Effortless SOC 2 Prep, Minor Setup Hiccups with Older Tools
What do you like best about the product?
Vanta quietly pulls proof from our systems and shows exactly which controls are checked and which need work. During SOC 2 prep it gathered lots of the logs and access data for me, so I spent time fixing issues instead of hunting for screenshots.
What do you dislike about the product?
Some older tools didn’t connect automatically and required manual uploads during setup, which slows things down at first.
What problems is the product solving and how is that benefiting you?
Vanta turned compliance from a one-time panic into steady daily checks. Missing items show up early, many artifacts come in automatically, and audits need far less chasing.
Vanta Makes Compliance Effortless with AI Automation
What do you like best about the product?
What I appreciate most about Vanta is how it streamlines the entire compliance process. Normally, dealing with compliance can be a real headache, but the platform’s AI automation takes care of the difficult tasks, from gathering evidence to continuously monitoring everything. This has made our compliance efforts much more efficient.
What do you dislike about the product?
The primary downside is that getting Vanta completely set up can be a lengthy process. While they do provide guidance throughout the setup, it still requires significant time and coordination across various teams. This can be particularly challenging for smaller startups with limited resources. Additionally, their pricing structure isn't always very transparent at the outset, which makes it harder to budget for the service before you officially commit.
What problems is the product solving and how is that benefiting you?
Vanta’s main purpose is to centralize and automate security and compliance, eliminating the hassle that usually comes with managing these tasks. Rather than having to juggle everything manually,
Vanta Automates Evidence Collection
What do you like best about the product?
Vanta connects to our cloud and identity tools and starts pulling evidence on its own, so I don’t have to chase screenshots or logs. During our SOC 2 readiness it gathered user and access data automatically.
What do you dislike about the product?
A couple of legacy apps also needed manual evidence during initial setup, which took some extra engineering time.
What problems is the product solving and how is that benefiting you?
Vanta automates continuous checks and evidence collection so gaps show up long before auditors arrive. That moved our compliance work from frantic, last minute effort to steady, daily tasks.
Has improved our compliance workflow and helped identify and fix security vulnerabilities
What is our primary use case?
My main use case for Vanta is compliance in general, aiming for an ISO to be compliant with the standards.
A specific example of how I use Vanta for ISO compliance is that we have Vanta connected to our AWS account and our Azure DevOps repositories.
Regarding my main use case for Vanta, we are using it to make sure our security posture is good. For example Vanta has picked up all the AWS Inspector for our ECR repos vulnerabilities, and we create tickets and hand them out to our team, trying to remediate these images one by one, which provides a very useful view of our weak points.
What is most valuable?
The best features Vanta offers include reasonable recommendations, a nice user experience, and everything being organized. The remediation guidance is very nice, so if I don't have a clue about that item, Vanta gives me a hint on what to do and what the subject of that resource is.
Most of the time the recommendations are quite sufficient, which is great. Sometimes, if the task is a little bit complicated, it requires some extra research, but in general, it's good, especially for infrastructure as code. It even has solid examples on what to do.
Vanta has positively impacted my organization by helping us remediate a lot of vulnerabilities and bad practices, especially from vulnerable ECR repos, and enforced good behavior. For example, we enforce reviews for our pull requests, which wasn't mandatory before and was on a per-repo basis. Now, this enforcement is uniform across the entire organization.
After implementing those changes with Vanta, we tracked specific outcomes and metrics and improved compliance scores, which we can see in Vanta. We started out at around 17%, and we're now at over 80%. It's still a work in progress, but we've come a long way.
What needs improvement?
The only thing I wish for regarding the features is better RBAC. Permissions for platform users have been an issue. We've had to give admin access to Vanta for another team member to view all items. It would be great if the permissions of Vanta platform users had more verbosity to them, more dynamic.
To improve Vanta, I think the refresh after remediation takes place could be controlled more. If it could be faster, that would be great.
Besides the user permissions and the refreshing, which are improvements rather than issues, the rest looks fine. Vanta has been really nice, with a nice user experience, clear layout, and very reasonable recommendations compared to other platforms we've tried.
For how long have I used the solution?
I've been using Vanta for the past 10 months, starting in early January this year.
What do I think about the stability of the solution?
Vanta is very stable; we haven't had any downtimes or weird behavior so far, which we really appreciate.
What do I think about the scalability of the solution?
Regarding Vanta's scalability, our whole DevOps team and SRE teams have been onboarded, and it has been a smooth ride.
How are customer service and support?
I haven't interacted with customer support yet, as we haven't had any need to contact them so far. I'm sure they will be good.
How would you rate customer service and support?
Which solution did I use previously and why did I switch?
I previously used Azure Defender, which was a hideous solution with inconsistencies. Connectors would go down randomly, and some suggestions from Azure Defender were very awful and unrealistic. We had a rough time with it; We've had a very nice time with Vanta so far compared to Azure Defender.
What was our ROI?
Besides achieving a better security posture and coming closer to ISO compliance, I have nothing else to share about return on investment.
What's my experience with pricing, setup cost, and licensing?
My experience with pricing, setup cost, and licensing isn't in my domain to give a good answer.
Which other solutions did I evaluate?
Before choosing Vanta, our team lead evaluated other options, and I personally evaluated other options regarding security posture in general, mostly open-source ones.
What other advice do I have?
For others looking into using Vanta, I would say it's great, and if they're new to compliance, that's the perfect place to start. Start using Vanta, narrow down the scope, and take the items one by one to get one step closer to good compliance.
I think Vanta is one of the good platforms out there. I'm glad we're using it. I'm comfortable with it, and so is my team.
On a scale of 1-10, I rate Vanta a 9 out of 10.
Amazing product, amazing support, provides a complete end to end GRC solution
What do you like best about the product?
We’ve been using Vanta for a while now, and honestly, it’s been such a smooth experience. The platform is super easy to use, everything just makes sense, and it saves us so much time.
The support team is incredible. Whenever we have a question, they’re quick to respond and genuinely helpful. Plus, our account manager has been amazing, really proactive and always checking in to make sure we’re getting the most out of the platform.
What I love most is how comprehensive Vanta is. It truly feels like an end-to-end solution. It connects with nearly every tool we use, tracks compliance automatically, and works across pretty much any security framework. It takes so much of the stress out of staying compliant.
Overall, Vanta has made the whole compliance process simple, efficient, and honestly enjoyable, which I never thought I’d say about compliance!
What do you dislike about the product?
If I had to pick something I dislike about Vanta, its a little pricey for smaller teams, and some of the customization options are limited if you have really specific processes. That said, once everything’s up and running, it works seamlessly and more than makes up for those small challenges.
What problems is the product solving and how is that benefiting you?
Vanta helps us track our SOC 2 and HIPAA compliance all in one place. It makes it so much easier to manage everything, from policies and documentation to controls and compliance tasks. Instead of juggling multiple tools or spreadsheets, Vanta brings everything together in a single platform, so we always have a clear view of where we stand. It really streamlines the entire compliance process and keeps us audit-ready without all the manual effort.
Positive Experience
What do you like best about the product?
Easy to use, straightforward. The interface is very friendly
What do you dislike about the product?
Confusion around lots of redundant pieces, and some areas don't have clear guidance.
What problems is the product solving and how is that benefiting you?
It is solving my problem of learning compliance and guiding me through the process of adopting protocols.
A Reliable Partner for Security and Compliance
What do you like best about the product?
What I appreciate most about Vanta is the significant amount of time it saves our team. Rather than constantly following up with people for screenshots or stressing over whether controls are being met, Vanta handles everything automatically in the background. Its integrations with the tools we already rely on, such as AWS, GitHub, and Google Workspace, make tracking compliance seamless. I also enjoy the straightforward dashboard, which clearly displays our current status and eliminates unnecessary guesswork. Using Vanta feels like having an additional team member focused solely on compliance, but without the extra burden.
What do you dislike about the product?
One aspect I find challenging about Vanta is that the initial setup can be somewhat overwhelming. There are numerous integrations and settings to configure, and it takes a while to figure out the optimal way to organize everything. Sometimes, a few integrations don’t sync correctly on the first attempt, requiring us to troubleshoot or reach out to support. However, after the setup is finished, everything operates smoothly, and the support team has always responded quickly whenever we needed assistance.
What problems is the product solving and how is that benefiting you?
Vanta is helping us solve one of the biggest challenges we had as a growing company – managing compliance across multiple platforms and vendors. Since we use a mix of GCP, AWS, and other third-party tools, keeping track of security controls, access management, and system monitoring was becoming very difficult. Vanta centralizes all of this into a single platform.
With automated checks and continuous monitoring, we don’t have to manually chase logs or worry about missing compliance requirements. It also makes audits much smoother because all the evidence is already organized and mapped to controls. For us, the biggest benefit is the time and effort saved — developers can focus on building products while Vanta ensures that our systems remain compliant and secure in the background.
Streamlined compliance and peace of mind
What do you like best about the product?
Vanta makes the entire compliance process seamless, from automated evidence collection to real-time monitoring. The platform removes a lot of manual work and gives us confidence that we’re always audit-ready. Their integrations are broad and reliable, and the support team is responsive and knowledgeable.
What do you dislike about the product?
Some of the dashboards can feel a bit overwhelming at first, and setup takes time if you have a complex environment. A few integrations could go deeper, and reporting customization is limited. That said, these are minor compared to the overall value.
What problems is the product solving and how is that benefiting you?
Vanta is helping us automate the time-consuming parts of compliance and security monitoring. Instead of chasing evidence, managing spreadsheets, or worrying about audit readiness, the platform continuously tracks our systems and flags issues in real time. This saves our team significant time, reduces human error, and gives customers and partners confidence in our security posture.
Vanta is User Friendly
What do you like best about the product?
Vanta has automated all the compliance framework by integrating all the tools and it becomes very easy to track all the test and remediate them according to the SLA set in the platform.
What do you dislike about the product?
Till now I don't have any dislikes about Vanta
What problems is the product solving and how is that benefiting you?
Vanta is solving in tracking all the test required for compliance of SOC 2 Type II
Vanta is more than just a compliance tool.
What do you like best about the product?
What I appreciate most about Vanta is its ability to manage compliance across various frameworks. The platform offers a wide range of templates and policy generators, ensuring that you don't overlook any required sections for your compliance needs. Vanta also integrates with numerous vendors, allowing for automated testing of both user management and potential vulnerabilities within your infrastructure. While it's possible to handle these tasks manually, doing so would require the entire team's effort and would consume a significant amount of time and resources.
What do you dislike about the product?
Vanta performs all its functions smoothly and without any issues. My main complaint is that certain features, such as detailed role and permission management, are only available in the higher-priced plans. But overall, the core functionality works as expected.
What problems is the product solving and how is that benefiting you?
Vanta significantly speeds up the evidence collection process because many of the tests are automated, removing the need for manual work. This dramatically reduces the time required for compliance, and tasks that would typically need one or two full-time employees are handled automatically by Vanta.
Going manually through the list of controls provided in ISO 27001 or SOC2 can give you headaches, as the list is extensive and some of it requires additional sources to explain what is required.
Vanta has all controls connected to tests, policies, and documents, and additionally, it gives a clear explanation of what each control or test means and how to fulfill it.
