Sweet Security Suite

I'm mostly using Sweet Security  for real-time infrastructure security. If there is any threat, I want to detect it in real time. That's the main use case. Vulnerability management is one other benefit I am getting from Sweet Security  as well.

In terms of the best features of Sweet Security, I haven't had any threat detected in the sense that there hasn't been any incident so far while Sweet Security is in place. In terms of vulnerabilities, I got some good findings and some good vulnerabilities were detected. Software that was on my infrastructure had known vulnerabilities and I was able to patch it timely. These things I was unaware of before installing Sweet Security on my infrastructure. So it was pretty good.

The Layer 7 network traffic inspection in Sweet Security has been pretty good. It can understand the traffic that's coming and can find potential credentials from users in this traffic, for example. Overall, it can detect sensitive data in this traffic very well.

Having runtime coverage with Sweet Security is also one of my audit requirements toward getting a certification. So having this in place will help me toward getting a certification in the future.

Having real-time visibility into my cloud environment with Sweet Security has changed the way my team detects and responds to threats. I didn't have a tool in place before. I have established a process for potential real-time threat findings, but I haven't had any yet, so I was not able to test this process yet.

Sweet Security helps unify various aspects of security detection into a single platform. It provides real-time infrastructure security and vulnerability management. It also monitors Layer 7 traffic for credential leaks and helps with vulnerability management on cloud accounts to detect if something is not configured properly. It's a lot of different functionality.

For the time I have been using Sweet Security, I feel a bit more safe in the sense that there is something that continuously scans my infrastructure for issues. I didn't have a solution in place for that before. So it has provided me peace of mind. In terms of actual findings, it found several vulnerabilities in my software. This has been definitely a benefit toward operating more secure software on infrastructure.

One thing I think Sweet Security can definitely improve is that they have a lot of features, but the UI right now is not so well designed in my opinion. It's a bit difficult to navigate and get to the signal. There is a lot of signal there, but it's a bit difficult to get to the correct place and understand what I am seeing. It has a small learning curve that I don't think such a product should have. It should be very straightforward.

Sweet Security has a mechanism where they initially show all the vulnerabilities that are in my infrastructure, which they show as a huge number, maybe around ten thousand, and they narrow it down to which of these could actually be exploited and are actually severe. It's nice that they are able to narrow it down to a few incidents. However, they don't really need to show this in the UI. Maybe they can just show the actual signal and not show that there is a lot of vulnerabilities, but indicate which are important. That's good that they can do it, but it's not so important to see it every time in the platform.

I have been using Sweet Security for a period measured in days to weeks during implementation.

There were some issues during the proof of concept with Sweet Security. I would rate the stability at nine out of ten.

I have a feeling that Sweet Security is better for small to medium-sized companies. I cannot give a one hundred percent answer here because I haven't tried to scale it. My infrastructure is not very big and my team is not very big, so these are just assumptions. However, the user interface that I see doesn't make me very confident that I will be able to extract information in case I had hundreds or thousands of Kubernetes  clusters or hundreds or thousands of hosts. In terms of scalability, I would rate Sweet Security at five out of ten.

One very strong point of Sweet Security is their pricing. It's really good. Also, their team is very good, very responsive, and motivated. They gave me a trial period, did multiple follow-ups, and were reviewing themselves the findings to actually understand how their product is performing. I got a very hands-on team compared to other solutions I evaluated where I didn't see such an attitude. If I take into account everything and all the support I received during the onboarding of Sweet Security, I would score it at nine out of ten.

Positive

I have previously used Wiz .

I wouldn't say the deployment of Sweet Security is too complex. There was some bug in the Sweet Security UI at first that didn't allow me to fully connect the sensor to AWS  logs or something. However, apart from that, once they resolved this issue, the installation itself is not very difficult. It's straightforward. It took days to get Sweet Security implemented.

The maintenance of Sweet Security is handled by the vendor. They are doing the upgrades.

With Sweet Security, it's something around ten to twenty percent resources saved.

The pricing of Sweet Security contains is pretty good since it is fairly priced.

We didn't evaluate other tools as we were moving from a purely manual process. Implementing Sweet Security automated our monitoring and alerts, saving us approximately 20% in time compared to our previous manual methods.

I am using the eBPF sensor in Sweet Security. The usage of the eBPF-based sensor has been pretty low. I was concerned about this initially because these sensors typically are pretty resource-intensive. However, this specific one is below one gigabyte of RAM and has very low CPU usage. The RAM consumption is around three hundred megabytes and the CPU usage is around three percent of one core. It's super low.

I haven't tried the LLM-based reply scanning feature in Sweet Security yet. I recently received a message that they are also doing LLM reply scanning now, but I haven't tested this one yet.

It hasn't really saved me time, I would say. It actually creates more work because it makes me aware of things that I was not aware of before. I would probably receive a different answer from a company that had another tool before and now has Sweet Security, but for me, I didn't have any tool before, so Sweet Security creates more work now. However, it's good to have.

Babylon is a pretty small company, so the number I'll give for Sweet Security usage is up to ten users. That's a small number.

I am a global company with Sweet Security and operate remotely.

I have integrated Sweet Security with AWS  and have integrated it with my own on-premises infrastructure as well. I have tried a few more integrations. I requested an integration with PagerDuty and an integration with GitHub  audit logs, which they both don't have. They haven't implemented this and it's been almost half a year now. So they have some things, but they could have more.

I would definitely recommend Sweet Security to companies like mine, to small companies, small to medium-sized companies, or startups that need somewhere to start, need to get a lot of things from a single tool, don't want to pay a lot of money, and want to build the initial security. My overall review rating for Sweet Security is seven out of ten.

We are cloud native and are using Sweet Security  for call runtime protection. It is much bigger than just runtime protection, but the main use case was bringing Sweet Security  for runtime protection services and it grew into a platform that we can utilize for many different things.

We are using it instead of a CSPM and for visualizing what we call code-to-cloud, our code-to-cloud vision, to better understand the different packages and different dependencies that we have within the cloud runtime. It helps us a lot in understanding which vulnerabilities we should tackle from the code perspective.

I really love the feature within Sweet Security platform that allows you to visualize the specific packages or functions that are being loaded to the memory and are actually being executed by the operational system. The fact that they know how to filter those really helps to reduce our time invested in the triage and also in the remediation and mitigation steps for which vulnerability. This is an amazing feature. It's not the main feature of the platform, but that's something I really love about it.

Before we had Sweet Security, upon any type of detection of activity, we needed to conduct a lot of deep investigations in different platforms and in different logs until we could build the larger picture. Once we inserted Sweet Security in the runtime protection, we are able to actually see each and every request being made from the application level towards the infrastructure. 

For example, there might be an API that gets a request, then ingests it into the backend and the backend processes it. We were able to see an API request being made and the exact method that it was infiltrated into the infrastructure. Previously, we were not able to correlate between an application layer event to an infrastructure layer event, but with Sweet Security, it's much easier. It reduces the time for an analyst to understand what's really happening. Any suspicion of an incident or something similar will not be a standalone. It will be part of a chain where you can see what happens from the application layer, then what it caused within the infrastructure layer.

Sweet Security has room for improvement in two areas. One is for robust integration with automations and playbooks. We have our internally developed platform that operates around security incident playbooks, so the connection between those two systems would be great.

The option to run specific playbooks through the Sweet Security platform would help us a lot, but these must be fully customizable. We prefer not to block the business from progressing unless we are fully sure that it is an incident. Most of the actions I would take would revolve around containment or notification on a specific platform and not via email or similar communications.

The second area is around the code perspective. I know it's just the start of a long journey that Sweet Security is going to go through to become a platform that also handles code, but I would expect options for a complete analysis and writing policies for infrastructure as code. The next great thing that Sweet Security can do is to turn toward IAC, how it is handled and enforced, to tackle potential breaches of policy before they really happen.

We have been using Sweet Security for two years now.

I would rate the stability of Sweet Security as perfect. We have never had any issues with stability.

Sweet Security is very scalable. We are a robust enterprise with thousands of assets in the cloud or tens of thousands. I would rate the scalability as exceptional.

The technical support is exceptional. Sweet Security is amazing in that part. They are there immediately, providing us with the best technical people, solving any issue we had. Although we didn't have many issues, the few we had were resolved quickly, so I'm very satisfied.

Positive

The first product we tried was GuardDuty. We had the EKS protection runtime. It was okay, but not more than that. I needed something more than just okay, because I wanted to know each and every event or everything that happens on the operational system we are running on, whether it's an EC2  with Linux or a Kubernetes  environment.

The customization that Sweet Security brought was the option to not only cover all of the GuardDuty features but also create their own threat detection rules, and they allow us to create our own. Two years ago, I joked with them, saying that this is the next generation SIEM . The reason being that the old legacy SIEM  solution is not really adjusted to the cloud environment.

If you have a solid CDR or runtime protection tool that also gives you options to write those rules and integrate business logic into the tool, it allows you to detect anything specific to your company.

During our examination of the product, we conducted a POC not just with Sweet Security, but also brought Defender for Cloud to run against Sweet Security. Our team created a testing platform with a few servers installed with Sweet Security and Defender on them. During red teaming tests, Sweet Security consistently won over GuardDuty and Defender for Cloud, confirming that this was the correct decision.

The deployment was pretty easy. It's just a daemon set being installed on the Kubernetes  level, which the team handled easily. The deployment itself can take minutes. We wanted to be sure that we did it correctly, so we deployed it in phases, which took a bit more than a few weeks.

The integration aspect is really quick and easy. We didn't need any help; our engineers integrated it with AWS  and GitHub  swiftly. Each integration took just a few minutes.

I'm not really into the specifics of the pricing, but as far as I know, it is cost-effective.

I assess the effectiveness of the machine learning algorithms in reducing threat response time as pretty good. At first, when we started with Sweet Security, the first month or so was pretty noisy with lots of different alerts being raised, but that's understandable. However, as time passed, we don't see any false positives, which is amazing.

The machine learning works extremely well. We use the customizable dashboards and they are excellent in allowing us to create one dashboard for the CISO view. The CISO view is mainly for the CISO and the directors who are operating on the cloud, infrastructure and application security. They want to see things from a high-level, cross-company-wide perspective.

We have that dashboard, but we also created a dedicated dashboard per specific analyst team. We still don't really use the reporting tools much, unfortunately. This is our next step. The next step for us would be to connect the reporting mechanism with our internally developed system that knows how to take off those reports and then do whatever we need with them.

The threat detection capabilities influence our decision-making processes. Whenever we need to make a decision about what should be fixed first or what we should focus on, the team will first go to the threat detection page and learn about the system or the environment that we need to take a decision for.

On a day-to-day basis, around 10 users are logging into the platform. Overall, there might be around 30 or 40 people. The solution requires maintenance, but it is minimal. Once in a while, when Sweet Security releases a new agent, we need to conduct the installation ourselves, as we chose not to allow them to reinstall it remotely.

Overall rating: 10/10.

Our primary use case for using Sweet Security  is to have more eyes and visibility to be able to catch things at runtime and not in a static way. I believe this offers more effective control.

I find the UX/UI to be comfortable. The insights that it brings us are related to the business logic of our company, which is important. If something is flagged as a critical alert, this indicates that it must be observed closely. 

We have used the real-time monitoring feature of Sweet Security , and this specific solution has given us real detection that helps us find what is actually important against what is not important. It saves us a lot of investigation time that isn't required anymore. It's a very good product, I'm happy we have it. We looked into the CPU consumption and it's the lowest against the benchmark. 

The time savings from Sweet Security have varied, but the impact has been significant. It has reduced the need for back-and-forth discussions between teams such as Security, DevOps, and R&D. It only flags the important and critical risks. It saves developers time from looking into fixes for false positives. We use the customizable dashboards in Sweet Security. These dashboards have helped in managing our security posture by presenting all the relevant information that the security team needs to see. The correlation between the information is very efficient. They made a lot of improvements to this over the last year. It's a lot better now than it was a year ago. The insights are good.

The reporting is very good because we can customize it to what we actually want to see. 

The value of having real-time visibility in our cloud environment with Sweet Security changes everything because it differentiates between identifying and reacting to something that is not really a risk and something that is truly a risk that needs to be treated.

Sweet Security has had a big impact on mitigating risks and aiding development.

The main areas for improvement are related to how Sweet Security needs to be customized

We have weekly meetings with them to discuss any improvements. We asked for tailored company OKRs. a one-page report. This needs to be improved but it's not critical; it's a preference.

We’re now in our second year of using Sweet Security.

I would rate the stability of Sweet Security a ten out of ten, though there was something a year ago that caused a production issue in my company, but they fixed it within an hour.

I would rate the scalability of Sweet Security a ten because it is very scalable.

I would rate the technical support that Sweet Security provides a ten out of ten. Their team is awesome.

Positive

Sweet Security was part of my strategy to go with a runtime solution for all the advantages and effectiveness it offers.

The deployment of Sweet Security was easy with no challenges. It was very quick. 

The team that uses it is around 3-5 people.

Sweet Security has saved time, though I cannot estimate the percentage as it's very difficult to measure.

I would describe the pricing of Sweet Security as fair, as it depends on the company they're working with. They're not cheap, but they're not as expensive compared to other companies. I also look at the ROI I save by removing other tools.

In comparing Sweet Security with other products or vendors in the market, Sweet Security is among the top two.

The Sweet Security solution requires maintenance from our end, and we would prefer it to require less maintenance if possible.

I would recommend Sweet Security to other users based on all my previous responses, and because they succeeded in getting the biggest results during my POC.

On a scale of one to ten, I rate Sweet Security a nine.

We use Sweet Security  primarily for vulnerability management on all of our cloud assets, mainly AWS , but we also use it for SOC, with the SOC integration getting the events and responding to them.

The best feature of Sweet Security  is that the events come in the form of stories, which are very informative, making it very clear what's going on.

The good sensor that can be installed on the servers themselves is an excellent feature.

The value we see from having real-time visibility into our cloud environment is significant. We actually came from a different tool that does almost the same, but it did not have some of the features that Sweet Security has, with the main uses being the SOC integration and addressing misconfigurations from the IT team.

The real-time monitoring feature is essential; it's a security tool that points out vulnerabilities, and once they point out the vulnerability, we address and fix it.

Sweet Security's reporting tools enhance our insights into potential vulnerabilities and threats as they serve as our eyes and ears inside AWS , telling us what we are doing wrong so we can fix it.

Sweet Security's threat detection capabilities influence our decision-making processes by providing alerts and allowing us to look at the dashboards and respond accordingly, even as a very small team consisting of just two people.

There is room for improvement. We have a very close relationship with Sweet Security and have a weekly meeting where we ask for new features, which they usually respond to very quickly, including the feature we requested for a Windows Server  sensor, which they created and we are currently testing.

One area for improvement could be the alerts, as we have an issue with the alert time, the time it takes for the system to send the alert, but besides that, there is nothing special.

I have been using Sweet Security for about a year, as we signed a contract about a year ago.

I would rate the stability at 10, at least for the last year.

Sweet Security's scalability depends on what is considered scalability. For us, we don't need to scale it since it's all SaaS, but I can say it is very easily deployable.

I would rate the vendor support an eight, as we have a very close relationship, allowing me to contact my account manager at Sweet Security anytime, and she gets the right people involved during our weekly meetings and ad hoc meetings, making the support very good.

Positive

Previously, we used Ermetic , and we moved away from it due to their price increase.

The migration from our previous tool to Sweet Security was not seamless but it was not that difficult.

Sweet Security does not require any maintenance, as it is a completely SaaS solution where everything, including updates and dashboards, is done on their side, and the agents are also updated automatically.

Regarding return on investment, I cannot say how much time or resources Sweet Security has saved since we are a very small team, but I am guessing it saves some time because it's a good tool.

I am not aware of the pricing details; that is a different department.

We evaluated other solutions before choosing Sweet Security, including big names like Wiz  and Orca, but Sweet Security stood out for their amazing pricing and because they were much cheaper than Ermetic  while providing approximately the same capabilities.

I haven't used the customizable dashboards feature yet.

I cannot assess the effectiveness of the machine learning algorithms in reducing threat response time; I don't remember using a feature like that in Sweet Security.

Regarding how Sweet Security has helped me prioritize risks and threats more effectively, I don't know how to say if it helped or not, but it is definitely needed, as the tool is our eyes and ears with everything cloud-related.

We purchased Sweet Security through a direct purchase.

We are not a small company; we have 7,500 users, but our IT team is indeed very small with just two users of this product.

I would recommend Sweet Security to other users for the price and functionality.

I rate Sweet Security eight out of ten.