JaredDeanVP Cloud Operations at VVL systems
We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
"The best feature is time to value. With very minimal effort, you are able to have a cohesive view into your security posture on one or multiple cloud accounts, particularly if you are dealing with multicloud. If you have Azure and AWS deployments, you might have multiple subscriptions in Azure and usually multiple accounts in AWS. You may even be doing some GCP work (around Google Cloud Platform). It's very difficult to manage a common set of policies, even less reporting, across multiple subscriptions, accounts, and cloud environments. What BMC Helix Cloud Security does is provide a unified view or single pane of glass as to your baseline. Then, it also facilitates the ability for Level 1 or 2 operations support to take action and report on security vulnerabilities."
"The cool feature of Helix Cloud Security is that you can do all that — understand and remediate issues — in one dashboard, based on the different policies that are available for security, out-of-the-box."
"It's also multi-cloud. You can look at several cloud providers: AWS, Azure, or GCP."
"The features that I've found most valuable are its container security aspect. I also like its vulnerability management tools."
"It's one of the leading players for cloud optimization. It's hard to find anything better."
"It will automatically suggest areas for optimization."
"The initial setup is straightforward."
"Every organization out there doesn't rely on just one control body. They use FISMA control. They may use HIPAA, CIS, PCI, or SOX, then blend them. One of the things that is now in big demand for BMC Helix Cloud Security is content. That's the next journey in its lifespan, making it easier for the community to share and collaborate on content for security controls that can be measured and remediated."
"We've had some with issues connectors. The connectors have seemed to have caused a little bit of trouble, perhaps with the APIs trying to scan the environment. The only time I've had to reach out to tech support was for that. It seems it may not have been scanning correctly or I wasn't seeing data within a specific time. But we've set up a couple of connectors in the past couple of weeks and they actually scanned the AWS environment and we had data within about 10 minutes. It's working a lot faster and I think they're making improvements as they go."
"The UI could be more user-friendly."
"Self-healing could be a bit smoother and a bit cleaner, easier to access and more functional. That would help."
"Many features still need to be implemented in this tool."
"The solution needs to work better with larger capacities of data."
"It is a subscription model with term licensing that is usually yearly. This includes, not only the product, but support and maintenance. It is based on cloud assets. Therefore, if you have 100 cloud assets, those cloud assets are measured based on evaluation or transactions. For example, if I'm evaluating that cloud asset for CIS compliance, PCI compliance, and AWS best practices, that asset gets evaluated three times, as those are three transactions. However, the license model is based on peak asset usage. So, over a year, if you deploy 100, 1000, 500, and then 2000 assets, you will be charged for the 2000 peak of assets managed by Helix Cloud Security."
"The pricing is based on an annual subscription, upfront, and it's based on cloud assets. Whether your assets are in Azure and AWS combined, the tool tells you how many assets are being scanned and that's the number used for pricing."
Earn 20 points
BMC Helix Cloud Security (formerly TrueSight Cloud Security) automates cloud resource configuration security checks and remediation across AWS, Azure, and Google Cloud. With Helix Cloud Security, configurations of cloud resources and containers are managed consistently, securely, and with an audit trail. Because it is SaaS, there is nothing to install. You can literally begin automating your cloud security posture management in minutes.
• Automated cloud configuration security
posture management (CSPM) using Center
for Internet Security (CIS) policies for
cloud assets on AWS, Azure, and GCP
• Automated remediation - no coding or scripting required
• Ready-to-use policy packs for CIS, PCI, and GDPR, and support for custom security and compliance policies
• Full-stack container configuration security, including Kubernetes pods, host, Docker daemon,
image, and Docker container
• Integration with incident & change
• Alerts, reports, exception management, RBAC, and multi-tenancy
The CloudCheckr Cloud Management Platform (CMP) provides full visibility and control to reduce costs, improve cybersecurity posture, and automate critical tasks to accelerate cloud agility for modern enterprises and service providers.
BMC Helix Cloud Security is ranked 3rd in Cloud Security Posture Management (CSPM) with 3 reviews while CloudCheckr CMx High Security is ranked 4th in Cloud Security Posture Management (CSPM) with 3 reviews. BMC Helix Cloud Security is rated 8.4, while CloudCheckr CMx High Security is rated 7.6. The top reviewer of BMC Helix Cloud Security writes "Gives you a cohesive view into your security posture on cloud accounts". On the other hand, the top reviewer of CloudCheckr CMx High Security writes "Enterprise-grade solution for cloud optimization that offers excellent support". BMC Helix Cloud Security is most compared with Prisma Cloud by Palo Alto Networks, Turbonomic, VMware vRealize Operations (vROps), VMware vRealize Automation (vRA) and Zscaler Internet Access, whereas CloudCheckr CMx High Security is most compared with CloudHealth, Azure Cost Management, AWS Trusted Advisor, Cloudability and AWS Control Tower.
See our list of best Cloud Security Posture Management (CSPM) vendors.
We monitor all Cloud Security Posture Management (CSPM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.