Vanta is Awesome!
What do you like best about the product?
Vanta has so many great features but here are my top three that I have gotten the most use out of:
-Risk Management: I love how Vanta not only provides you with an easy to use Risk Register, but also provides you with a library of different but common risk scenarios that you can easily add into your register. I also love how if you have controls already in place in other areas in Vanta it will be able to detect them and automatically add the controls into each risk scenario. Something that used to be time consuming and cumbersome is now done in minutes!
-Security Policy templates: Any security person/team can attest to the gruesome process of dealing with policies and having to create them from scratch. This feature was one of the biggest attractions to me when I first went looking for a security tools for my company. The policy templates they provide are so well written and thought out, they easily help you align your internal security posture with SOC 2/ISO and other security frameworks. The policy templates have really saved me by adding language that I may have missed or forgotten to add entirely.
-Trust Reports: A trust report is a public facing web page that you can easily publish on your website. It's published through a sharable link that you can send to your customers and prospects. What makes this such a big feature for me is having that single source of truth that I can send out to clients or prospects. I used to keep all of our security information in a PDF that I would have to constantly update and send that out to customers and prospects via email. With Trust Reports, it automatically updates from the controls that we have in place in our Vanta instance. Now, all I do is provide a link to our live Trust Report page for our customer and prospects to view. And no matter when they access the link I always have the assurance that they are receiving the most up to date info on our current security posture. A true game changer!
I could go on about many other features but these are definitely my top three and why I always recommend Vanta to anyone looking to stregthen their company's security posture.
-Risk Management: I love how Vanta not only provides you with an easy to use Risk Register, but also provides you with a library of different but common risk scenarios that you can easily add into your register. I also love how if you have controls already in place in other areas in Vanta it will be able to detect them and automatically add the controls into each risk scenario. Something that used to be time consuming and cumbersome is now done in minutes!
-Security Policy templates: Any security person/team can attest to the gruesome process of dealing with policies and having to create them from scratch. This feature was one of the biggest attractions to me when I first went looking for a security tools for my company. The policy templates they provide are so well written and thought out, they easily help you align your internal security posture with SOC 2/ISO and other security frameworks. The policy templates have really saved me by adding language that I may have missed or forgotten to add entirely.
-Trust Reports: A trust report is a public facing web page that you can easily publish on your website. It's published through a sharable link that you can send to your customers and prospects. What makes this such a big feature for me is having that single source of truth that I can send out to clients or prospects. I used to keep all of our security information in a PDF that I would have to constantly update and send that out to customers and prospects via email. With Trust Reports, it automatically updates from the controls that we have in place in our Vanta instance. Now, all I do is provide a link to our live Trust Report page for our customer and prospects to view. And no matter when they access the link I always have the assurance that they are receiving the most up to date info on our current security posture. A true game changer!
I could go on about many other features but these are definitely my top three and why I always recommend Vanta to anyone looking to stregthen their company's security posture.
What do you dislike about the product?
I don't have many areas that I dislike about Vanta, however, I do see areas of improvement. Here are a few features that I would love to see added:
-Vulnerability scanning: With all that Vanta provides, it kind of surprises me that they have not yet implemented their own in-house vulnerability scanner. Since Vanta is my one-stop-shop for almost everything security it would be great if I could use Vanta for dynamic vulnerability scanning of web apps right inside the console (And also be able to schedule these scans on a regular basis). Having this feature would eliminate my need to go to a third-party vendor for my dynamic vulerability scanning. Also this feature would be able to automatically complete specific controls that are required for certain frameworks. I would love to see this implemented one day!
-Security Policy Templates + AI: I might be jumping the gun on this one since Vanta is now starting to roll out new AI features into the application. This feature would scan your Vanta console and learn about your environment, then when opening new policy templates in the Vanta editor the policy would be able to reflect what it has learned about your environment. So for example: If I specify an SLA in Vanta of 7 days for Critical/High issues, when I open the policy editor for the policy where this is specified it would add that language in for me automatically. Again, this may be something they have in the pipeline and I could be jumping the gun a bit but I would love to see something like this in the future.
-Vulnerability scanning: With all that Vanta provides, it kind of surprises me that they have not yet implemented their own in-house vulnerability scanner. Since Vanta is my one-stop-shop for almost everything security it would be great if I could use Vanta for dynamic vulnerability scanning of web apps right inside the console (And also be able to schedule these scans on a regular basis). Having this feature would eliminate my need to go to a third-party vendor for my dynamic vulerability scanning. Also this feature would be able to automatically complete specific controls that are required for certain frameworks. I would love to see this implemented one day!
-Security Policy Templates + AI: I might be jumping the gun on this one since Vanta is now starting to roll out new AI features into the application. This feature would scan your Vanta console and learn about your environment, then when opening new policy templates in the Vanta editor the policy would be able to reflect what it has learned about your environment. So for example: If I specify an SLA in Vanta of 7 days for Critical/High issues, when I open the policy editor for the policy where this is specified it would add that language in for me automatically. Again, this may be something they have in the pipeline and I could be jumping the gun a bit but I would love to see something like this in the future.
What problems is the product solving and how is that benefiting you?
Vanta is providing me with a single source of truth about the status of the security within my environment. Vanta is solving the issue of overly cumbersome security environments and making everything super fast and easy to get rsults on. Their integrations are quick and easy to use, their features just get better every day, and their support and team is awesome to work with.