We renewed our contract with PingSafe for another year because it's extremely easy to use. The user-friendly UI, along with its integration with Jira and the ability to consume alerts through Slack, make it a valuable tool for our team. Evidence-based reporting facilitates addressing complaints related to mandatory controls. PingSafe offers an option for high-alert items to be kept publicly available if we're confident we have appropriate controls implemented. PingSafe's agentless vulnerability scanning has identified a significant number of vulnerabilities. PingSafe's evidence-based reporting, particularly its proof of exploitability, is highly valuable. For example, their recommendations significantly reduce investigation time and allow us to easily research vulnerabilities using tags. This targeted approach helps stakeholders prioritize and address critical vulnerabilities efficiently through the dashboard. We utilize the offensive security engine, but fortunately, it doesn't detect many vulnerabilities. It primarily identifies publicly known patch versions and the exposure of the SMTP service. On the other hand, I would rate the ASM functionality an eight out of ten. IaC scanning has been effective in identifying code-level issues whenever infrastructure as code is scanned. PingSafe automatically populates and maps our network, identifying any misconfigurations within the first two hours of deployment. It has reduced false positives by around 90 percent. Our mean time to detection has been improved, especially for critical areas. Our mean time to remediation has been improved as well. PingSafe has improved our risk posture by providing visibility into our cloud infrastructure. PingSafe improved the collaboration between the cloud security application developers and the app security team. It helped our developers save time.
