, it would be beneficial to have examples of possible scenarios, such as creating an integration with a ticketing system. Providing real-world examples of how to construct a ticket format for Jira, Azure DevOps, or ServiceNow with specific examples would help us understand how it might work in our environment. Part of the reasons we selected Vulcan was to bring data sources and duplicate the information; however, we've had issues where it doesn't do that. For example, if there is a vulnerability, if it finds that in three different locations on the same device, it doesn't duplicate them effectively and increases the account instead of consolidating it into a single vulnerability that has three different actions. So it skews the counts that we have when we're looking at the volume of vulnerabilities. It misrepresents the number of assets that are affected. For example, if we've got a vulnerability that affects assets, and if one of the assets has three different folders where that vulnerability or the piece of software is, the solution counts that as three different assets. It gets confusing. It's telling us we have more assets than we actually have. When we raise a vulnerability campaign that gets created into an Azure DevOps ticket, one of our requirements is to allow updates to flow back into Vulcan to help us understand the status of a campaign. That is a piece of information that is currently missing, and we've requested this capability pretty much from day one. Right now, it means when we're working through those vulnerabilities with our infrastructure team (who are responsible for fixing them), we're revisiting the same vulnerabilities to find out what's going on with that vulnerability. We don't see any information about that campaign since what we actually wanted as part of the solution is the ability for them to send that and document the updates in DevOps tickets and for that information to flow back into Vulcan so that we can see that information, and we don't have to kind of visibility.
There are areas for improvement. Initially, when onboarding Vulcan Cyber, the setup and configuration was more complex than expected with a user-friendly approach. This aspect can be enhanced. An important area is performance and speed, as Vulcan Cyber often lacks speed when exporting reports. The team might have to work on scaling up servers. When we click on a vulnerability, it takes ten seconds to pop up a window and show the entire content. Instead of that, they can put a down arrow, and all the details should be shown on clicking the arrow. This will prevent that ten-second delay. Another area for improvement is providing support and documentation for their tool. Users should have access to easy-to-understand trial documentation for reference.
Improvements are needed in providing more concise details on how to apply remedies for particular vulnerabilities. I would like to have more information about the remedies for particular vulnerabilities so that we do not have to go through the CVE numbers and relevant pages to check for a particular vulnerability and its remedy. A more detailed view of how the remedy should be applied to a particular asset would be good. Overall, it is pretty simple to check the vulnerabilities and view the remedies, but we need to do some additional research online to review exactly what to do to mitigate those issues. It would be beneficial if the platform allowed remote access to devices for immediate remedies. Rather than logging in manually on the device, we should be able to remote in through the Vulcan Cyber application. They could also include features for backups and disaster recovery.
We have already requested Vulcan several features. Mainly, what I would like from them is more maintenance of the different connectors they have in the platform. You can connect different sources and different security scanners to the platform, so you get all the data ingested into Vulcan, but some of these connectors are not maintained to the latest updates by different vendors. For example, if you have a new update on the Azure connector, sometimes, it does not work correctly or as expected just because Vulcan has not updated the connector from their side.
Vulcan Cyber is used by leading cyber security organizations to manage exposure risk created by unmitigated infrastructure, application, code and cloud vulnerabilities.
The Vulcan Cyber ExposureOS starts by correlating and normalizing risk and asset data aggregated from hundreds of vulnerability scanners, asset repositories and threat intelligence feeds. These signals are then used to create a singular view of your organization's attack surfaces to make exposure risk and vulnerability...
One area for improvement is clarity in the results column of vulnerability reports. Currently, the path where the vulnerability lies is not clear, so Vulcan needs to work on specifying the correct path or vulnerability result. Another improvement needed is in sending notifications directly from the tool. Even though the option exists, the process is tedious because I must manually input a lot of information. These are the two areas that should be improved.
We wish we had more insights into how they weigh the risks associated with the threat intel. It's pretty good at triaging risks. However, it's been touch and go. Some of the recent data has been off. Some of the dates have been incorrect. In terms of the the way Vulcan Cyberseparates the CVEs from the QIDs, some of those CVEs are actually no longer active on the network, yet from time to time, it will state that it has detected those vulnerabilities. More training resources are necessary. Better training, documentation, and videos would be beneficial. While the features aren't entirely new, not many companies offer them, so many people aren't aware of their capabilities. When using the tool, there isn't sufficient training available. The main support is based in Vulcan Cyber, and their work schedule doesn't align with ours, as they are off on Fridays and Saturdays. We've faced situations where we required support on a Friday, and support wasn't available.
Monitoring of the evolution of campaigns and perhaps having more customized options for monitoring them would be great. They have an option called Campaigns when creating a campaign for a specific stakeholder. Having it more customized or providing more customization options for me would be beneficial.
It would be extremely helpful to have a community group for the product. I have mentioned this to our account manager. We have community support with several other products, and it allows us to learn best practices or examples from other organizations using the same product. Additionally, while most of the documentation around the product is quite good, it would be beneficial to have examples of possible scenarios, such as creating an integration with a ticketing system. Providing real-world examples of how to construct a ticket format for Jira, Azure DevOps, or ServiceNow with specific examples would help us understand how it might work in our environment. Part of the reasons we selected Vulcan was to bring data sources and duplicate the information; however, we've had issues where it doesn't do that. For example, if there is a vulnerability, if it finds that in three different locations on the same device, it doesn't duplicate them effectively and increases the account instead of consolidating it into a single vulnerability that has three different actions. So it skews the counts that we have when we're looking at the volume of vulnerabilities. It misrepresents the number of assets that are affected. For example, if we've got a vulnerability that affects assets, and if one of the assets has three different folders where that vulnerability or the piece of software is, the solution counts that as three different assets. It gets confusing. It's telling us we have more assets than we actually have. When we raise a vulnerability campaign that gets created into an Azure DevOps ticket, one of our requirements is to allow updates to flow back into Vulcan to help us understand the status of a campaign. That is a piece of information that is currently missing, and we've requested this capability pretty much from day one. Right now, it means when we're working through those vulnerabilities with our infrastructure team (who are responsible for fixing them), we're revisiting the same vulnerabilities to find out what's going on with that vulnerability. We don't see any information about that campaign since what we actually wanted as part of the solution is the ability for them to send that and document the updates in DevOps tickets and for that information to flow back into Vulcan so that we can see that information, and we don't have to kind of visibility.
There are areas for improvement. Initially, when onboarding Vulcan Cyber, the setup and configuration was more complex than expected with a user-friendly approach. This aspect can be enhanced. An important area is performance and speed, as Vulcan Cyber often lacks speed when exporting reports. The team might have to work on scaling up servers. When we click on a vulnerability, it takes ten seconds to pop up a window and show the entire content. Instead of that, they can put a down arrow, and all the details should be shown on clicking the arrow. This will prevent that ten-second delay. Another area for improvement is providing support and documentation for their tool. Users should have access to easy-to-understand trial documentation for reference.
Improvements are needed in providing more concise details on how to apply remedies for particular vulnerabilities. I would like to have more information about the remedies for particular vulnerabilities so that we do not have to go through the CVE numbers and relevant pages to check for a particular vulnerability and its remedy. A more detailed view of how the remedy should be applied to a particular asset would be good. Overall, it is pretty simple to check the vulnerabilities and view the remedies, but we need to do some additional research online to review exactly what to do to mitigate those issues. It would be beneficial if the platform allowed remote access to devices for immediate remedies. Rather than logging in manually on the device, we should be able to remote in through the Vulcan Cyber application. They could also include features for backups and disaster recovery.
We have already requested Vulcan several features. Mainly, what I would like from them is more maintenance of the different connectors they have in the platform. You can connect different sources and different security scanners to the platform, so you get all the data ingested into Vulcan, but some of these connectors are not maintained to the latest updates by different vendors. For example, if you have a new update on the Azure connector, sometimes, it does not work correctly or as expected just because Vulcan has not updated the connector from their side.