What is our primary use case?
We primarily use the solution for threat and vulnerability management. We look at it for cloud security. It ingests logs, however, it also has an agent that runs on the servers.
It picks up vulnerabilities in-house. It has rules for different types of like actions that could be considered, in terms of suspicious or malicious activity. We pretty much audit and we can to pick out and do remediation or prevent potential attacks.
How has it helped my organization?
It seems like it will be the one vendor we need for our entire AWS cloud environment. It would save us from having a mix of native and open-source tools.
What is most valuable?
The solution has a lot of different features that are quite useful.
It has some tools, such as Microfocus. With the threat stack, you can do a lot of different things. Of course, you have to really put the time in and figure out what can really be done in a crisis.
The threat and vulnerability manager items are the most useful for us. There are a lot of AWS native schools that do configuration management.
The stability has been quite good.
Technical support is very helpful.
What needs improvement?
The compliance and governance need improvement. You can have rules that are HIPAA or PCI or CIS compliant, however, we're actually looking for a tool that would do that - something that would act like a compliance dashboard. There's a lot of cool stuff out there right now, however, it's not as automated in the DevSecOps process. Everything is broken out into separate controls. We have Jira and tickets will show or ask for compliance. While the compliance dashboard gets updated, it doesn't necessarily get locked in.
While the security orchestrators are actually really interesting, I don't know how they are going to collect all the data and sort of all the compliance and automate client support, and then also remediate everything.
There's a little bit of a lag, however, the next step is to get a really mature environment where you literally can just sit in your chair all day and just watch things happen and respond to different alerts and respond to emails and maybe do some coding here and there. That's our goal.
We have thousands of servers. We don't want to put on production service. That's the thing. We only put this on productions, running customer data servers. If we were developing infrastructure and we want to run it through a developer and a QA environment, say if there's a potential issue, we're not going to know about the agent until we have it in production. That's one of the things we're looking into.
For how long have I used the solution?
I've been using the solution for about two months or so. It hasn't been that long.
What do I think about the stability of the solution?
The stability is very good. You can easily test rules. You can build a roll and test it, and it will tell you if it is good or not. Compared to other tools, we've found it to be quite stable.
What do I think about the scalability of the solution?
The scalability is great. It comes with an agent. You basically build your AMI with your agents. Whatever instance you have deployed, you can deploy it to agents. You also have a cloud shell connection to the press stack. It's definitely scalable with more accounts and more instances that you can add. It looks like it integrates with GCP and Azure too.
We want to go to Azure at some point and it looks like it does have a couple of other integrations too, such as notification integrations. If we could hook it into a centralized dashboard, we might look into that down the road to like a centralized dashboard will be, if you have all the different tools and open source tools and we can push all the data to one dashboard.
How are customer service and technical support?
The technical support is really very good. We have individualized treatment from their support team. We pretty much have individual support, individual customer service, customer support. We are extremely satisfied with the level of attention we get.
How was the initial setup?
I didn't set up the solution. The person who did originally had a mindset of just checking the boxes. It was for compliance. It was for auditing purposes, like a check box. It always can be refined and improved and things can be refined, improved, especially in security. There are false positives. There's too much data. There are so many different attack vectors. You're constantly improving it and constantly finding new items and not being completely satisfied with what we're actually getting with it as there are hundreds of APIs and there are hundreds of data points.
The vendor seems really good. They respond well. We have monthly calls and they are actually a good company.
What's my experience with pricing, setup cost, and licensing?
The solution offers one set cost and then the cost by agents. We're thinking of putting it on a few test servers and dev and a few servers in QA and then running whatever changes we have there before we deploy to production. However, there's a cost to it. Most of the cost is from engaging. Some environments can have tens of thousands of servers and we have thousands. It can get costly for us.
I'm not sure of the exact pricing. I work with the director of infrastructure and he handles all the billing. I actually asked him that the other day I was like if I enable different roles or create new rules, is that going to affect costs? He said, likely.
What other advice do I have?
We're customers and end-users. We use implementation partners associated with the product.
I'd advise other companies considering the solution that it just comes down to the knowledge. There are people who have no the industry standards and then learn the product. It has similar fundamentals to a lot of different products, however, products have different UIs and different types of ways to build it up. You just need someone with knowledge and experience or someone who's going to be open to learning the product. Expertise really comes into it. A company can really get a lot out of customizing it. They just really need to learn the solution for the real possibilities to open up.
Overall, I would rate the solution at an eight out of ten.