The challenge is that they charge you per resource. We had an issue where Google Cloud was generating secrets for our application configurations by the hundreds, which we would be charged by Bridgecloud. Our price would have surged to an insane amount due to the automatically generated secrets that we don't even use for anything, which isn't part of our security concern.

What we would like to know is if there is a way that we could exclude those from our resources so that we're not billed for that. We don't monitor that. They ignored me for a month through four emails asking about that.

They were just totally unresponsive. Then after a month, I said, "I guess you don't want our business." And they responded, "Oh, we're sorry to hear that." I'd say "You're sorry to hear that? Why didn't you respond to any of my emails?"

If you're trying to pay them less money, then they want to get rid of you. They don't want to talk to you. That's what it came across as. It's not like we weren't looking at spending thousands of dollars a month with them. We just weren't looking at spending $8,000 versus $2,000.

That was a bit frustrating. Generally, I do like their product. It's a useful product. It's good. We wanted to use it. However, since they blew us off, it left a bad taste in our mouths.

Their sales team needs a little bit of a jostle to get themselves together.

We'd like to see better monitoring and the ability to deny certain resources from being scanned.

Any solution would have its pros and cons, however, for the most part, it would come down to specific environments. For those considering purchasing the thing that I would try to avoid is buying it just for its name. I know people do that specifically, however, if you are going in thinking  "Hey, I've got some random environment, let me just go and buy this solution and it will work perfectly" you will be disappointed. The solutions themselves have to be architected or actually designed in there as opposed to just placed.

The biggest issue that I see companies run into is that they immediately think that, "Oh, this solution will be right, simply due to the name." But that's the same issue Splunk runs into. People will immediately jump to Splunk being the best SIEM tool, just because they're the largest. When in reality, QRadar, LogRhythm, and all these other ones are performing similar functions and would actually fit better in some people's environments. Therefore, it's important a company does its homework and does not assume one size fits all. Everyone needs to make sure that this actually works in the environment before just purchasing it.