Vanta

My main use case for Vanta  is compliance in general, aiming for an ISO to be compliant with the standards.

A specific example of how I use Vanta  for ISO compliance is that we have Vanta connected to our AWS  account and our Azure DevOps  repositories.

Regarding my main use case for Vanta, we are using it to make sure our security posture is good. For example Vanta has picked up all the AWS  Inspector  for our ECR repos vulnerabilities, and we create tickets and hand them out to our team, trying to remediate these images one by one, which provides a very useful view of our weak points.

The best features Vanta offers include reasonable recommendations, a nice user experience, and everything being organized. The remediation guidance is very nice, so if I don't have a clue about that item, Vanta gives me a hint on what to do and what the subject of that resource is.

Most of the time the recommendations are quite sufficient, which is great. Sometimes, if the task is a little bit complicated, it requires some extra research, but in general, it's good, especially for infrastructure as code. It even has solid examples on what to do.

Vanta has positively impacted my organization by helping us remediate a lot of vulnerabilities and bad practices, especially from vulnerable ECR repos, and enforced good behavior. For example, we enforce reviews for our pull requests, which wasn't mandatory before and was on a per-repo basis. Now, this enforcement is uniform across the entire organization.

After implementing those changes with Vanta, we tracked specific outcomes and metrics and improved compliance scores, which we can see in Vanta. We started out at around 17%, and we're now at over 80%. It's still a work in progress, but we've come a long way.

The only thing I wish for regarding the features is better RBAC. Permissions for platform users have been an issue. We've had to give admin access to Vanta for another team member to view all items. It would be great if the permissions of Vanta platform users had more verbosity to them, more dynamic.

To improve Vanta, I think the refresh after remediation takes place could be controlled more. If it could be faster, that would be great.

Besides the user permissions and the refreshing, which are improvements rather than issues, the rest looks fine. Vanta has been really nice, with a nice user experience, clear layout, and very reasonable recommendations compared to other platforms we've tried.

I've been using Vanta for the past 10 months, starting in early January this year.

Vanta is very stable; we haven't had any downtimes or weird behavior so far, which we really appreciate.

Regarding Vanta's scalability, our whole DevOps team and SRE teams have been onboarded, and it has been a smooth ride.

I haven't interacted with customer support yet, as we haven't had any need to contact them so far. I'm sure they will be good.

Neutral

I previously used Azure Defender , which was a hideous solution with inconsistencies. Connectors would go down randomly, and some suggestions from Azure Defender  were very awful and unrealistic. We had a rough time with it; We've had a very nice time with Vanta so far compared to Azure Defender.

Besides achieving a better security posture and coming closer to ISO compliance, I have nothing else to share about return on investment.

My experience with pricing, setup cost, and licensing isn't in my domain to give a good answer.

Before choosing Vanta, our team lead evaluated other options, and I personally evaluated other options regarding security posture in general, mostly open-source ones.

For others looking into using Vanta, I would say it's great, and if they're new to compliance, that's the perfect place to start. Start using Vanta, narrow down the scope, and take the items one by one to get one step closer to good compliance.

I think Vanta is one of the good platforms out there. I'm glad we're using it. I'm comfortable with it, and so is my team.

On a scale of 1-10, I rate Vanta a 9 out of 10.

Public Cloud

Other

What do you like best about the product?

It pulls logs and user info so I don’t have to ping five different people, and the status view helps me spot problem areas in seconds.

What do you dislike about the product?

A couple of legacy systems also needed manual evidence until we built small connectors.

What problems is the product solving and how is that benefiting you?

Vanta stopped audit prep being a frantic, last minute job missing items pop up early and many artifacts arrive automatically.

What do you like best about the product?

We’ve been using Vanta for a while now, and honestly, it’s been such a smooth experience. The platform is super easy to use, everything just makes sense, and it saves us so much time.

The support team is incredible. Whenever we have a question, they’re quick to respond and genuinely helpful. Plus, our account manager has been amazing, really proactive and always checking in to make sure we’re getting the most out of the platform.

What I love most is how comprehensive Vanta is. It truly feels like an end-to-end solution. It connects with nearly every tool we use, tracks compliance automatically, and works across pretty much any security framework. It takes so much of the stress out of staying compliant.

Overall, Vanta has made the whole compliance process simple, efficient, and honestly enjoyable, which I never thought I’d say about compliance!

What do you dislike about the product?

If I had to pick something I dislike about Vanta, its a little pricey for smaller teams, and some of the customization options are limited if you have really specific processes. That said, once everything’s up and running, it works seamlessly and more than makes up for those small challenges.

What problems is the product solving and how is that benefiting you?

Vanta helps us track our SOC 2 and HIPAA compliance all in one place. It makes it so much easier to manage everything, from policies and documentation to controls and compliance tasks. Instead of juggling multiple tools or spreadsheets, Vanta brings everything together in a single platform, so we always have a clear view of where we stand. It really streamlines the entire compliance process and keeps us audit-ready without all the manual effort.

What do you like best about the product?

Vanta connects to our cloud and identity systems and pulls evidence into one place, so I don’t have to hunt for screenshots and logs.

What do you dislike about the product?

A few older systems didn’t integrate cleanly at first and required manual proof during setup.

What problems is the product solving and how is that benefiting you?

Vanta turns audit prep from a frantic scramble into routine work by continuously checking controls and automatically collecting artifacts.

What do you like best about the product?

Vanta connects to our cloud and identity tools and starts collecting access logs and config snapshots automatically, so I don’t have to hunt for evidence across services. The dashboard shows which cloud controls are healthy and which need attention, which makes it quick to prioritize fixes.

What do you dislike about the product?

The platform can be picky about how documents and policies are uploaded sometimes I need to reformat files or follow a specific template before Vanta accepts them.

What problems is the product solving and how is that benefiting you?

Vanta turns audit prep from a frantic scramble into steady work by continuously checking controls and automatically gathering evidence. Missing items surface early on the dashboard, which saved my team many hours during SOC 2 preparation and keeps our cloud posture visible day to day.