What is our primary use case?
The primary use case is to secure our Amazon Web Services (AWS) accounts. We use it to detect situations where we are not compliant with corporate standards and help to resolve them. There are some operational alerts that come with the product, but in general it is security focused.
Using the product has definitely been worth it for us, as it has greatly improved our ability to secure our environment.
How has it helped my organization?
This enables us to clean up our existing AWS accounts and update our processes for new accounts. This improves our overall security process to an acceptable level. We are building out new AWS accounts which are secured from the beginning instead of fixing problems as they are detected. This ensures that everything is consistent and secure (from the beginning). Previously, we had to wait until our security team identified a problem.
What is most valuable?
The ability to scan our AWS accounts to understand what is not in alignment with our best practices is huge for us.
Evident.io currently only queries AWS accounts for certain configuration values that it regards as security issues. For example, it looks at all of the AWS User objects and reports which ones do not have MFA-enabled. This is very valuable and has been helping us clean up our AWS environments. However, once we have all of our AWS Users with MFA, it won’t detect when a new user is created without MFA. We will need to wait until the next scan for it detect that there is a user without MFA. Evident.io also can help us track down S3 buckets that are open to the world. This allows us to clean up our account.
What needs improvement?
This product needs to focus on real-time analysis. Currently, it only focuses on configuration settings. Giving us the ability to analyze CloudTrail results would enable us to take security to the next level.
If someone made an error and opened up a bucket (S3) to the world, we would not know it until the next scan. We are hoping that at some point Evident.io would detect this configuration change immediately so we could limit our exposure as soon as possible.
It still requires a lot of time to review and remediate issues. At this point in its development lifecycle, it is focused on alerting you of errors. It is then incumbent upon the administrator to review all of their alerts and determine how to resolve each one. There are not a lot of automated remediation steps built into the product at this point. The capabilities are certainly there to do some of the remediation, but it is not quite there yet. It is a good product, but it requires a lot of time to review and clean up any issues.
One other thing that I struggle with in the product is it does not have good reporting capabilities. It is often difficult to get information out of the product. There are some APIs, but they are a tad difficult to work with on a regular basis.
What do I think about the stability of the solution?
We have had no stability issues. We found an issue with some functionality, but beyond that, we haven’t had any problems.
What do I think about the scalability of the solution?
We have not had scalability issues.
How is customer service and technical support?
I thought the follow-up was good and communication was fine, but it doesn’t seem like it is any better than most other vendors.
Which solutions did we use previously?
We did not have a previous solution.
How was the initial setup?
Setup was a bit complex just because of different terminology between us and Evident.io.
There were some differences in terms and some product limitations that caused some re-work. Beyond that, we’ve automated the process and it is now straightforward to add new accounts.
What's my experience with pricing, setup cost, and licensing?
Negotiate for discounts, especially around the area of production versus non-production AWS accounts.
Which other solutions did I evaluate?
We looked at AWS Trusted Advisor, CloudPassage, Splunk, and Sumo Logic.
Evident.io is superior to a number of its competitors in several ways:
- The product focuses on the current state and gives us a good baseline to focus on ensuring that everything is in compliance with standards. A lot of the other tools that I have seen are focused on detecting real-time changes that do not help us if we are at a bad starting point. We needed to focus on getting to a good starting point before we could focus on “drift”.
- The product has a good UI and it is easy to navigate around. Some of the other products were very old-fashioned looking and had cumbersome interfaces.
- The product is looking to keep in line with industry standards, e.g., CIS Web Frameworks, etc.
- The company has been very engaged and invested in ensuring that we are successful.
- The company appears focused on developing auto-remediation capabilities.
What other advice do I have?
Automate the process as early as possible in order to streamline the deployment and processing of new accounts.
Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Apr 26 2017