Skyhawk Security helps me identify threats in the cloud and misconfigurations in my environment and prioritize vulnerabilities based on their severity, but also based on the probability of a vulnerability being weaponized against my system.

Skyhawk Security processes all the vulnerabilities that are identified by my CSPM, which is Wiz. They take tens, sometimes hundreds of thousands of vulnerabilities, and they help me identify the ones that are exploitable. From those, they identify the ones that are weaponizable against my system. They also let me know which of the weaponizable vulnerabilities can affect some of our most important assets, which they call Crown Jewels.

The best features Skyhawk Security offers are the ability to prioritize your work, especially when you have limited staff, and ensure that you address the most important issues first and with urgency. A security team is usually very thin-spread and doesn't have a lot of resources to solve issues. Skyhawk allows me to prioritize those based on the actual probability of a vulnerability being exploited.

Skyhawk Security helps me prioritize through the dashboards. They have a dashboard that shows me the amount of vulnerabilities that I have. From those vulnerabilities, it lists out the ones that are exploitable. From the ones that are exploitable, it shows me the ones that are weaponizable and how they are weaponizable. From there, it shows me the ones that are weaponizable and have the ability to impact my Crown Jewels.

Skyhawk Security has positively impacted my organization because we are a small security team, and Skyhawk Security allows us to prioritize our work. We are better at what we do, and it doesn't take more people to do more important work. With the limited staff that we have, we are able to address the things that pose the highest risk to us first, rather than take all the critical vulnerabilities and address them one by one without any type of prioritization.

Our outcomes since using Skyhawk Security changed because we went down from thousands of vulnerabilities that we needed to review and address to a prioritized list that includes a handful of vulnerabilities that we needed to fix because they were the most urgent. We then have a work plan to address all the others. From a focus perspective, it improved the focus of my team, and it improved the efficiency and effectiveness of my team because we are now addressing the most urgent issues first.

Skyhawk Security can be improved mainly by improving the UI so it is a little bit easier to use, and the speed that it takes pages to load are the main downfalls.

I have been using Skyhawk Security since I started in the role, which has been about two and a half years.

Skyhawk Security is stable.

From my perspective, Skyhawk Security's scalability is good; I have not had any issues with scalability. They are able to process a lot of information from our AWS environment with very large volumes, and they don't have any issues with our volume.

The customer support for Skyhawk Security is great. There is a dedicated team that works with you. We have weekly calls. They are very responsive. In some cases, they released features within a few days, sometimes weeks, when we needed them. They are very attentive to customers, they listen to the market, and they listen to their customers. They are very market-oriented and their goal is to build a product that creates value for their customers.

I previously used a different solution, but I prefer not to mention the name of the previous solution. We switched because that solution wasn't giving us a breakdown of which vulnerabilities are actually weaponizable. They were looking at toxic combinations, and a toxic combination is not necessarily exploitable and not necessarily weaponizable. We switched to Skyhawk Security because it gives us better visibility and better understanding of the vulnerabilities.

I have seen a return on investment; the metrics are less about fewer employees needed because my team is two employees. The return on investment is not a matter of fewer employees needed. There is ongoing work in the security field, and we are doing better work. We are more effective and more efficient in how we do things. The amount of time it takes us to get to critical issues that are dangerous to our environment is a lot shorter now than what it used to be.

My experience with pricing, setup cost, and licensing is that Skyhawk Security is a very affordable product, probably the best value-for-money product that I have in my stack.

Before choosing Skyhawk Security, I evaluated other options, but I prefer not to mention the names of the vendors for privacy reasons.

The advice I would give to others looking into using Skyhawk Security is to always understand what the impact of your tool is on your organization and not just what the tool shows you. There are a lot of tools in the market that are looking to increase the number of vulnerabilities and the number of findings to prove that they are doing something and identifying risks or vulnerabilities. When those vulnerabilities are identified, ensure that you are able to address them in some type of order, and that order is based on your needs and not on the need to show a large number of vulnerabilities.

Skyhawk Security also has a CDR, a Cloud Detection and Response feature, that allows identification of abnormal activity in the cloud environment.

I purchased Skyhawk Security through the AWS Marketplace.

I would rate this product a 9 overall.