SentinelOne Singularity Cloud Security Reviews

My company uses Cloud Native Security as our CSPM solution to discover vulnerabilities in cloud-based configurations. We take alerts from Cloud Native Security and forward them to the DevOps team to remediate them manually. 

Cloud Native Security helps reduce the number of false positives we receive. We receive notifications and alerts from various channels, such as AWS CloudTrail and Microsoft Defender. These products generate alerts based on their policies. I can feel confident that Cloud Native Security isn't giving any false positives. We get a few, but they are rare, and I can immediately alert the team to redefine their policies. 

Cloud Native Security's most valuable feature is its offensive security engine. I have worked with many CSPM solutions. What sets Cloud Native Security apart is the security engine's ability to provide evidence about the potential for vulnerabilities to be exploited or endpoints exposed with credentials.  

The evidence-based reporting is helpful. It shows us all these details that help us do more research. We are working with various stakeholders to remediate those misconfigurations immediately. No other solutions provide this feature. We can research other resources affected by the same kind of vulnerabilities or misconfigurations. We can prioritize fixing them and work on them immediately. That's beneficial to everyone on the team, and they are learning a lot with this feature from Cloud Native Security itself.

While Cloud Native Security is mostly easy to use, the interface has a few trouble areas. We have faced some challenges with filtering. The Cloud Native Security team is working on that, and they're fixing it immediately. They take feedback seriously. There is no break-glass account feature. They should implement this as soon as possible because we can't implement SSO without a break-glass feature. 

We have been using Cloud Native Security for one year.

Cloud Native Security is stable. 

I rate Cloud Native Security 9 out of 10 for scalability. There is no lag, and the application doesn't break down. 

I rate Cloud Native Security support 8 out of 10. We contacted them about adding some policies and creating plugins based on our requirements. 

Positive

We previously used Prisma Cloud. Each has its own feature set. Prisma is on a higher level, and Cloud Native Security is a startup that's building its feature set and taking feedback from all the customers. That's one advantage Cloud Native Security has. They're responsive to feature requests. If I suggest a feature for Prisma, I will need to wait until the next release on their roadmap. Cloud Native Security will add it right away.

Deploying Cloud Native Security wasn't too easy or difficult. It was manageable. I did the deployment by myself. I'm the Cloud Native Security admin for my organization responsible for onboarding all the cloud accounts for AWS, GCP, and Azure. 

We also looked at Orca Security. Like Prisma, Orca is one of the top solutions on the market. Most of the CSPM solutions have the same features. Cloud Native Security stood out for two reasons: One is the offensive security engine. That is the main thing. The second thing Cloud Native Security offers is evidence-based reporting. That helps us a lot. These two features are unique, which is why we chose Cloud Native Security. 

I rate Cloud Native Security 7 out of 10. 

We use the solution basically for AD protection. We get to see at a deeper level the different processes that are being run on computers.

We've been able to stop any potential malicious actions that are being taken on various computers.

Their detection of potentially malicious stuff is probably the most beneficial feature and their new Singularity XDR is an awesome platform.

The solution's real-time detection and response capabilities are very good. Pretty much anytime that there is something that we might see as potentially malicious is caught. Depending on the type of computer it is, it does a great job of blocking those actions that are being taken. 

It's really easy to configure enterprise-wide, which actions we want to stop. It's very easy to stop malicious stuff.

The solution's automated remediation is really good. We're doing the rollback also now. That way, if something does happen, it's able to roll back to the state before the process happens.

The solution's forensic visibility into our Linux kernel in regards to deep visibility is really good. It is very granular. It's able to show everything that it did. 

The historical data record provided by the solution after an attack is great. You're able to search by different computers. You can get a whole scope of computers - as much as you want. You're able to get as granular as you want as well and can identify different cross processes than indicators and different files that were launched during a period of time.

It helped reduce our organization's mean time to detect very significantly. We had Endgame before this. It did not stop the processes in a manner of time that you would like it to. This definitely improved our response time to anything that we saw. It's very fast. It's improved the response time by 50% to 75% from just detection time to our response. 

The solution reduced the organization's mean time to remediate. It is as fast as the potentially malicious process that's launched. It'll stop it right then and there. It'll remediate the action immediately. 

It helped free other staff to work on other projects or other tasks. We basically just had to do a bunch of upfront configuring. With it, we do not have to spend as much time in the console.

The solution's impact on your organization's productivity has been impressive. We just had to put a bunch of time upfront. However, ever since then, we haven't had to really do much there besides analyzing threats.

There's the singularity marketplace, which they've expanded a bunch. However, there are some other APIs that I'd like to see. We'd like to be able to connect to them from a SIM perspective.

The Automation tab is an add-on that doesn’t work properly. They provide a list of scripts that don’t work and I have asked support to assist but they won’t help. When running on various endpoints the script doesn’t work and if it does, it’s only a couple. There are a lot of useful scripts that would be beneficial to run forensics, event logs, and process lists running on the endpoint.

I've used the solution for about a year and a half.

The stability is very good. I'd rate stability ten out of ten. I've never had issues. It's never been down. 

We have four different properties on which agents are one and 1,700  workstations as well as 250 servers. 

The product is scalable. We have about 2,000 endpoints. If we had 4,000 or 10,000 it really wouldn't be an issue. It's just a matter of configuring your groups. It's good at autoscaling based on workload demands. 

Technical support is really good. Whenever a threat comes into our environment, they will comment and give analysis. That's been very helpful in covering items we're not totally sure of. 

Positive

I previously used a different solution called Endgame. We did a POC with Crowdstrike and SentinelOne and SentinelOne was a much cleaner, easier-to-use console.

The initial setup did take some understanding on our part of how we wanted to split and group. We needed to figure out how to split our servers and workstations. That was the hardest part. After that, we had to get our policies in order. 

We were able to get everything up within a week to where we were comfortable with how everything was running. We're still tweaking little things. 

We had three people on our team and two people from professional services. 

Maintenance is minimal, such as adding exclusions to threats or alerts. 

We did initiate the setup with professional services. 

We have noted a good ROI and haven't had a single incident since implementing the solution. 

The solution is fairly priced for what they're offering especially compared to other platforms. It gives you great visibility into the different processes that are running on different computers. It's fairly priced, especially for a cloud platform.

We are customers and end-users.

If someone doesn't think they need a singularity cloud workflow protection platform because they have a continuous security monitoring solution, I'd say it depends on whether you're able to block potentially malicious stuff or not. This solution gives you just about the fastest understanding from a machine-learning perspective. 

This is much better than our previous solution. They've innovated a lot in terms of their deep visibility and singularity XDR (which is more granular).

I'd advise potential users to do a POC no matter what. That said, this is a great product. I rave about it to everybody. It's likely my favorite product for our environment.

I'd rate the solution ten out of ten. 

SentinelOne Singularity Cloud is on our computers and servers, mainly for threat hunting. I use it to ensure our devices remain healthy and are virus-free, ransomware-free, and threat-free.

We've felt more comfortable having SentinelOne Singularity Cloud because we've had a safer environment. The benefits from the platform were immediate.

What is most valuable in SentinelOne Singularity Cloud is that it can detect any threat on a machine or is being installed on a machine, so it is a platform that helps keep the environment safe.

I also found the real-time detection and response capabilities of SentinelOne Singularity Cloud impressive because it is a platform that uses artificial intelligence to determine what is normal and what is abnormal and can lock down any virus it may encounter.

SentinelOne Singularity Cloud has good automated remediation capabilities. It can catch threats that other antiviruses do not.

The platform also has a very good deep visibility feature, enabling you to run scans and find what you need.

SentinelOne Singularity Cloud provides excellent historical data to find what you need.

The platform reduced my organization's mean time to detect and mean time to remediate anywhere from a week to sixty days.

SentinelOne Singularity Cloud also helped free up SOC staff, enabling staff to work on other projects or tasks. Through the platform, the team does not have to spend as much time trying to go through different objects on the machines manually.

SentinelOne Singularity Cloud hasn't had a direct, everyday impact on my organization's productivity. What it has an impact on is uptime whenever there is a threat on a computer because it blocks it.

The platform has good interoperability with third-party solutions and integrates smoothly.

SentinelOne Singularity Cloud is able to support my organization's ability to innovate. It is good in that aspect, though I have yet to work with that extensively.

SentinelOne Singularity Cloud sometimes has false positives, but the main area for improvement I want to see is for it to become less resource-intensive. Right now, it can slow down processes on the machine, and it would be a massive improvement if it were more lightweight than it currently is.

I've been working with SentinelOne Singularity Cloud for about three years.

I found SentinelOne Singularity Cloud stable.

SentinelOne Singularity Cloud is scalable, and it is pretty seamless in terms of autoscaling based on my organization's workload demands.

I have not contacted the SentinelOne Singularity Cloud technical support team.

My organization used Windows Defender but switched because SentinelOne Singularity Cloud was more robust.

Due to its notifications, you can also have the turnout time of obtaining telemetry data from SentinelOne Singularity Cloud automatically, so you do not have to watch it constantly to see the data. The platform automatically shuts down the computer, takes it off the network, and then reports to you versus Windows Defender, which requires you to do a little more research into the items, as it did not provide as much information.

I was involved in the initial setup of SentinelOne Singularity Cloud, which I found pretty straightforward.

We worked with a consultant in implementing SentinelOne Singularity Cloud.

Only two people were involved, and the process took about two weeks.

I believe there is ROI from SentinelOne Singularity Cloud because of its impact on productivity through its ability to remediate and self-resolve some of the items.

I have no information on how much SentinelOne Singularity Cloud costs.

We did not evaluate other options before choosing SentinelOne Singularity Cloud.

If someone were to tell me that they do not believe they need SentinelOne Singularity Cloud because they have a continuous security monitoring solution in place, I would disagree because, with the SentinelOne Singularity Cloud platform, you can allow or disallow items within the machine. It automatically disconnects the machine from the network, helping you determine what is happening.

My organization works with the cloud version of the platform. It is deployed in multiple departments, and about four hundred users work with the endpoints.

SentinelOne Singularity Cloud requires maintenance, but it's not difficult to maintain.

Only one person takes care of the maintenance of the platform.

My advice to other users who would like to start working with SentinelOne Singularity Cloud is that I would highly recommend it based on its abilities and what it can find and remediate for you. It is easy to deploy and maintain, so I would tell others it is a solid platform.

My rating for SentinelOne Singularity Cloud is eight out of ten.

I use it to monitor and update my clients. We have about seventy users, which we run the client on, and we pretty much just monitor the activities and update the agents when possible. We use it to make sure that there are no viruses or malware on the user end, the endpoint machines. It's an antivirus.

We were looking for a solution that wasn't hard to manage and wasn't intrusive on the client end. We needed something users couldn't make changes to or take up too much CPU. We wanted to make sure that when we loaded this on the user machine it wasn't going to tax it. 

The ease of use is great.

The portal is great. It's not complicated. I can find what I need and it's straightforward. It's not over complicated. 

The real time detection and response capabilities are good. I did a lot of research before signing up and doing the demo. They have a good reputation as far as catching threats early on. 

They have an automated remediation feature that I have used. You can resolve issues on the portal. 

The forensic visibility into the Linux kernel is very good. It helps to catch things early on. They've been able to remediate situations pretty quickly.

The historical record after the attacks is informative. It gives me the information I need. It's done really well.

The solution has helped me free up time. I go maybe once a week to see a status and if I get any alerts via email, I'll action something. My users are pretty educated and I haven't had to really worry too much. There's barely anything getting caught as the staff is all very diligent.

When it catches something, we're able to quickly get a handle on it. It's doing its job and we haven't had to worry about any attacks.

There isn't anything I don't like. It's really easy to use, for example. 

Their search feature could be better. When I go in and try to search for stuff, it could be a bit easier. It can be a little cumbersome. 

I've been using the solution for two years. We're going to be renewing our contract soon. 

I've had no stability issues at all.  

It's easy to scale. Scaling is straightforward.

We're a non-profit, so we won't grow too much. We don't really have use for the auto scaling feature. However, the feature does make scaling easy for those who need to grow.

I've barely contacted technical support. I've only spoken to sales in regard to demos. I had to call support once when an agent didn't install correctly. I had them get a cleaner to remove it from the machine. That only happened once. They were very helpful and it was easy to contact them. I was done in ten minutes. 

Positive

I did previously use McAfee. When we had to renew, we were looking for something simple on the client end and pretty light. McAfee tends to tax the machine a bit. It had a clunky client as well. The reputation of Sentinel was also better than McAfee's. 

I was involved with the initial deployment. The setup was straightforward. I had no issues with the setup.

Outside of occasionally upgrading the agents, there is no maintenance needed. 

I handled the setup myself and my boss. 

The pricing and licensing are competitive. 

We were evaluating McAfee and Symantec and a few other companies. I can't recall the others. Sentinel just stood out. 

To those who have a continuous monitoring solution in place, I'd advise them to have something running on their client end as well. Otherwise, you don't have full coverage. 

I haven't really integrated the solution with any third-party solutions.

I'd rate the solution ten out of ten. It's straightforward and not that hard to work with. You don't have to do too much prep work before jumping in. It's an easy solution to implement. 

We primarily use the solution to monitor for vulnerabilities on our AWS account. We use it for alerts. 

The solution is a good alerting tool. 

It is easy to use. It's console-based, which is useful.

If any action is taken, we can easily get alerts generated for us. 

The infrastructure as code scanning is very easy to use. 

We've found the solution has helped us to reduce the amount of false positives. 

It's reduced the time we need to find vulnerabilities. 

It's helped us reduce our risk posture. The mean time to detect has been reduced. Mean time to remediate has also been lowered since it's good at detecting issues. 

PingSafe has helped improve the security between cloud security, application developers, and AppSec teams. With better notifications, the teams are more aware of what's happening. 

We'd like to have better notifications. We'd like them to happen faster. It can take too much time to detect and then see the issue. 

We've been using the solution for a while. 

The stability is good. there is no lagging or crashing. 

I'm not sure how scalable the solution is. 

I've never contacted technical support. My team might have based on the generation of false positives. 

I'm also aware of AWS CloudWatch. It is not easy to use in comparison to PingSafe. 

The initial deployment is easy. There is no maintenance needed on our end. 

I'm not aware of the exact pricing. 

I'm a customer. 

I'd rate the solution 8 out of 10.

It's important to learn about the solution first. However, it is easy to use and quick to pick up.

We utilize SentinelOne Singularity Cloud to safeguard our clients from viruses and to perform forensic analysis on threats.

We are a service integrator in the public sector in Italy, and we implemented SentinelOne Singularity Cloud because we lacked an antivirus solution.

The real-time detection and response capabilities of SentinelOne Singularity Cloud are excellent. We have implemented automated remediation on the Singularity platform. I have tested this on both our tenant and our customers' tenant, and we haven't encountered any issues with this method.

Singularity offers profound forensic visibility, which proves highly advantageous for in-depth analysis of events. Through a single console, we can observe comprehensive event details from start to finish.

The historical data record provided by Singularity after an attack is valuable. It allows us to identify any misconfigurations and has assisted us in rectifying errors during the deployment of group policies in Active Directory. This capability helps us manage group policies more effectively, particularly in terms of security policy deployment.

SentinelOne Singularity Cloud has been immensely helpful in mitigating issues for us. Our organization consists of approximately five hundred employees, including technicians and administrators, and Singularity has played a vital role in safeguarding our organization.

It has helped us reduce our MTTD. 

Singularity helps us reduce our MTTR.

We have saved time. The automatic remediation helped me a lot when an event occurred, as it analyzed and remediated the issue automatically. This saved a significant amount of time.

Singularity operates smoothly and does not cause our laptops to experience any performance degradation, which has been very beneficial.

Deploying SentinelOne Singularity Cloud is a simple process that requires only three clicks. 

The management console is highly intuitive to comprehend and operate.

The cost has the potential for improvement. I would appreciate it if the full edition could be made more affordable, allowing me to upgrade from the intermediate version.

I have been using SentinelOne Singularity Cloud for one and a half years.

SentinelOne Singularity Cloud is incredibly reliable. I have never come across a crash or experienced any downtime. I have never needed to initiate a support case.

The SentinelOne Singularity Cloud exhibits high scalability. We only need to incorporate licenses to facilitate scaling, eliminating concerns regarding servers or databases, as it functions as a cloud-based platform.

The initial setup is straightforward because the platform is cloud-based, allowing accessibility from anywhere, and deploying the agent is as easy as clicking three times.

Two people were involved in the deployment.

We are a system integrator and we implemented the solution in-house.

As a partner, we receive a discount on the licenses. Currently, we possess over 250 licenses, but there is potential for the licenses to become even more affordable.

We evaluated various products such as Trend Micro, Symantec, and Sophos. SentinelOne Singularity Cloud stood out among the solutions we evaluated as the easiest to manage and with the best performance.

I rate SentinelOne Singularity Cloud a nine out of ten.

SentinelOne is a novel form of endpoint detection and response that has assisted us in effectively managing our clients and servers. It provides us with substantial visibility and aids in safeguarding our infrastructure against emerging threats.

Regarding maintenance, I check the event logs every two weeks, in addition to reviewing emails, and I update the schedule to manage the agents.

The interoperability with third-party solutions is good. We don't have any compatibility issues.

SentinelOne Singularity Cloud is updated bi-weekly or monthly and the signature to the client is updated every two days.

Evaluating SentinelOne Singularity Cloud is made simple by installing the client and logging into the console.

We use PingSafe to identify threats and vulnerabilities in our AWS accounts and the compute resources that are hosted on those cloud accounts.

We implemented PingSafe to address network-related issues, such as communication between individual components (part-to-part or node communication). PingSafe's Graph Explorer feature also helped us understand the overall network landscape, including the attack surface. This feature allows us to discover and explore various components within our AWS environment. In essence, PingSafe helped us identify how different networks connect and how microservices within our system interact with each other.

We've implemented PingSafe across all our core companies, including acquisitions. Previously, managing separate AWS accounts for each company with dedicated DevOps and security teams was a significant challenge. PingSafe helped us consolidate these accounts into a single platform, simplifying the process. Now, we can easily track key security metrics. For instance, PingSafe provides frequent alerts for critical events such as publicly exposed instances or security groups with significant traffic changes from any source. Monitoring these elements across multiple accounts and security groups was previously difficult without a centralized platform. PingSafe has been instrumental in streamlining this process.

We recently made some changes to our information systems. PingSafe helped identify instances that were inadvertently made public. This identification is important for compliance purposes, as it allows us to track how well these public instances adhere to regulatory frameworks.

PingSafe's compliance monitoring capabilities have provided us with some benefits, particularly in understanding our overall security posture. However, it's important to note that PingSafe only monitors our cloud infrastructure. There might be internal deployments with compensating controls that address missing controls identified by PingSafe (e.g., control X is missing but mitigated by internal control Y). These internal controls wouldn't be visible to PingSafe. Therefore, while PingSafe provides a valuable starting point at the surface level, manual review is necessary to ensure complete compliance coverage.

PingSafe is easy to navigate. Its menus are straightforward and intuitive, making the overall user experience smooth.

One of the key benefits of PingSafe's evidence-based reporting is its proof of exploitability. This feature allows us to prioritize vulnerabilities that have been demonstrably compromised and take immediate action to mitigate the risks.

The offensive security engine feature constantly scans and lets us know if any vulnerabilities in our environment can be exploited. While the offensive security engine for verifying exploit paths and prioritizing breach control is valuable, it lacks context awareness. For instance, it might flag something we intentionally made public, like a new website for an upcoming event. In those cases, we can safely ignore the alert. Overall, the engine is a useful tool. We extract the information it provides and prioritize it. A dedicated team reviews the alerts and, if necessary, escalates them to our DevOps team for further action.

By centralizing cloud infrastructure monitoring with PingSafe, our security team's productivity, and MTTR have been significantly improved.

Over time PingSafe has reduced the number of false positives by 40 percent.

PingSafe has significantly improved our organization's risk posture. Since implementing it, we've been able to assess the risk associated with recently discovered CVEs much faster than before. This efficiency is due to PingSafe's proactive identification and scanning capabilities. Now, we start each day with a clear summary of potential risks, allowing us to prioritize effectively.

PingSafe has reduced our mean time to detection by 90 percent. This is because it scans every day and sends us real-time email alerts, allowing us to take immediate action.

PingSafe has reduced our mean time to remediation by 40 percent.

We have a dedicated channel where we collaborate with PingSafe and our internal teams.

The collaboration helped save our engineering time by 60 percent.

PingSafe's user interface and ease of use have had a positive impact on our security operations. For example, we recently needed a list of assets deployed in a specific GN in a cloud account for a particular incident. We went straight to PingSafe and were able to quickly obtain the assets along with a map of the security groups linked to them. The UI's simplicity helped us save significant time by eliminating the need to search for information manually.

Notifications about the latest vulnerabilities are a valuable feature. PingSafe automatically updates itself with the newest threats and scans our infrastructure across all integrated data accounts for them. This is helpful because it's difficult to keep up with the volume of CVEs, especially the critical ones.

The UI is responsive and user-friendly.

There's room for improvement in the graphic explorer. We'd like something that helps us visualize traffic between different ports and containers. Currently, we can see host networking, like communication between instances or perhaps within Kubernetes. However, we're looking for a tool that can also visualize port-to-port communication and display it as a graph. This would give us a clearer picture of our network traffic and help strengthen our network security.

The dashboard currently displays CVEs, but it would be beneficial to receive proactive email notifications in addition to this.

I would also like to have runtime security in PingSafe.

I have been using PingSafe for 7 months.

I would rate the stability of PingSafe 9 out of 10.

I would rate the scalability of PingSafe 8 out of 10. We can easily add new cloud accounts.

The technical support response time is good. For feature requests, they can be a little slow.

Positive

The time invested in security operations for threat detection and monitoring has yielded a return on investment of 70 percent. We've also seen a financial benefit by avoiding the need for additional staff to monitor and correlate all database accounts individually by 40 percent. PingSafe automates these tasks efficiently.

PingSafe is less expensive than other options.

I would rate PingSafe 8 out of 10.

We're planning to integrate PingSafe with our CI/CD pipeline and Slack. Currently, our only integration is with an email system, which means we receive alerts and notifications via email. We're evaluating the effectiveness of this approach. Integrating with tools like Jira or Slack could help manage the issue of false positives and notification overload, which currently requires the manual closing of alerts. We're still assessing the best course of action, but integration with Jira is a strong possibility.

Around 15 people from our security and DevOps teams use PingSafe. PingSafe is a SaaS that is integrated with our main company and all our acquisitions.

PingSafe does not require maintenance from our end.

I recommend PingSafe to others for its cloud security capabilities. I particularly appreciate its offensive security approach. Coming from an offensive security background, I find PingSafe excels at identifying real threats that we can address immediately. This proactive approach is a major advantage of PingSafe. While the defensive side might involve some assumptions and possibilities, I believe the offensive capabilities are the key reason we use PingSafe.

As a financial institution, we rely on PingSafe as our single source of truth for both CSVM and CWPP data. PingSafe provides us with essential security benchmarks, including those for Kubernetes deployments and CSVMs. It also allows us to monitor our overall cloud security posture and identify vulnerabilities for remediation. PingSafe serves as a centralized platform for all our cloud security metrics.

We rely on PingSafe for all our reporting needs. It serves as a comprehensive tool for vulnerability management, ISC management, and reporting on hard-coded secrets. Additionally, it functions as a source for vulnerability identification.

The security engine provides a large vulnerability database. While it's not exhaustive, it's a valuable resource due to its significant size and well-organized data. This database allows for effective security management and vulnerability identification.

I would rate PingSafe's meant time to remediation abilities a 10 out of 10.

PingSafe helps the collaboration between our cloud security app developers and AppSec team.

The user interface is well-designed and easy to navigate. Our security team relies on it for several tasks. They can use it to retrieve Jira tickets and assign them to the appropriate teams for resolution. This functionality helps them identify and address vulnerabilities efficiently.

I'm not convinced that PingSafe's features offer significant value for our SecOps team. While it might be useful for stakeholders and management to have a tool that aligns with business goals and provides insights, we could potentially achieve this with open-source CSPM tools. In its current state, I don't see PingSafe directly addressing our specific needs.

While agentless vulnerability scanning is a positive feature, PingSafe lacks the ability to effectively group and customize the provided metrics. This creates a significant limitation, as we cannot easily create the specific metrics that are most useful for our needs. For example, if we want to group a specific set of metrics by a particular label or namespace, there is no straightforward way to do so within PingSafe. The UI offers visualizations for the provided metrics, but it lacks the functionality to segregate and customize them. This inability to create user-defined metrics is a major drawback of PingSafe.

PingSafe helped reduce the number of false positives in the previous version of PingSafe 1.0. Users reported a high volume of false positives with the newer version, and it wasn't clear how PingSafe 2.0 would address this issue. Additionally, users have to manually mute many false positives in PingSafe 2.0, which is a significant drawback.

I would rate PingSafe's mean time to detect ability a 6 out of 10.

While Cloud Security Posture Management tools offer valuable functionality, selling a product solely based on open-source CSPM solutions can be challenging. To differentiate themselves, PingSafe should focus on two key areas: security and workload protection within the CI/CD pipeline. Firstly, PingSafe needs to provide robust security features beyond basic CSPM capabilities. This could involve advanced threat detection and mitigation functionalities. Secondly, workload protection within the CI/CD pipeline is crucial. Here, PingSafe should offer insightful metrics that are well-organized and allow for user customization. This means providing granular control over metric segmentation. Users should be able to define their own metrics and choose how they want them aggregated. Ideally, PingSafe should allow users to import custom metrics and create custom segregations based on their specific needs, such as namespaces or custom levels. For example, if PingSafe gathers metrics from Kubernetes clusters, users should be able to define their own metrics alongside the pre-defined ones and organize them into relevant categories. This level of customization allows stakeholders to focus on the metrics that matter most to them, potentially reducing the overwhelming volume of data from thousands of records to a more manageable set of hundreds. In conclusion, PingSafe should prioritize UI improvements and offer advanced data segregation capabilities to truly stand out in the marketplace. This will empower users to tailor their security posture management experience to their specific needs.

PingSafe's current documentation could be improved to better assist customers during the cluster onboarding process. Providing comprehensive documentation with clear and abundant examples would greatly enhance the user experience for new customers. This would empower them to set up their clusters efficiently and effectively.  

I have been using PingSafe for 1.5 years.

PingSafe seems to be stable, with no reported crashes. However, there's also not a lot of traffic going through the service. It's unclear exactly what PingSafe does internally.

There aren't many users who actively add technical details to run PingSafe's tools. Additionally, it seems we don't actively incorporate new features. Ideally, clients should share proper answer keys so we can identify if their app crashes.

If we could onboard more users, we could potentially gain access to more resources. However, a recurring issue is missing data. Clients sometimes provide extensions, but clicking on them reveals no information. This lack of data is a significant drawback, even though the system itself seems stable.

PingSafe is scalable and supports multiple tenancies with no drawbacks.

As a mature organization, we expect a higher level of service from our technical support providers. Unfortunately, we've found that the responses from PingSafe's technical support team have been repetitive and not particularly helpful, especially considering the cost of their services. 

Neutral

The initial deployment is straightforward.

It doesn't take more than 30 minutes to deploy PingSafe into an organization using any cloud platform.

One person can complete the deployment. 

PingSafe's primary advantage is its ability to consolidate multiple tools into a single user interface, but, beyond this convenience, it may not offer significant additional benefits to justify its price.

I would rate PingSafe 5 out of 10.

Our organization primarily relies on our internal scanning tool for IaC security. While many industry tools utilize open-source IaC scanning solutions under the hood, we haven't found significant value in adopting PingSafe's specific IaC offering. This solution might be more beneficial for organizations lacking dedicated SecOps teams, but its additional cost is a factor to consider.

It should transition from an agent-based system to an agentless one. This is crucial because many industry tools are moving in this direction, and PingSafe should follow suit. They should also introduce more features, improve security compliance, and place greater focus on Kubernetes, RBAC systems, and visualization. If they do choose to maintain an agent-based system, they should significantly improve their metric collection capabilities. This would be beneficial because currently, customer response times seem to be slow. By addressing these requirements, PingSafe can ensure continued growth.