SentinelOne Singularity Cloud Security Reviews

Our cloud security posture is managed with PingSafe, a tool that identifies and highlights potential security weaknesses in our systems.

It is user-friendly.

PingSafe helps reduce the number of false positives by 20 percent.

In evidence-based reporting, demonstrating that a vulnerability can be exploited is crucial. This information allows us to directly address the issue through manual remediation.

PingSafe has improved our risk posture and has reduced our mean time to detection by 50 percent.

PingSafe has reduced our mean time to remediation by 30 percent.

The user-friendly dashboard offers both convenience and security by providing quick access to solutions and keeping us informed of potential threats.

PingSafe filtering has some areas that cause problems, and to achieve single sign-on functionality, a break-glass feature, which is currently unavailable, is necessary.

I have been using PingSafe for one year.

I would rate the stability of PingSafe nine out of ten.

PingSafe is scalable.

The technical support is good.

Positive

We previously used Prisma Cloud but when we would request a feature we had to wait until the next release. That is the advantage of PingSafe.

The deployment took a few weeks to complete.

PingSafe falls somewhere in the middle price range, neither particularly cheap nor expensive.

I would rate PingSafe nine out of ten.

We have around five people working with PingSafe.

No maintenance is required for PingSafe.

We use PingSafe to improve our security posture through evidence-based alerts by detecting and mitigating vulnerabilities.

We sought a CSPM solution that could be configured to adhere to the security policies of our required integrations. PingSafe stood out as a strong candidate due to its compliance with industry standards like ISO and its ability to provide valuable security insights.

PingSafe is a SaaS solution.

PingSafe boasts a user-friendly interface that avoids information overload. The clean layout allows for easy navigation, even for new users, while still offering the ability to delve deeper into the data for a more granular view.

I would rate the evidence-based reporting of PingSafe an eight out of ten.

PingSafe's proof of exploitability is invaluable because it allows us to demonstrate the root cause of security issues to stakeholders clearly and concisely, streamlining the remediation process.

I would rate the offensive security engine's ability to assess and verify exploit paths and prioritize breach potential a nine out of ten.

The easy-to-use UI helps our security team review evidence from a single dashboard.

PingSafe has broadened our viewpoint within our environment, allowing us to see things from multiple angles. This wider perspective provides greater assurance to our team and the entire enterprise.

It has helped reduce around ten percent of the false positives.

Thanks to PingSafe, our cloud security posture has significantly improved. We've effectively mitigated critical and high vulnerabilities, achieving a strong security position from a CSPM perspective.

PingSafe has impacted collaboration between our cloud security application developers and AppSec teams. To address this, we've granted controlled access to PingSafe for all relevant teams. We've also encouraged its use by providing training on the tool itself.

PingSafe stands out for its user-friendly interface and intuitive software, making it easy to navigate and use. It excels at presenting remediation steps in a clear and actionable way. Additionally, the reporting capabilities ensure we maintain compliance. However, the most valuable feature for us is the ability to conduct authentic security testing, providing real-world insights into our vulnerabilities.

The vulnerability scanner generates a high number of false positives that it flags as alerts, even though they're not actual threats. This suggests a configuration issue. We need to address this, especially since some of these flagged vulnerabilities have already been mitigated by other means.

The compliance monitoring dashboard, while helpful, doesn't integrate seamlessly with our entire system. This creates a disconnect: a high volume of alerts doesn't necessarily reflect a decline in compliance. For instance, I might have a thousand alerts on my ISO-related compliance dashboard, yet the compliance itself remains at 99.99 percent. This inconsistency makes it difficult to justify remediating every alert. In other words, I might give a clean bill of health from a compliance standpoint, yet still expect them to resolve the alert, which can be confusing. Therefore, we need to address either the way the dashboard generates alerts or the way we create them. Ideally, alerts should be directly tied to compliance standards and have a clear role in the overall compliance process. If they don't meet these criteria, perhaps they shouldn't be flagged as high or critical in severity.

Crafting customized policies can be tricky. Take creating our own, for instance. It requires a deep dive into the customization options, as the language used can be complex and demands a certain level of skill.

Since Sentinel's acquisition of PingSafe, there has been a decline in both the frequency of new releases and the quality of support. Previously, PingSafe was known for its proactive approach.

PingSafe utilizes additional modules besides CSPN. Ideally, there should be a correlation between these systems. This would ensure that the assets we review for vulnerabilities within PingSafe are consistent with those reviewed in CSPN. This consistency would simplify the process, allowing us to focus on a single review level. This level could be defined from a configuration perspective or by a compliance standard, such as the web application itself. If PingSafe migrates data, this correlation between systems would be especially beneficial to ensure continued integration with all modules.

I have been using PingSafe for six months.

The core modules of PingSafe are stable but some of their new features had bugs in them.

I would rate the stability of PingSafe seven out of ten.

I would rate the scalability of PingSafe ten out of ten.

The technical support is good.

Positive

We've added PingSafe to our existing Palo Alto Prisma Cloud environment. This will allow us to directly compare the results of the two tools.

The implementation is straightforward and takes a couple of days to complete.

We had five to ten people involved, excluding the PingSafe developers.

I would rate PingSafe eight out of ten.

We have PingSafe accessible in multiple departments with a total of 20 users.

There is no maintenance required from our end.

While PingSafe advertises itself as a Cloud-Native Application Protection Platform solution, it offers some CNAPP functionalities but doesn't provide a fully comprehensive picture of your cloud security posture. In essence, it has some CNAPP capabilities, but it's not a complete CNAPP solution yet.

My company has around ten AWS accounts, and we use SentinelOne to monitor and see if any risks are there or not in any security groups for VPC endpoints or any other resources that come under severe risk or medium risk, so my company uses the product for calculations concerning the aforementioned area. The tool also creates tickets for our company, which helps us monitor the resources and change them according to the standards applicable to the organization.

The solution's most valuable features are its ability to detect vulnerabilities inside AWS resources and its ability to rescan after a specific duration set by the administrator. It creates a ticket automatically, so you get to know the things in the tool that you need to attend to immediately, making it a core feature of the solution.

I am unsure as to what kind of subscriptions my company has taken from PingSafe. I am not sure about what other things are there in the product that can help our company. Based on whatever subscriptions related to the product my company has taken, I can say that though one of the security groups is open to my company's premises, it still stays that it is open, which, for my company, makes it secure, but for PingSafe, it is not secure, so I am not pretty sure about how it can check and update it. I am not sure if a feature to deal with the aforementioned area already exists in the solution and if my company has not taken a subscription to use it.

Let us assume that there is a ticket that states that one port is vulnerable in the security groups from AWS since it is exposed to the public. When the tool states that it is exposed to the public, it means that it is exposed to the IPs in the company premises and not the public.

Let us assume that there is a database that is exposed to all the IPs in an office. If I have 10 to 12 sets of IPs, I can use them for 10 to 12 Wi-Fi or VPN connections, and it is exposed on the company premises, but the tool states that it is exposed to the public and that the company needs to shut it down. My organization needs to expose the database so that our development team can access it over our office IPs. If you do not expose the database to office IPs, the development team cannot access DBs to manipulate or check data. In general, the database is exposed to the office IPs, not to the public, but the tool states that it is exposed to the public since it cannot identify whether the IP is a public IP or office IP. I am not very sure if there is a setting in the product that allows the office to give its set of IPs to the tool, and scanning can be done through them so that the tool can identify if the resources are inside or outside of the IP range, according to which can state whether it is safe or not. In general, the tool should offer users the ability to mark IPs as public and private ones so that the product can identify them. It would be good if a customer could provide the tool with a set of ten IPs and state that it will be okay and secure if any of the resources are exposed to them since they are inside the office premises.

One of the issues with the product stems from the fact that it clubs different resources under one ticket. If I have 10 resources in 10 accounts, there might be a problem if, from those 10 accounts, 5 resources have the same issues and they get clubbed together under a single ticket, which makes it somehow a difficult process since I have to get inside the ticket to get the resources and the account details.

I have been using PingSafe for 6 months. My company is a customer of the solution.

I never found any stability issues in PingSafe.

In terms of scalability, I have not used the application to its full extent. Right now, I cannot comment on the scalability part of the product.

PingSafe helps identify the resources that are vulnerable to attacks, and if I can fix them up, then my application will be safe at that particular point in time. The tool's aforementioned area has no relation to the product's deployment since it is used to secure my company's resources, applications, and infrastructure.

Though the solution can be deployed with the help of my team, consisting of three people, I can handle it by myself. With PingSafe, the reports come to me, after which I can give or segregate them for different applications while having two different individuals working under me.

I take care of the installation part of the product by myself.

The solution is very user-friendly in terms of ease of use.

I do not use the product's reporting feature because another team in my company handles it. I know that my company uses the product's reporting feature to extract reports on a weekly, bi-weekly, and monthly basis, but I don't deal with it.

I don't use the product's agentless vulnerability scanning. I check the reports that come to me, as I need to further check the resource tests attached to them, especially whatever resources are affected as per the reports. In general, I just go with the report and complete the task.

I have not used Pingsafe's Offensive Security Engine.

Pingsafe's IaC Scanning is a great functionality that is built into the product. It is one of the major functionalities that my company's team uses. With Pingsafe's IaC Scanning, it is easy to monitor and observe areas in a good way.

Pingsafe's IaC Scanning role in identifying pre-production issues in IaC templates or container configuration files is helpful because when in my company, we configure IaC Scanning in our production environment, it gives a brief detail about what the resources and security groups or whatever resources are the most vulnerable, after which they get sorted into four categories, namely, low, medium, high and severe. The tool sorts out the resources into four categories before you go to the production phase, ensuring that they are good and secure.

The main benefit of the use of the product in our company stems from the fact that it provides a vulnerability scanning report, which helps us to maintain the resources mainly, an area for which my team and organization use it.

I experienced the benefits attached to the solution from the first day of using it, and before its use, I was not able to identify the issues in the resources. PingSafe gave me the value and the reports that helped me to identify the issues in resources.

PingSafe's use has helped reduce the false positive rate. In the initial stages, my company had more than 100 severe cases, but within a month, we were able to reduce that to below 10 percent.

With PingSafe, the mean time to detect has reduced because initially, for detection, I had to observe resources end to end. Now, the tool provides me with a regular report because of which I don't need to observe everything inside the resources. I just need to go to a particular resource and check what is stated in the ticket to see which ports are vulnerable, after which it can be changed, so I can directly go and check it, owing to which the tool definitely reduces the mean time to detect vulnerabilities.

With PingSafe, the mean time to remediate is a maximum of twenty-four hours. Initially, in my company, we had to identify the problem and then proceed with remediation, but now we can do it directly since the report is already available.

PingSafe has affected and helped me a bit to deal with the collaboration between cloud security application developers and AppSec teams because it helps me to keep my resources and tell the developers that we cannot expose them to the extent where the application will become vulnerable to attacks. In general, the tool is helpful since it reduces the time needed to connect DevOps and developers.

I found the product to be pretty useful. I directly onboarded the product and started to use it. I did not find any difficulties with the tool.

I rate the tool an 8 out of 10.

We use PingSafe as a Cloud Native Application Protection tool to identify anomalies or deviations from best practices in our cloud environment.

We chose PingSafe because it meets our compliance requirements.

We have integrated PingSafe with all of our AWS accounts. By default, when PingSafe identifies an issue, it automatically creates a Jira ticket. Our Security Operations Center team then investigates all these Jira tickets and takes appropriate action.

PingSafe is user-friendly.

PingSafe's evidence reporting is valuable for prioritizing and resolving the most critical cloud security issues. Any issue it identifies, whether it warrants a Jira ticket or not, can be directly accessed through a provided link. The PingSafe dashboard then displays all vulnerabilities, including how the issue was identified, the type of scan used, and the affected code location. This can include details from secret scanning, pinpointing the specific repository, file, and location where a secret was leaked within GitHub. This level of detail makes it very easy to verify and prioritize remediation efforts.

We leverage IaC scanning because our infrastructure is defined using Terraform. This allows our DevOps team to proactively identify potential security vulnerabilities. These vulnerabilities can include accidentally embedding secrets directly in the IaC code, such as committing them to the GitHub repository. By utilizing IaC scanning, we can detect such issues and promptly notify the responsible DevOps team member for remediation.

PingSafe helps identify issues in container configuration files early in the development process.

In the past, we relied on multiple tools for latency scanning and Kubernetes security scanning. This meant using separate portals and logging tickets manually in Jira. Now, with PingSafe, we have a centralized solution. It provides a single point of access for everything, from security issues to the latest threat intelligence reports. This makes it user-friendly and saves our team significant time. We can investigate issues more efficiently and even create Jira tickets directly within PingSafe, eliminating the need for manual logging. Overall, PingSafe offers both time savings and improved accuracy.

The real-time detection offered by PingSafe is crucial because we manage all our data using Kubernetes. This makes it critical to identify any vulnerabilities within the running dependencies.

We rely on PingSafe's comprehensive compliance monitoring to maintain regulatory compliance. We utilize all its features to maximize its effectiveness.

PingSafe has a user-friendly interface. It provides a visual flow diagram that makes it easy to navigate between different AWS accounts and services. When we receive an alert, we can quickly see which account and service it's related to. Overall, it's a well-designed tool.

PingSafe has removed 80 percent of our false positives.

PingSafe has improved our mean time to detection by 100 percent.

PingSafe has reduced our mean time to remediation by 70 percent. This is because we can now quickly obtain a list of all issue tickets logged in Jira, allowing our SoC team to take action on them promptly.

PingSafe improved the collaboration between the cloud developers and AppSec teams.

Having a system that can identify and alert us to misconfigurations in our 3 data storage buckets is helpful for our organization's penetration testers. Since all our company data resides on cloud platforms, PingSafe allows the AppSec team to automatically detect vulnerabilities before manual penetration testing begins. While this automation might seem to reduce the AppSec team's workload for cloud security specifically, it would ultimately benefit both teams. The security operations team would be relieved of the burden of manually logging and ticketing every issue identified within AWS services.

PingSafe has helped save 90 percent of the engineering team's time.

We have successfully integrated PingSafe with AWS and have also integrated the GitHub organization. These integrations were implemented to identify potential issues on our cloud platform. PingSafe is also used for IaC and secret scanning within our organization. Fortunately, these integrations have been running smoothly and haven't caused any problems.

PingSafe's graph explorer is a valuable tool that lets us visualize all connected services. For instance, we can see all running Kubernetes clusters, including their components and nodes. If there are any problems with cluster components or nodes, the graph explorer will highlight them, allowing us to easily address the issues.

The threat intelligence section also focuses on identifying new vulnerabilities emerging in the market. PingSafe scans our existing infrastructure to pinpoint all affected resources. This allows us to easily identify any at-risk resources with a single click.

PingSafe can improve by eliminating 100 percent of the false positives.

Another area of improvement is for PingSafe to auto-remediate the alerts. 

I have been using PingSafe for 6 months.

I would rate the stability of PingSafe 10 out of 10.

I would rate the scalability of PingSafe 10 out of 10.

We connect with the PingSafe technical support on Slack and they are always helpful and knowledgable. They can help with any of our questions and issues.

Positive

In the past, we relied on open-source tools like Terraform scanning and Gitleaks to scan our infrastructure as code and identify secrets. However, this approach demanded significant manpower and time investment, and we were inundated with false positives. To address these challenges, we transitioned to PingSafe.

I would rate PingSafe 9 out of 10.

For our organization, PingSafe must include evidence of exploitability in its evidence-based reporting and it does.

We have 6 people in our organization that utilize PingSafe.

PingSafe does not require maintenance from our end.

I recommend PingSafe to others because it offers several advantages. One key benefit is that it saves a significant amount of manpower. This frees up our security engineers to focus on other assigned tasks. PingSafe is a valuable tool for automating tasks.

I work for an insurance company whose infrastructure is on the cloud, so we use PingSafe for security management and vulnerability detection. 

PingSafe is a valuable tool for managing infrastructure security. It offers advanced features like container security management, microservices security management, and Configuration Drift Remediation, which helps identify and address unauthorized configuration changes. These features are comprehensive and adaptable. Even for custom infrastructure modifications, such as XYZ, the PingSafe team can be contacted for guidance and policy adjustments to ensure a smooth adoption process.

Infrastructure as Code is valuable because the code itself defines the infrastructure. This means any vulnerabilities or misconfigurations in the IaC code will be deployed to our infrastructure. However, IaC tools can scan the code and alert us to potential problems before deployment, allowing us to fix them proactively.

We saw the benefits of PingSafe immediately.

It helped reduce the amount of false positives.

It has reduced our mean time to detection and remediation.

PingSafe improved collaboration between our cloud security developers and the application security teams.

The collaboration helped us save time, which is one of the reasons we have continued to use PingSafe.

The cloud misconfiguration is the most valuable feature. It highlights any misconfiguration that can make our infrastructure vulnerable.

I would like PingSafe to add real-time detection of vulnerabilities and cloud misconfigurations.

I have been using PingSafe for almost 2 years.

I would rate the stability of PingSafe 10 out of 10.

I would rate the scalability of PingSafe 10 out of 10.

The technical support is good. They are knowledgeable and prompt.

Positive

The deployment was straightforward. One person was required from our end.

The implementation process itself was very smooth. The PingSafe team provided excellent assistance in integrating the solution with our existing infrastructure and account. This made the integration process hassle-free. We've also recently integrated a new CDR feature using PingSafe.

I would rate PingSafe 10 out of 10.

No maintenance is required for PingSafe.

Once you've acquired PingSafe, it's essential to review all your existing organizational policies. If these policies are compatible with your infrastructure, you can proceed without modifications. However, if there are any incompatibilities, you'll need to make adjustments to ensure your infrastructure triggers accurate alerts. Skipping this step can lead to a flood of false positives.

Cloud Native Security helps us identify security issues related to cloud configuration and containers. We leverage cloud synchronization for real-time incident notification.

Cloud Native Security is easy to use. Its user-friendly features make integrating new tools a breeze. Everything can be connected through a simple API. The intuitive dashboard and effortless ticket submission further enhance the user experience.

One of Cloud Native Security's most valuable features is its offensive security engine. This engine excels at identifying vulnerabilities caused by misconfigurations, which could potentially be exploited by external attackers. In these cases, Cloud Native Security's offensive security engine findings are highly accurate, with a proven positive detection rate.

Cloud Native Security has helped reduce the false positive rate. The reduction in false positives has improved our operations.

As a small startup, implementing all security best practices across the organization can be challenging. Additionally, security awareness may not be widespread. However, Cloud Native Security, a cloud-based security tool, helps us address these limitations. Cloud Native Security acts as a vigilant watchdog, continuously monitoring our infrastructure for misconfigurations. This includes detecting unauthorized access attempts, such as someone opening a specific port or granting historical access from an external AWS account. By integrating Cloud Native Security with our Slack channel, we receive immediate alerts whenever such suspicious activity occurs. The notification will highlight the potential risk and provide details, allowing us to investigate and take prompt action. Previously, we unknowingly stored sensitive information, known as hard-coded secrets, in our public GitHub repository. Since integrating Cloud Native Security with GitHub, these secrets are identified immediately and flagged through Slack alerts. This enables us to address the issue swiftly and reduce our overall security exposure.

It is far more effective at reducing our meantime to detection compared to the open-source solution we used previously.

Cloud Native Security's findings have led to increased collaboration with our infrastructure team. While our application is a separate product and doesn't reside in the cloud, Cloud Native Security has still proven valuable in this way.

Cloud Native Security's best feature is its ability to identify hard-coded secrets during pull request reviews. This helped my organization identify nearly 10,000 secrets added across our repositories, many of which had a significant security impact. Integrating Cloud Native Security with GitHub alone allowed us to identify all these secrets. This is a key feature that has been instrumental in improving our security posture through testing.

Secondly, Cloud Native Security's cloud SIEM feature has been essential in preventing our most critical security incidents.

We are experiencing problems with Cloud Native Security reporting. Our organization primarily uses Jira for issue tracking. While Cloud Native Security offers input options for reporting vulnerabilities, the "connect action" it provides to link issues isn't replicating information to Jira. This is happening for approximately half of the company and is causing difficulties for developers and stakeholders in fully understanding the reported issues.

Cloud Native Security's proof of exploitability is not that useful when it relates to container images. More detail should be included in the reporting.

Cloud Native Security can identify hard-coded secrets within our code and tell us if they're valid or not. However, in some cases, Cloud Native Security may flag a valid secret as hard-coded without specifying its exact location within the codebase. This lack of detail makes it difficult for developers to identify where the secret is used. Ideally, Cloud Native Security should provide the specific location of valid hard-coded secrets. This would significantly improve the developer experience by allowing them to easily locate and manage these secrets.

Cloud Native Security integrates with Jira and Slack through APIs, which is great. However, I would also like to see Cloud Native Security offer APIs that allow us to directly build dashboards within the platform. This would be incredibly helpful for visualizing vulnerabilities, security settings, and Cloud Native Security usage reports. Imagine if Cloud Native Security provided these APIs. We could create custom dashboards for specific purposes, like offensive security, cloud misconfiguration monitoring, or even integrating ISS scans. Essentially, any customer could easily build dashboards tailored to their needs. Unfortunately, Cloud Native Security doesn't currently offer this functionality. Other security products provide this level of customization. Adding this feature to Cloud Native Security would significantly improve its overall solution. 

I have been using Cloud Native Security for two years.

Cloud Native Security is extremely stable and we have not encountered any issues.

Cloud Native Security is scalable.

We contact technical support weekly. They are helpful and respond quickly. Additionally, there is a built-in chatbot that allows us to submit support tickets.

Positive

We also rely on AWS built-in features that alert us if there are any misconfigurations along with Cloud Native Security.

Regarding the license model, I believe their approach is appropriate based on the customer workload data we're tracking. It seems like an ideal way to proceed.

For pricing, it currently seems to be in line with market rates. However, I recall Cloud Native Security charging a slightly higher premium previously.

I would rate Cloud Native Security nine out of ten.

We receive notifications from Cloud Native Security whenever maintenance is required, and they provide instructions to complete the process.

New users should be prepared to have a dedicated staff member manage Cloud Native Security. This person will handle alerts, configurations, and integrations. You should continuously evaluate all the findings that Cloud Native Security provides, as it performs daily scans. However, it's possible to miss vulnerabilities that have already been fixed. Therefore, careful attention is needed when raising issues with developers. To optimize your use of Cloud Native Security and potentially reduce workload, consider providing feedback to improve the product. Additionally, try to utilize as many features as possible, as they can all have a positive impact on your organization's infrastructure.

We primarily use PingSafe for compliance purposes because we work with banks and the fintech industry, so we must follow some standards like PCI DSS.

We use PingSafe for compliance and security purposes, and it has helped a lot. We face many audits, and during each audit, we must conduct a vulnerability assessment. PingSafe gives us a list of vulnerabilities that we remediate to raise our compliance score. It's our only tool for vulnerability assessments. The benefits are mostly immediate. PingSafe helped reduce the number of false positives, which has been difficult.

We like PingSafe's vulnerability assessment and management features, and its vulnerability databases. The interface isn't too complex. It's quite easy to use. The agentless vulnerability scan is the feature we use the most.

The categorization of the results from the vulnerability assessment could be improved. 

We have used PingSafe for 2 years. 

I have never faced any downtime.

PingSafe's scalability is quite good. We have multiple projects, and scalability isn't an issue. 

I rate PingSafe 8 out of 10 based on the features I have used. I haven't used all the features, but I give the vulnerability and compliance features 8 out of 10. I can recommend PingSafe for vulnerability scanning and compliance. There are many competitors, but I find PingSafe quite good, which is why we haven't switched to something else for the past 2 years. 

We have multiple AWS accounts and we use it for our products and deployments, et cetera, and they are being monitored by PingSafe for best practices and good security. In the past, we've had code exposed to the internet, and PingSafe has been able to catch such instances. Basically, it is for security and monitoring purposes. 

We've been able to integrate PingSafe with out AWS and deployed their agents to Kubernetes. For production and compliance purposes, it allows us to monitor actively for issues from one place. 

The solution reduces notifications.

We mainly use it for monitoring and security guidelines only. It's been really useful for us in terms of the developer accounts. If any have been exposed, we get notified and we can take care of issues before anything happens. 

We haven't seen any server downtime. It's always been available when we've needed it. 

The UI is very nice, and feature-wise, it's very good.

It has very good documentation. 

Support has been very helpful and provides regular feedback and help whenever needed. They've been very useful. 

The solution is very easy to use. We have not had to spend much time customizing or integrating items. We were able to integrate all four AWS accounts in order to centrally monitor everything.

There is evidence-based reporting which can help prioritize and solve cloud security issues. We haven't actively used it or set it up.

We use the infrastructure as code scanning feature. It's good for identifying pre-production issues. 

About six months ago, there was a major upgrade. We can see the containers running and which vulnerabilities appear, et cetera. 

We haven't seen any increase in false positives since using the solution. 

It's helped us improve our risk posture. We're more confident now that things aren't happening and getting missed. We're on the right track to adapting proper security rules.

More than saving engineering time, this solution has helped promote confidence is the security of our cloud accounts. We're more sure of our configurations and security posture. Since we don't have a cloud expertise team that might identify issues, it has helped us gain confidence in SQL deployments. 

There should be more documentation about the product. Sometimes we have to go to customer support to get clarification.

I've been using the solution for 1.5 years. 

The solution is stable. I have not seen any downtime.

We have around 15 users leveraging PingSafe. They are mainly admins and engineers.

Technical support is very helpful. However, the documentation needs to be better.

They tend to resolve issues within an hour or so. With most issues, they are very helpful 

We have a different pipeline product working in parallel to this solution that is also helping us reduce vulnerabilities. Something else, for example, monitors compliance for us. PingSafe is more of an additional tool than our main solution. We have been using open-source tools for scanning.

The development was just one configuration, and we were able to implement PingSafe in about an hour.

The solution does not require any maintenance. 

We have noted an ROI based on the amount of confidence we've gained having visibility into our vulnerabilities. I do not have specific metrics on hand to illustrate that, however. 

The pricing is reasonable.

We're a customer and end-user. I'm a DevOps engineer.

I'd recommend the solution to others. I would rate it 10 out of 10 as it currently meets all of our requirements. I can't speak to other companies that may have different requirements.