My main use for Ox Security is having a centralized way of aggregating all of the vulnerabilities that I may encounter within different applications and different stages of the software life cycle we use, and to provide context to those vulnerabilities.
Ox Security helps me daily in my workflow since it raises vulnerabilities found in our repositories, in our generated images, and in our cloud environments. An example of usage would be the integration we have into our CI/CD pipelines to help us with SAST and SCA vulnerabilities along with other scanners.
We use Ox Security as a main hub for our vulnerabilities, in the same way that AWS Security Hub would behave.
The best features Ox Security offers in my experience are its ability to provide context to a vulnerability and determine if a vulnerability is likely to be exploited or not.
Ox Security delivers context through a mix of several things, including dashboards and its prioritization scoring system. Basically, if you have some configuration and your software is vulnerable to some kind of vulnerability, but that exact code doesn't execute the vulnerable code itself, it determines that the risk is unlikely to be exploited, for example.
Ox Security has positively impacted my organization by helping to reduce the amount of noise we received from vulnerabilities because of the prioritization scoring it has and all of the context it provides.
Regarding measurable outcomes, I would say that it has reduced the amount of noise by about forty percent. We didn't have that much noise before, so around a forty percent decrease in noise has helped us reduce the amount of hours we have to spend reviewing each vulnerability.
The main pain point I have with Ox Security as a tool is the user interface, which can feel quite complex when navigating large datasets. It's not as developer-focused as other tools.
More customization options for dashboards would be a nice to have regarding the needed improvements.
I have used Ox Security for about six months.
Regarding scalability, we didn't face any issue when deploying Ox Security in all of our clouds and repositories and CI/CD pipelines. I would say its scalability is good enough.
Customer support for Ox Security is generally good, but they may take a few days to answer sometimes.
I would rate the customer support a seven on a scale of one to ten.
We didn't use anything before Ox Security.
My experience with pricing, setup cost, and licensing was quite straightforward. Ox Security does not have a public pricing tier, and I had to contact them through sales, but they were really helpful with setting everything up and providing an amount.
I do not have a specific metric, but we have saved a lot of time while using Ox Security because our time to respond to vulnerabilities has decreased significantly and also because of the reduced noise received.
Before choosing Ox Security, we evaluated Aikido as well.
My advice to others looking into using Ox Security is that its strength relies on the aggregation of several tools. If a company is struggling with managing several tools just to get a better understanding of how their security posture is, tools like Ox Security are a must. I would rate this product an eight overall.
