Vanta helps us to achieve ISO 27001 compliance.
Vanta
VantaExternal reviews
2,111 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Hugely Helpful Cybersecurity platform.
What do you like best about the product?
The number of things the software does. Ease of use.
What do you dislike about the product?
There is no way to invest in the company before a public offering.
What problems is the product solving and how is that benefiting you?
Helped us get our cyber security audit.
Helps to achieve ISO 27001 compliance with automated checks
What is our primary use case?
How has it helped my organization?
The product has provided automated security controls for our cloud provider. It helps to automate security checks. Vanta offers a list of things that can be done to achieve ISO 27001 compliance.
What is most valuable?
The tool's most valuable feature is automated tests.
What needs improvement?
Some of the tool's automated tests do not work the way it should.
For how long have I used the solution?
I have been using the product since February.
What do I think about the stability of the solution?
I rate the solution's stability a ten out of ten.
What do I think about the scalability of the solution?
I rate the tool's scalability a ten out of ten.
What's my experience with pricing, setup cost, and licensing?
Vanta is expensive.
What other advice do I have?
I rate the product a ten out of ten.
Vanta is Awesome!
What do you like best about the product?
Vanta has so many great features but here are my top three that I have gotten the most use out of:
-Risk Management: I love how Vanta not only provides you with an easy to use Risk Register, but also provides you with a library of different but common risk scenarios that you can easily add into your register. I also love how if you have controls already in place in other areas in Vanta it will be able to detect them and automatically add the controls into each risk scenario. Something that used to be time consuming and cumbersome is now done in minutes!
-Security Policy templates: Any security person/team can attest to the gruesome process of dealing with policies and having to create them from scratch. This feature was one of the biggest attractions to me when I first went looking for a security tools for my company. The policy templates they provide are so well written and thought out, they easily help you align your internal security posture with SOC 2/ISO and other security frameworks. The policy templates have really saved me by adding language that I may have missed or forgotten to add entirely.
-Trust Reports: A trust report is a public facing web page that you can easily publish on your website. It's published through a sharable link that you can send to your customers and prospects. What makes this such a big feature for me is having that single source of truth that I can send out to clients or prospects. I used to keep all of our security information in a PDF that I would have to constantly update and send that out to customers and prospects via email. With Trust Reports, it automatically updates from the controls that we have in place in our Vanta instance. Now, all I do is provide a link to our live Trust Report page for our customer and prospects to view. And no matter when they access the link I always have the assurance that they are receiving the most up to date info on our current security posture. A true game changer!
I could go on about many other features but these are definitely my top three and why I always recommend Vanta to anyone looking to stregthen their company's security posture.
-Risk Management: I love how Vanta not only provides you with an easy to use Risk Register, but also provides you with a library of different but common risk scenarios that you can easily add into your register. I also love how if you have controls already in place in other areas in Vanta it will be able to detect them and automatically add the controls into each risk scenario. Something that used to be time consuming and cumbersome is now done in minutes!
-Security Policy templates: Any security person/team can attest to the gruesome process of dealing with policies and having to create them from scratch. This feature was one of the biggest attractions to me when I first went looking for a security tools for my company. The policy templates they provide are so well written and thought out, they easily help you align your internal security posture with SOC 2/ISO and other security frameworks. The policy templates have really saved me by adding language that I may have missed or forgotten to add entirely.
-Trust Reports: A trust report is a public facing web page that you can easily publish on your website. It's published through a sharable link that you can send to your customers and prospects. What makes this such a big feature for me is having that single source of truth that I can send out to clients or prospects. I used to keep all of our security information in a PDF that I would have to constantly update and send that out to customers and prospects via email. With Trust Reports, it automatically updates from the controls that we have in place in our Vanta instance. Now, all I do is provide a link to our live Trust Report page for our customer and prospects to view. And no matter when they access the link I always have the assurance that they are receiving the most up to date info on our current security posture. A true game changer!
I could go on about many other features but these are definitely my top three and why I always recommend Vanta to anyone looking to stregthen their company's security posture.
What do you dislike about the product?
I don't have many areas that I dislike about Vanta, however, I do see areas of improvement. Here are a few features that I would love to see added:
-Vulnerability scanning: With all that Vanta provides, it kind of surprises me that they have not yet implemented their own in-house vulnerability scanner. Since Vanta is my one-stop-shop for almost everything security it would be great if I could use Vanta for dynamic vulnerability scanning of web apps right inside the console (And also be able to schedule these scans on a regular basis). Having this feature would eliminate my need to go to a third-party vendor for my dynamic vulerability scanning. Also this feature would be able to automatically complete specific controls that are required for certain frameworks. I would love to see this implemented one day!
-Security Policy Templates + AI: I might be jumping the gun on this one since Vanta is now starting to roll out new AI features into the application. This feature would scan your Vanta console and learn about your environment, then when opening new policy templates in the Vanta editor the policy would be able to reflect what it has learned about your environment. So for example: If I specify an SLA in Vanta of 7 days for Critical/High issues, when I open the policy editor for the policy where this is specified it would add that language in for me automatically. Again, this may be something they have in the pipeline and I could be jumping the gun a bit but I would love to see something like this in the future.
-Vulnerability scanning: With all that Vanta provides, it kind of surprises me that they have not yet implemented their own in-house vulnerability scanner. Since Vanta is my one-stop-shop for almost everything security it would be great if I could use Vanta for dynamic vulnerability scanning of web apps right inside the console (And also be able to schedule these scans on a regular basis). Having this feature would eliminate my need to go to a third-party vendor for my dynamic vulerability scanning. Also this feature would be able to automatically complete specific controls that are required for certain frameworks. I would love to see this implemented one day!
-Security Policy Templates + AI: I might be jumping the gun on this one since Vanta is now starting to roll out new AI features into the application. This feature would scan your Vanta console and learn about your environment, then when opening new policy templates in the Vanta editor the policy would be able to reflect what it has learned about your environment. So for example: If I specify an SLA in Vanta of 7 days for Critical/High issues, when I open the policy editor for the policy where this is specified it would add that language in for me automatically. Again, this may be something they have in the pipeline and I could be jumping the gun a bit but I would love to see something like this in the future.
What problems is the product solving and how is that benefiting you?
Vanta is providing me with a single source of truth about the status of the security within my environment. Vanta is solving the issue of overly cumbersome security environments and making everything super fast and easy to get rsults on. Their integrations are quick and easy to use, their features just get better every day, and their support and team is awesome to work with.
Helps us maintain compliance with standards like SOC 2 and various data policies, but the customer support needs improvement
What is our primary use case?
In our Vanta infrastructure, there's a mix of on-prem and cloud data. The cloud data is stored under WPH Cloud, which is why we can't access it directly as it's dedicated to CyberArk. We have component clusters and some BDIs on the cloud, and remote users need to access these resources for their DHL-related work. Managing this infrastructure involves using HCP Energy as the hypervisor, and hosting multiple Windows AM VMs, all running on version 22.04.
What is most valuable?
It helps us track the compliance of the components listed in our partner's directory. We can also check if the password manager, XML, and three log policies have been properly implemented on the desktop. We use JEM Cloud, which is a SaaS solution, and sometimes it experiences access issues. With Vanta, we can work on resolving these issues and ensuring policy compliance. Vanta also helps us maintain compliance with standards like SOC 2 and various data policies, which are essential for our documentation and communication requirements, ultimately ensuring enterprise software policy compliance.
In my role, which primarily involves IT responsibilities, I often deal with various policies. There are instances where specific policies, especially those related to quality, may not be implemented correctly. This primarily occurs with mainframes and devices owned by particular users. In such cases, Vanta helps us enable these policies on the devices and assign them to the relevant users. It also highlights when certain policies, such as version 86.x, are not assigned through SAP. Vanta provides guidance on configuring and mitigating these issues. Additionally, it helps us with GitHub account provisioning and deprovisioning, as well as managing GitHub and Google Workspace Flex. We also use the 1Password password manager, which Vanta assists in overseeing.
What needs improvement?
For how long have I used the solution?
I have been working with Vanta for two years.
How are customer service and support?
There is a delay with customer support and they are unsure of the answers we need. It could be because they're the first point of contact. But I comprehend the situation, and we're handling the process of receiving messages more swiftly. However, there might still be some occasional difficulty, possibly influenced by geographical factors or varying support response times. In general, I think the service is good.
How would you rate customer service and support?
Neutral
How was the initial setup?
It's rather straightforward. Initially, when I set it up, I configure it, and then I test it. We have specific commands to troubleshoot issues. We can use OktaNet to check performance or errors. Additionally, there's an agent prospecting feature. They also offer a unit ID from my address, making installation quite simple. It's manageable through monitoring tools.
What's my experience with pricing, setup cost, and licensing?
I can't determine if it's more expensive or cheaper, but I will advise you to explore the options and go with what aligns with what they offer and the prevailing market standards.
What other advice do I have?
I would rate the solution a seven out of ten.
This is particularly important because for certifications like HIPAA and authorized certificates, if there's no dedicated team, the responsibility falls on individual people to regularly oversee all aspects. However, if we integrate all these steps, it becomes much easier to understand our requirements and what needs to be addressed. Therefore, it's a good solution to have a single platform like Vanta for integration and resolution by following all the necessary steps.
I've used Vanta for some time, and initially, we configured it, but the reflection isn't accurate. In such cases, we need to investigate. We've integrated it through JumpCloud, and we should examine the JumpCloud prospecting. If there are any issues, we can get in touch with JumpCloud support. In terms of management, if we rely solely on one platform, it might take more time. Typically, it takes almost a day before the changes reflect as expected.
Reliable way to keep us compliant!
What do you like best about the product?
Vanta is continually improving to ensure our software and company practices are secure and compliant, making the auditing process very easy. I love how it provides steps for remediation of non-compliance. I check in on Vanta several times a day to keep up to date. We're REALLY loving Vanta AI, and are excited to see what's added to that next.
What do you dislike about the product?
While the list of integrations is growing, there are still integrations we'd love to see (Mosyle is one we've been waiting for a while, though we do auto deploy the Vanta agent to those machines).
What problems is the product solving and how is that benefiting you?
As stated earlier, Vanta ensures compliance for us. The increased automation in vulnerabilities, monitoring, and compliance frees up a lot of time. Notifications for things that need attention are great.
A stable solution that provides continuous compliance automation and monitoring
What is our primary use case?
Vanta is a GRC platform with continuous compliance automation and monitoring. Some things normally take us hours to do in terms of pulling screenshots and configuration. Vanta is continuously plugged into an API and reports back to us so that we can save time, effort, and FTE hours.
How has it helped my organization?
Vanta primarily helps our organization with the SOC 2 and the PCI audits, ensuring we're in compliance full-time without having us do internal audits as frequently.
What is most valuable?
The most valuable feature of Vanta would be the time savings from the automation and the continuous compliance monitoring once set up.
What needs improvement?
Currently, Vanta's user access review module is still in development, and we've been giving them continuous feedback to help them improve that.
For how long have I used the solution?
I have been using Vanta for two to three months.
What do I think about the stability of the solution?
I haven't had any issues with the solution's stability. I rate Vanta a nine out of ten for stability.
What do I think about the scalability of the solution?
I rate Vanta an eight or nine out of ten for scalability.
How are customer service and support?
Vanta’s customer support team is fantastic.
How would you rate customer service and support?
Positive
How was the initial setup?
Vanta's initial setup is pretty straightforward, but there are a lot of customizations that you need to tailor to your specific environment. It's not out-of-the-box plug-and-play ready. You need pretty heavy customization.
What was our ROI?
We have seen a return on investment with Vanta.
Which other solutions did I evaluate?
Before choosing Vanta, we evaluated Drata and OneTrust. We chose Vanta because the Vanta team was the most responsive and had the best pricing.
What other advice do I have?
We are using the latest version of Vanta. Vanta is a cloud-based solution.
Users need to ensure they have absolute buy-in from all the stakeholders. You can't deploy Vanta in a vacuum. You need buy-in from IT, HR, engineering, legal, compliance, etc. Otherwise, it's a very expensive tool to sit on the shelf.
Overall, I rate Vanta an eight out of ten.
The Best Guide to Achieving Organizational Compliance Goals
What do you like best about the product?
User Friendly, Continuous Product Updates and Prompt Customer Support
What do you dislike about the product?
Intervals of CSM catch-ups with the customer can be increased
What problems is the product solving and how is that benefiting you?
It's a ready-made book of all the compliance requirements with clear guidelines in user-friendly language.
Following the TODOs of VANTA saves us lots of time and helps us avoid large documentation and groundwork.
Following the TODOs of VANTA saves us lots of time and helps us avoid large documentation and groundwork.
Amazing Compliance Monitoring Tool
What do you like best about the product?
Super easy integration with various tool used withing organizzation. Seemless user flow and proactive alering for any gap in compliance. Great customer support and always ready to help team.
What do you dislike about the product?
I have not found any downside of Vanta. The tool acts as per our requirement.
What problems is the product solving and how is that benefiting you?
Vanta acts as automated and unified compliance monitoring platform. This saves hundreds of colective hours time. Vanta have also built a trust amongst the auditor community which helps us get the audit process completed in very short span of time.
The product looks complete and it helps a lot with the automatizations it has.
What do you like best about the product?
The best part is the eassy integration of all of my infraestructure and the detail of the reports about the compliance i have.
What do you dislike about the product?
The pricing by framework.It makes it expensive to apply to another framework that may ask for the same compliance than the one you already have.
What problems is the product solving and how is that benefiting you?
All the manual work of having to implement ISO27001 and having to organize and review all the paperwork.
A simple effective product for a complex boring problem
What do you like best about the product?
Product is beautiful and easy to use. Support team is incredibly helpful, and even if this is my first time in compliance process, I can continue the process relatively easy. It also has direct integration with many of the software we use.
What do you dislike about the product?
I cannot think of anything that I'd dislike.
What problems is the product solving and how is that benefiting you?
Vanta allowed me to create compliance documents easily.
showing 1,321 - 1,330