Share your experience using Tigera

We use it for a couple of use cases. The biggest one we use it for is to protect our AWS environment, and it does a couple of functions for us and our whole development. It scans all the code in our GitLab or our code repository and looks for any hard-coded passwords or keys or any insecurities. It checks if we have any old deprecated components within our software and points that out.

There are a couple of gates that we can set up. When we are pushing the code out of the repos into AWS, it finds any high-severity vulnerability. This is configurable, but we have critical, high, and medium severities. If it finds any, it blocks the push and puts some notes in for the developers to go in to remediate the issue before they can push the code into AWS. Let us assume the code is good in GitLab and gets over to AWS. It then does a couple of things on the AWS side. It looks at the overall infrastructure and how things are configured. There may be things in AWS that are misconfigured or old components that were manually built or deployed without going to GitLab. It points them out.

I have been very happy with the evidence-based reporting. It is not just theoretical. It scans the code or looks at the AWS environment and pulls back the details that tell us that this is a vulnerability. We have a good understanding of why it is a highly-rated vulnerability. It makes it much easier to prioritize and then go through and remediate the issue.

Agentless vulnerability scanning has been very good. It pulls back quite a bit of information that is actionable by our team.

Singularity Cloud Security includes proof of exploitability in its evidence-based reporting. That is critically important because especially in large environments, when you run scans or use the vulnerability scanning tool, you might be inundated with results. It takes a long time for analysts to go back through and validate whether it is a true positive or a false positive. Singularity Cloud Security can eliminate a lot of false positives or almost all of them, and we can focus on something that is a true issue, as opposed to wasting our time and resources.

The Offensive Security Engine is doing the attack path management. That is one of the most critical features to us because it tells us that we have this misconfiguration here, or we may have a secret or some vulnerability here. It tells us about the impact and how an attacker could exploit that to gain persistence in our environment and install data. We have a true impact of why this is important and why we need to fix it. With scanners like Rapid, Qualys, and others, we get the credentials and we get a scan, but then we spend an inordinate amount of time looking through reports and trying to figure out:

• Where do we spend our time?
• What do we prioritize?
• What is remediated?
• What is it that we can remediate?
• What is it that we can take action on and make an improvement in the environment?

It is very frustrating when you are spending hours only to run down something and realize it is a false positive, and there is nothing you can do to make a positive impact. Eliminating all those false positives really helps us.

We have had very good luck with the IaC. For us, it is hugely valuable because we can catch things very early in the process before they get promoted into production. In case something flips through or escapes, it still helps you to find it.

We started seeing its benefits literally the day after deployment. The only reason I say the day after is because we ended up working on it kind of late in the afternoon. We got things set up, and it took a few hours for results to start populating, but its benefits were very apparent when we started looking through the reports and dashboards.

Singularity Cloud Security significantly helped reduce the number of false positives we deal with. The biggest aspect for us is allowing the security and development teams and DevOps to be much more efficient. As opposed to spending 80 hours going through some big reports, we are able to cut that down to a fraction of the time and make a positive impact on the environment. We are not chasing a bunch of dead ends.

It has made a great impact on the risk posture. We are also able to look at the trends over time in terms of where we started and what we remediated. You can see the environment getting more secure as we keep knocking down vulnerabilities.

Our mean time to detect is much faster. It is a much lower number there. There has been a significant change in the number of vulnerabilities remediated or per hour of investment from the engineering and security teams. By implementing this tool, we are able to do a lot more with the same team size and remediate things much faster than before.

It has made it much easier for these disparate teams to have the conversation in terms of what needs to be prioritized and fixed, and then it has given a lot more information. It eliminates some of the he said, she said, or some of the frustration that can happen between different teams because one team is looking at a tool they are familiar with and the other team has a different tool. Historically, there were some disagreements in terms of what issues exist in the environment and where we should spend our time in terms of trying to make improvements and remediate.

Our favorite feature is attack path management. If you have an S3 bucket that is configured to be publicly accessible, it will look and inform you that it is publicly accessible. If someone gets in this bucket, they could ultimately traverse, get into this RDS, and do something negative or detrimental to the environment there. You not only get to know about vulnerabilities and misconfigurations but also some of the actual impacts of having these vulnerabilities. It is not just a raw data dump.

So far, it has been very easy to use. It gives very rich information or a lot of details about the findings. It has a lot of links to go back into GitLab or into AWS to validate the CDF configuration, and then it gives a lot of guidance for remediation.

Standing it up was pretty straightforward. We did get assistance from SentinelOne SE at the time of the trial to ensure that everything was configured and working correctly.

Looking at all the different pieces, it has got everything we need. Some of the pieces we do not even use. For example, we do not have Kubernetes Security. We are not running any K8 clusters, so it is good for us.

Overall, we find the solution to be fantastic. There can be additional education components. This may not be truly fair to them because of what the product is going for, but it would be great to see additional education for compliance. It is not a criticism of the tool per se, but anything to help non-development resources understand some of the complexities of the cloud is always appreciated. Any additional educational resources are always helpful for security teams, especially those without a development background.

I have been using this solution for six months.

We have not had any issues with stability. It has been solid on that front.

We are not huge, so we have not run into any sort of scalability problems at all. We are running only six or seven subscriptions in AWS. Our bill in AWS is less than 20K a month, so it is not huge.

I have talked to SentinelOne support multiple times, but not on the cloud-native security front. I cannot add anything on that side.

I have not used any other tool at this company. In the past, I have used some different tools.

It was very easy for us with one exception. We had a mono repo, and we worked it out with the SentinelOne security engineering team. We got some direction for them in terms of how to do some of the code-blocking configuration, but it was a pretty straightforward and quick setup.

It took us three weeks maybe, but it was not like we spent three weeks heavily. We did it slowly. We did most of the deployment in a couple of hours, and then we had some check-in meetings over the next few weeks to go through and just check on it, become familiarized with the system, and then ask questions. The initial deployment took less than a day and then learning, discovering, and getting familiar with it took us a few weeks.

It does not require any maintenance from our side. We may have some sort of maintenance to do. For example, we are planning to acquire assets from another institution. They are on-prem, so we will have to build up their AWS environment. Once we build out that environment, we may need to make some changes in SentinelOne so that it picks up those new environments. That is a guess. We have not done it yet.

We literally did it with SentinelOne SE. They provided all the setup work for us. We did not pull in a third party.

We found it to be fine for us. Its price was competitive. It was something we were happy with. We are not a Fortune 500 company, so I do not know how pricing scales at the top end, but for our cloud environment, it works very well.

We did look at Wiz, Orca Security, and Palo Alto's Prisma. We also looked at Lacework and ultimately settled on SentinelOne for a couple of reasons.

We did like the functionality provided by Palo Alto, but the way their licensing worked was frustrating, to say the least, and the cost was fairly high. We found it unaffordable. 

Lacework was still at an early stage. We did not feel that they provided all the functionality we needed, so we did not feel the confidence there. 

Wiz is a dominant player in the market. I have a lot of respect for them, but it did not provide all the reporting and data we needed. Especially for the price point, it was affordable for us. 

In the case of Orca Security, in the previous organization, we saw some pretty glaring false positives, which turned us off on that platform.

To new users, I would say that like any tool, you need to sit down and learn what the tool can do. Understand your objectives and then work through to make sure the tool meets your needs. It is straightforward and easy to use.

I would rate Singularity Cloud Security a ten out of ten at this point.

I normally use Orca Security for AppSec, and one of the features that I use commonly is the application security. I love it because it's already covered in the same license, and I can get a good overview of all of my assets. I have a lot of accounts in cloud, and so it's sometimes hard to identify all activities or assets that have been used or not. Normally, some developers create some virtual machines and leave the VM on or don't remove it. Orca Security usually helps me to see these kinds of problems because I can see every asset in one platform.

I don't use the Cloud to Dev feature they mentioned, since I'm working with Orca Security directly.

I believe the feature referred to as Orca Sensor is cloud security detection. I use it frequently because it's very important. I really enjoy it because it's agentless. I don't need to install or build an agent in my assets in the cloud. Orca Security accomplished this safely and fast. It's pretty easy to identify security risks or security issues using Orca Security because it's totally agentless and I just need to connect my cloud environment. It's really good and pretty easy. They have one feature that I really like in this same vein; it's the news about security. For example, if a new vulnerability is found and it's not already published in a CVSS bug, Orca Security has new papers that already inform me, stating that I have this new issue and this asset has been affected by this new vulnerability, and it provides guidance on how I can fix it. I love it.

What I love most about Orca Security is the easy integration with other tools. I really like it because it's very easy to integrate with other tools that are important for the company. It's already set up in the platform easily. I don't need to do unusual modifications or create a script. It's pretty easy to integrate these tools.

It is easy to prioritize risks using Orca Security because they have already been categorized. The severity of some risks is delivered from Orca Security, and I can set some kind of high-value asset designation. I can define what is a high-value asset or not. The attack paths also help me to understand the prioritization of the risks of these assets.

Orca Security has helped my company reduce the time it needs to address cloud security alerts and make it faster. When one critical risk or high risk is identified in my environment, I already receive notifications, even in email or in Teams, Slack, or any channel that is integrable to Orca Security. I receive a very fast notification to address the vulnerability and security issues to the teams.

I think the downside of Orca Security is the reports. I don't have any good reports ready to deliver to an executive. If I need to deliver some reports to my account manager or an executive, I don't have anything ready. I need to extract information and put it in another tool to construct some reports or dashboards or to report to my manager.

I've been using Orca Security for exactly one year and one month.

Normally, I don't have any problem with maintenance in Orca Security platform. I don't have any downtime using it for this one year. When I need any support, it's very fast to get an answer from the support team.

I don't have any lagging using Orca Security. As I said, using it for one year, I don't have any downtimes.

From what I’ve seen, I think it’s really easy to scale your usage. I did a POC (Proof of Concept) where I extended some workloads and it was very easy, but I don't use it frequently in production, just in that Proof of Concept.

Not so many people are required for the deployment of Orca Security; just one person can do it.

I have been in contact with technical support regarding Orca Security twice to solve some issues, but it wasn't an issue, just a wrong configuration that I made. I contacted them and they shared some documentation. After that, I could resolve it pretty well.

Positive

I tried similar solutions from Trend Micro. From Trend Micro, I also tried a new one that is called Wiz. Orca Security is the best one for me because it delivers all the things that I need and more.

The initial deployment of Orca Security was pretty easy from my point of view.

It took just one hour to create the roles and the credentials for Orca Security. Then I just need to wait for the time for Orca Security to enrich data and index data in the platform. On the first day, I can already use Orca Security fully and identify every resource.

For my company, I don't use a huge workload. It's a small workload, around 90 workloads, but we have more. For this amount of workload, the price is high. When you have more workloads, the price is much better. I think it's not so expensive when you have the right amount of workloads. It's more directed toward big companies.

I have tried to use Cloud Cost Optimization with Orca Security. We used it to reduce some costs by removing some unused assets. It really helped us, but I don't think that is the main focus of Orca Security. I use other tools to do FinOps in a better way.

I use a reseller that is a partner that helps me with Orca Security. I am just a client, but we have a company that sold Orca Security to us, and they are the bridge between my company and Orca Security company.

I would rate this product a 10 out of 10.