We use IONIX to identify and monitor any vulnerabilities or issues within the attack surface. It is also used to validate the remediation actions.

I helped to select the product and negotiate the contract terms for the product. I was on the team that designed, implemented, or customized the solution.

The KPI would be the completeness of attack surface visibility, the remediation time target, and the effectiveness of other surveillance and monitoring processes like a double-checking mechanism.

Initially, the problem we encountered was understanding the full spectrum of the attack surface, particularly with internally operated network address spaces and third-party operated address spaces. We also used the solution to see what the network address looks like and whether it is clean regarding vulnerabilities from a security standpoint.

From a prioritization perspective, IONIX is super helpful. It has its own prioritization algorithm. Unlike other scanners, IONIX sees whether the detected vulnerabilities can be exploited. This gives us a very clear view of what we need to fix now and what we need to fix in 30 to 60 days. The solution provides very clear visibility.

Prioritization is also very helpful because of the accurate distinction of network ownership between third-party and my team operations. Having the right ownership marked appropriately helps get the right people to take the right actions very quickly. We waste much less time figuring out the ownership, which is very helpful.

We have other means to identify assets that are most critical to our operations and have the biggest impact on our risk exposure. IONIX helps ensure we do not miss any among our many thousands of IP addresses. If somebody has a random IP address, we can very quickly say it is in this category owned by these people. IONIX helps a lot with ownership rather than just priority or criticality.

IONIX identifies digital supply chain risks in the third-party digital products and services our organization uses. IONIX helps us with a third party because it already has a view of all our third parties and their connectivity back into my organization. They also monitor the potential exposure of these third parties.

When vulnerabilities are exposed, IONIX is very quick to point them out so that we can work with the right third party to remediate them very quickly. I would not be able to identify and monitor all of them internally. It's just a scaling problem. IONIX is able to scale very quickly into each of those third parties and identify them. This is only for any of the internet phasing types of IP addresses.

IONIX has tremendously helped reduce our organization's false positives. The false positives can come because of many different reasons. Firstly, IONIX helps us accurately identify which assets we own. We get many different reports daily, but we often don't own those assets. That's why it is not a false positive. Even if the issue exists, we always get to the wrong owners.

IONIX helps with getting the reports to the right people. We also get a lot of different reports about vulnerabilities that generally don't exist. The solution's detection is very accurate. IONIX helps us get to the right owner or the right reason very, very quickly just because of the accuracy of their data.

The solution's Action Items are written in simple language so that IT personnel can fix them rather than needing security experts. IONIX correlates the data with the right CBE number, which helped to do further research if necessary. IONIX's language is genuinely industry-friendly, so the instructions are clear.

IONIX provides automated integration into our SOC tools. The solution has APIs from which we pull data. Once we pull the data, we use it in many different ways, shapes, or forms, including asset inventory and prioritization. There are a few criticality adjustments, but mostly, it is used for priority and ownership.

It took us about 60 days to start seeing the benefits of IONIX. Initially, it took some effort to ensure that our network rangers recorded or detected accurately. We need a little bit of an education session with IONIX to be able to distinguish between our assets and the third parties' assets.

A certain level of investment from my side was required, and if I did not do that work, then any of the data coming from IONIX would be useless. The initial investment is what makes it accurate. Once a one-time investment is made, we can get very accurate detection and results out of IONIX within 60 days.

The solution's Active Protection feature automatically mitigates specific exploitable vulnerabilities without action on our part. The Active Protection feature requires zero amount of work from my organization. It offers a great deal of protection as soon as IONIX can detect it. It is one of those exceptional cases when we have to do nothing, and the tool does everything to offer us protection.

The solution's Threat Exposure Radar provides a unified view of critical exposures across our entire attack surface. Every organization will have its own operated IP address space and third party. In some cases, some of our websites are also linked to relatively unknown organizations.

The solution's Threat Exposure Radar helps us identify where the threats are located and gives us a one-panel view of the entire landscape. It is one of those TV screens that gives us an executive view of where things are and whether we're healthy or not.

IONIX has significantly helped reduce our mean time to remediate. We also have the service of a support analyst, with whom we meet regularly. Not only are we getting the wording in the form of a website, but we also get somebody who can explain things to the technical team. They're very, very responsive, and they answer very quickly if we have any questions.

Over the last four years, we have gone through two people, and both of them are very, very technical and able to articulate very complex topics to us in a very, very clear manner. In addition, the meantime to remediate comes back to the accuracy of the data. We have many other vendors in this space. The accuracy of the data and the ability to portray ownership to us is very, very crucial. Once you have the right data, the action becomes much more effective.

We don't use the solution's Threat Exposure Radar to prioritize threat remediation because we use many other analytics and pull in multiple data sources to do that. That particular feature is not as useful for us, but it's only because we have many other tools and data sources to consider. We have invested very heavily in that.

The solution's false positive ratio is extremely low because it's able to recognize which assets are mine and which are not. That helps to reduce a lot of confusion, which is a big deal. If we look at the reporting numbers by other vendors in this particular space, IONIX reports about half of the vulnerabilities to me. I would say 90% of those half will be false positives.

We're constantly surprised by how good IONIX is at detecting timely vulnerabilities. If things were to happen today, I would likely get a report tomorrow. IONIX is staying on the cutting edge to help us detect emerging threats on our attack surface.

I don't have anything that I don't like, but there is a feature that IONIX can also consider. We're a heavy user of IONIX services and have a very, very good partnership. However, IONIX only looks at certain domains, particularly the external-facing perimeter. There are services in modern-day organizations that could potentially expose internal resources to the perimeter side as well, like whether your authentication to internal identities is exposed through the internet.

All organizations are very concerned about that. Even big organizations like Microsoft are falling for that kind of attack. IONIX can offer additional services to detect any potential bridging of very sensitive internal resources to the external side.

I have been using IONIX for four years.

Technical support is not something we reach out to because we work in a partnership methodology, where we have regular standing meetings with IONIX's support team. We already have standing meetings at regular intervals, and we review not just issues we have but also the reporting that they provide. This helps us ensure that we fully understand all the reporting and monitor the situation or the attack surface as a result. The technical support benefits us only because we invest time into it.

Positive

I have previously used CyCognito. With CyCognito's recognition of network addresses, we get a tremendous amount of false positives. The difficulty is that I get an overwhelming amount of detection, which we find out does not belong to my organization. That created a lot of conflict between the different teams because it became confusing, and people chased the wrong owners to remediate things that didn't exist in the organization.

The complexity of modern-day environments makes it very difficult for vendors like CyCognito and IONIX to accurately detect and recognize which network resources are owned by clients like me. I think that's the big thing there, and the rest are somewhat similar.

There's seemingly very good marketing about the effectiveness of many other vendors. Once organizations like mine go and test out and use different vendors, the results are very, very clear. We get to know which vendor is going to be able to distinguish those really, really, really confusing details and make it accurate.

The solution's initial deployment depends on the organization's understanding of the environment. For us, the initial deployment was reasonable. I would not say it's easy, but it requires a certain amount of understanding. For example, we need to know our IP address spaces. IONIX will provide a list of assets like IP addresses and check if they belong to us. If we're not able to identify them, or if we're not even able to know our organization's structure, then it would be very difficult.

It comes back to whether the people working with IONIX understand their environment. If they do not understand the environment, it would be very difficult. It's not a technical thing but more of an organizational thing. For example, when IONIX asks us if a company is one of our subsidiaries, we immediately know that it is, and in some cases, it isn't. That's the level of work effort that is required.

It depends on the organization operating it and who is actually in the driver's seat working on it. If we put the most junior person who's new to the organization, that would have become very hectic. Luckily, we initially put some very senior people into it, and we were able to work very quickly. Some investment of time and effort are required.

The solution's pricing is reasonable and at par with the rest of the industry.

It's not just whether it recognizes the vulnerability we care about but where those vulnerabilities occur. If it is not mine, I cannot take action. Reporting it to me makes no sense, and it would only waste my time and cause a lot of confusion. I would say reducing false positives is a big deal.

Overall, I rate the solution a nine out of ten.

IONIX provides visibility into our assets, such as our web interfaces and services. 

IONIX enables us to manage all our assets from one platform. We can see all the assets, login pages, web services, etc., from one place. It automatically scans everything so we can find new information about our organization. We don't need to add each asset or interface manually. IONIX allows us to see every registered domain and any DNS changes. Using IONIX has saved me about five or six hours each week. 

IONIX helps us prioritize our primary assets. Its action items are written in simple language, making it easy for our IT team to remove them. 

We've integrated IONIX with Splunk with the help of IONIX support, and they were able to do the integration quickly. Their automated vulnerability resolution feature works nicely, but I haven't used it often. The solution has few false positives—maybe one or two per year.

The integration and mechanisms for scanning things after we fix them could be simpler. IONIX isn't an easy product to use, but it's one of the best solutions once you learn how to work with it. 

I have used IONIX for a year and a half. 

I rate IONIX 10 out of 10 for stability. 

I rate IONIX eight out of 10 for scalability. 

I rate IONIX support nine out of 10. I'm satisfied with their service. They have resolved every ticket I've opened and given me all the answers. If we need additional assistance, they will contact their developers and product team to help us understand something. 

Positive

I rate IONIX nine out of 10. I would recommend IONIX for large enterprises. It may not be very useful to smaller organizations. 

IONIX enhances our understanding of our attack surface by revealing both known and unknown aspects of our systems. This insight helps us anticipate the various tactics attackers might use to penetrate our network. With IONIX, we can evaluate the risks associated with vulnerabilities in our internal systems.

Moreover, the recent addition of a threat sensor feature enables us to prioritize these risks more effectively.

When we started using the IONIX platform, we had hundreds of vulnerabilities. Over the years, this number has decreased significantly, and we now maintain an average of about 50 open vulnerabilities in our application space.

IONIX helps us prioritize vulnerabilities in both applications and infrastructure, but my focus is on applications.

IONIX uses scoring algorithms to identify critical assets, though it lacks some internal data we have. Despite this, its prioritization is useful and complements our analysis. The platform helps us prioritize security fixes by assigning severity levels to vulnerabilities, which we trust and follow.

IONIX has also reduced false positives, saving us time and resources. Its active protection feature automatically mitigates exploitable vulnerabilities, providing temporary solutions while we work on permanent fixes. We use

IONIX's APIs to connect with our SIM systems and other tools, though we haven't fully utilized these integrations yet.

The platform offers clear visibility into our attack surface, especially non-production assets on the network perimeter, which are more vulnerable. Since implementing IONIX, we've seen a significant reduction in perimeter vulnerabilities.

IONIX's remediation information is often actionable by our AD teams, and we support them as trusted advisors.

The threat exposure radar helps us identify and prioritize areas with concentrated vulnerabilities, allowing us to allocate resources effectively.

IONIX has transformed our security posture, reduced the number of vulnerabilities and eased the burden on our security teams. It also helps identify digital supply chain risks, allowing us to work with our third-party business management team to address these issues and improve our overall security.

The portal is an excellent resource, offering valuable insights in a clear and actionable format. It provides a wealth of information, presented in a way that's easy to understand and use. This aligns perfectly with our key focus when working with IONIX: ensuring the data they deliver is highly actionable.

Our team is always looking for ways to improve the product. Although we understand we are not the only client, the company has been very receptive to our suggestions. They work with the development team to implement our requests, and most of the time, they do. However, we are currently facing a challenge with the RBAC system. Our view on how it should function differs slightly from theirs. While we understand their position, more flexibility in controlling the system would be beneficial.

Due to the sensitive nature of our data, we need to limit access to specific user information within IONIX. Although we have implemented some user feedback for improvement, other areas require changes to IONIX's RBAC model. We understand their reasons for the current model, but we believe modifications are necessary. Unfortunately, achieving those changes seems unlikely.

I have been using IONIX for three and a half years.

IONIX is a stable solution. We have not experienced any downtime from their platform that has impacted us.

The scalability is constantly being improved, and we're exploring integrating it into our cloud tenants. However, we have other products that we are also looking at for cloud security solutions, and we don't want to duplicate efforts. Our senior security leads are investigating this to avoid redundancy and provide further insight. So, it's not that we can't integrate, we're just deciding on the most efficient approach.

Our bi-weekly meetings with their technical support are a great way to discuss and address desired platform improvements. Their dedication to client success is truly impressive, making them a valuable resource.

Positive

We previously used numerous solutions including CyCognito. Our organization has standardized on IONIX, making it our long-term choice.

Since we were an early adopter of IONIX, I believe we have a very favorable pricing model. However, I'm unsure if the same pricing would be available to new customers joining today.

I would rate IONIX nine out of ten.

No maintenance is required from our end.

The key to effectively prioritizing risks lies in understanding the data IONIX provides. This data needs to be actionable, meaning it should tell you what issues to address first. By thoroughly grasping the information, you'll be able to make informed decisions about which risks your team should focus on resolving.

We use IONIX to gain visibility into our external attack surface. This allows us to see our organization from an attacker's perspective, identifying potential vulnerabilities. By exporting reports, we can effectively communicate these risks to key stakeholders, enabling them to take proactive measures to mitigate them.

The most important thing was to identify all our public-facing systems. In other words, any systems that the public could access. Once I had that list, my priority was to ensure their security. That meant making sure they were free from vulnerabilities. Next, I wanted to have actionable intelligence on any vulnerabilities we found. This way, I could send it directly to the system owners, who could then take immediate action to fix the problems. The IONIX platform has been instrumental in achieving this. On the very first day, I got access, we were able to identify and address two critical vulnerabilities within just five minutes! Additionally, we discovered a public-facing system that we weren't previously aware of. Overall, it's been a very impressive tool.

IONIX helps us with KPIs by identifying our assets and locating publicly accessible vulnerabilities within those assets. Additionally, it provides a severity rating for each vulnerability.

The tracking is important because it ensures we are not replicating efforts.

IONIX prioritizes bug fixes based on severity using a scale of one to ten. This ensures that critical and high-priority issues are addressed immediately.

IONIX helps us identify our most critical assets, the ones that have the biggest impact on our risk exposure. It can also pinpoint any of these assets that are externally facing, meaning accessible to anyone on the internet. This is extremely valuable because having critical assets exposed to the public internet significantly increases the risk of attack. By identifying these exposed assets and highlighting their vulnerabilities, IONIX provides a crucial service.

IONIX excels at identifying risks in third-party digital supply chains. This makes it easy to leverage those KPIs and demonstrate a potential correlation between security and search engine optimization to our marketing team, thereby getting them involved.

Fortunately, I haven't had to discuss any false positives. The majority of our alerts, particularly the medium-severity ones, seem to be triggered by hyperlinks to third-party websites. We have a significant number of these alerts, and I'm scheduled to meet with the marketing department to address them.

The IONIX user interface is truly user-friendly. Setting up a link, and credentials, and navigating the platform was incredibly fast and required no prior configuration. Within five minutes, I was up and running, able to explore a report and initiate action from our infrastructure team. It's a remarkably fast and smooth experience.

Non-technical people can see the evidence and take action based on their one-sentence actionable items.

IONIX integrates with our SOC tools to automate tasks. We plan to further leverage IONIX by integrating our AWS public-facing assets and Jira ticketing system. This will allow for automated project creation for our infrastructure team.

I realized the value of IONIX within the first five minutes. It identified two critical vulnerabilities that we were then able to address.

The Active Protection feature automatically detects exploitable vulnerabilities in our system and takes control of them, without requiring manual intervention from us. IONIX can potentially take control of an asset before an attacker does. This would prevent the attacker from gaining access. IONIX would notify us of the issue and help us mitigate it before returning control of the asset. Ultimately, it's far better to have a trusted security provider like IONIX manage our assets than a malicious actor. The Active Protection feature is important to us for those reasons.

IONIX helps us reduce our mean time to remediation by providing clear and concise information. This allows our marketing team to address certain situations without requiring IT intervention.

I've accessed the IONIX threat exposure radar three times since its implementation, and thankfully, there haven't been any threats detected on any of those occasions.

The most valuable feature of IONIX is the effortless setup.

I manage multiple cloud accounts for our SaaS applications. It would be extremely beneficial if IONIX could integrate with popular SaaS services like Salesforce, Box, Zoom, or NetSuite. This would streamline our workflows by having everything centralized within the IONIX platform.

I have been using IONIX for 2 weeks.

I have not encountered any stability issues with IONIX.

Regarding the scalability of IONIX, I can discuss its compatibility with some of our existing cloud systems, such as our AWS environment. We can integrate IONIX with AWS for a more comprehensive solution. Additionally, we can incorporate Jira, a project management tool, to assign tasks to different teams across our nine offices in the United States. This will ensure that all our public-facing assets are readily visible within IONIX. With this setup, I am confident that as we open new offices and their systems come online, they will automatically be reflected in the IONIX platform.

The technical support team impressed me with their ability to identify a common thread. We have three websites that essentially serve the same purpose. The team recognized that a single action taken across all three sites would minimize the risk. In other words, their assistance wasn't limited to just one website; they identified a vulnerability that spanned all our assets. That's what makes them truly amazing. Their response time is almost instantaneous.

Positive

We are using Rapid7 InsightVM, Rapid7 Insights, and Rapid7 InsightAppSec. However, the Rapid7 suite is not able to discover all the assets that IONIX identified. We will not be renewing the contract with Rapid7 because IONIX is much better.

I haven't gotten complete asset visibility with other tools like I have with IONIX. For example, even after eight months of using Rapid7, not all our assets are publicly identified. Similarly, CrowdStrike only shows maybe half of them. With IONIX, however, all our assets were readily apparent.

The initial setup was a breeze. It only took five minutes to complete. All I had to do was click a link and follow the prompts. Within five minutes, I was online and able to explore the IONIX platform. I even exported a CSV report and forwarded it to our infrastructure team. They were then able to address two critical vulnerabilities – all within that same five-minute window! After over 20 years in this industry, it's truly exciting to use a system that requires zero configuration on my end.

In terms of return on investment, we've significantly improved what we were aiming for. This includes a minimal setup time, minimal training time, and the elimination of effort needed to convince stakeholders to use IONIX. Its simplicity means they can take action immediately. We can then rescan and instantly assess our risk score. This rapid risk evaluation is important to us.

The pricing is good.

I evaluated CrowdStrike for a month and did not get the information the IONIX provided within the first five minutes. CrowdStrike requires a long time to set up and collect information.

I would rate IONIX ten out of ten.

I was on the implementation team for the IONIX deployment. I am also an admin and user of IONIX.

The only aspect of IONIX that I consider to be maintenance involves taking action to rescan the system whenever a vulnerability is identified.

For anyone considering IONIX, I recommend adopting a security-focused mindset. This tool empowers you with clear instructions to address potential vulnerabilities that hackers might exploit.

It is an attack surface management tool. We use it to detect unknown assets actively exposed to the Internet.

We wanted to look for threats that were exposed to the Internet that we did not know about. We were looking for those unknown things out there on the Internet. We were trying to make sure that we knew what our attack surface looked like from an outside point of view. We were looking for a platform to identify that.

Understanding our attack surface and what is exposed has been a huge benefit. We could see some of its benefits during the POV, which also compelled us to buy it.

IONIX helps prioritize fixes by letting us know what is urgent for our security team to fix. This is very important. It does a very good job of identifying what is critical or high priority and making sure that we are focusing only on the critical things.

IONIX helps identify which assets are most critical to our operations and have the biggest impact on our risk exposure. It helps identify web apps that have been forgotten or that have been decommissioned but something is still available on the Internet. It helps to identify such things so that we can get rid of them.

IONIX is very good for identifying digital supply chain risks, meaning risks found in the third-party digital products and services that our organization uses. It is very thorough. It allows us to use the findings for leveraging and getting better service from our third-party vendors.

We have not had any false positives so far, which is nice. We have not had anything yet. However, we have set up a weekly cadence with them. If one does come up, we would just identify it there, and I am sure they would take care of it.

IONIX has been pretty positive for the security team. The biggest burden is on the people trying to fix the issues. It does not fall on the security team. It involves the operational teams because some of the fixes are quite involved in nature. In some cases, they might need to reengineer something, which takes time. However, from an operational burden perspective, it has been very straightforward for us.

It integrates with a couple of our tools. It has Jira and ServiceNow integrations, but we are not completely integrated. We are leveraging their API to do some of the assignments.

IONIX's Active Protection feature automatically mitigates specific exploitable vulnerabilities without action on our part. We use it for the most egregious ones, such as hijackable domains. This automatic mitigation is amazing. We do not have to stay up all night trying to figure out who is going to remediate in an emergency.

IONIX has not helped reduce our mean time to remediate. It is about average as to what you would expect. However, we are not tossing a bunch of things over the fence. We are prioritizing things, so in the sense of noise, it definitely helped us streamline that.

We are using Threat Exposure Radar for different configuration types of weaknesses. We are exploring it, but it is more of a proactive approach than a reactive one. We are very reactive, but we are trying to get proactive. We are starting to leverage it so that we can prioritize some of the proactive work with best practices, etc. Threat Exposure Radar does a good job of providing a unified view of critical exposures across our entire attack surface.

Threat Exposure Radar helps to prioritize threat remediation in the sense that we know that we are going in the right direction by dealing with some of the more egregious and higher severity things. It does help us understand what is next after that. As soon as we are done with the critical ones, we will go back to tackle one of the subcategories and try to figure out what steps we want to take next.

Threat Exposure Radar provides insights and next steps for helping remediate threats. This information is helpful.

My favorite is the dark web association that it does. It basically takes things that are unknown to you and then also runs those URLs through the dark web to see if there are potentially leaked credentials unknown to you. It links both of those together and gives you that on a report. You can identify potentially compromised credentials that were previously unknown to you, and you can do something about them. It is a cool feature.

There are a couple of opportunities for them under integrations. They only have two SIEMs. They do not have our current SIEM in there. It would be nice to have our current SIEM in there, which is Hunter's AI.

The other thing would be to have more formal roadmaps. We do have weekly meetings with them, but it would be nice to have formal roadmaps for the feature requests and more emails about what is new in the platform. We are not getting these two.

Another area where they could improve is the support.

I have been using IONIX for a little under three months. I helped select the product and purchase or negotiate the contract terms for the product. I helped to implement or customize the product. I am an administrator as well as a user of IONIX.

Its stability is good. We do have one bug that is with the support right now, but it is not crashing. It is not a showstopper. It is just an observation. We would love to see it get fixed.

It is working fine for the number of things we have with it. I do not see any issues there.

They are slow and not the best. If we want to get more information on a particular finding, it is not ideal at times. It seems like they do not have the expertise on the line to get some of the more pointed answers. Also, from the speed, it feels like a weekly cadence as opposed to a daily cadence.

I would rate their support a five out of ten. They are responsive, and they finally get to the answers, but they are not the fastest and the most detailed. Their support needs improvement.

Neutral

We were not using a similar solution previously.

It was very straightforward. They did a lot of the heavy lifting up there. That was very nice.

We did it all by ourselves. It was just me, so just one person was involved from our side.

We have seen a return on investment in terms of identifying risks that we need to work on immediately. It has definitely helped us take care of some of the risks in a prioritized way.

Its pricing is fair.

We looked at most of them. We went for IONIX because of the most and the best findings prioritized by risk. We found the dark web capability where it can also scrape the dark web incredibly nice.

To those evaluating IONIX, I would advise to definitely understand what their risk tolerance is and make sure they are seeing the value in a tool like this upfront before purchasing. They should make sure that they are seeing the things that they would expect to see out of a tool like this, especially if they are coming from nothing at all.

IONIX's action items are written in simple language so that IT personnel can fix them, rather than needing security experts to do so, but they are a little bit lengthy in some cases. You can get to the resolution without the help of the security team. However, you would need to summarize some of that before giving it to someone who does not know anything about it. It is very lengthy. The descriptions are very verbose.

For communicating to our organization’s executives, we are just using severities. It does help at a high level, but the executives do not go into the platform.

I would recommend IONIX to others. I would rate it an eight out of ten.

We are using IONIX to scan our public network ranges for vulnerabilities as part of our external technology service management.

We implemented IONIX after our previous supplier discontinued their services.

IONIX helps us track, for example, how many critical vulnerabilities we have on our web shops. We are looking to identify the most critical vulnerabilities, which serve as key indicators of our security posture.

IONIX's ability to prioritize vulnerabilities has been great. All the engineers within our organization, who have reviewed the findings, have found them extremely helpful.

Its ability to identify which assets are most critical to our operations and have the biggest impact on our risk exposure is good. They can identify 80 percent of our critical assets without us having to do additional work.

IONIX provides us with accurate reports with no false positives.

The action items and the description of the findings provided by IONIX are written in a simple language that our IT personnel can understand without the need for a security expert. This way all we have to do is forward the information to the engineer.

We recently upgraded our SOC and began leveraging the insights from IONIX more extensively. Previously, as a team of only four, comprehensively analyzing all the findings was a significant challenge. Fortunately, doubling our team size has provided us with the bandwidth to delve deeper into these findings and utilize them effectively. While this has understandably increased our workload, it aligns with our goal of implementing a solution that comprehensively identifies vulnerabilities.

IONIX continuously updates the types of vulnerabilities they scan for. Whenever a new vulnerability appears on the market, we're typically informed, and they scan our network for it. They also try to address some of our desired product improvements, which we work towards implementing.

IONIX's active protection feature automatically mitigates specific exploits without intervention on our part. This year, it detected a critical vulnerability: a back-end link pointing to an unclaimed domain. To prevent its exploitation, the system proactively purchased the domain, effectively removing it from potential attack scenarios.

We saw the time to value of IONIX within the first month of use.

The integration was easy. During the POV they used our IP ranges and ran a scan that barely required any adjustments. 

I also like that in addition to the vulnerabilities, they also provide possible solutions.

We're looking for a case management system where we can assign specific findings to individuals within our company and facilitate discussion on those findings directly within the portal. Unfortunately, this isn't currently possible due to the lack of integration between IONIX and our on-premise Jira instance. IONIX only integrates with the SaaS version of Jira. Integrating on-premise Jira with IONIX to track changes and discussions would be highly beneficial for us in the future.

I have been using IONIX for almost one year.

I would rate the stability of IONIX nine out of ten.

I would rate the scalability of IONIX ten out of ten.

The technical support is good.

Positive

I favor IONIX over our previous solution because it offers significantly deeper visibility into findings and also covers a much larger portion of our network. Furthermore, I find IONIX generally user-friendly. It's great to have a dedicated account manager who responds promptly to our inquiries.

The initial deployment of IONIX was simple and efficient. It only required one person and took one week to implement and scan the entire network.

I would rate IONIX a nine out of ten. 

IONIX can provide automated integration into our SOC tools but we can't take advantage of this because our infrastructure is on-premises and they mainly connect to cloud services.

We currently have some processes in place that are proving difficult to manage effectively. One challenge is the high volume of project work, which often delays the prioritization of identified vulnerabilities. However, we are actively working on improving our system to prioritize these vulnerabilities and reduce our mean time to remediation.

We have eight people that use IONIX all from the same team.

The only maintenance required is keeping track of the domains being scanned. We can add new domains to the list of scanned objects when needed.

I recommend IONIX to others, but it depends on the customer's specific needs. A proof of concept is advisable.