Share your experience using Niara

We use it for a couple of use cases. The biggest one we use it for is to protect our AWS environment, and it does a couple of functions for us and our whole development. It scans all the code in our GitLab or our code repository and looks for any hard-coded passwords or keys or any insecurities. It checks if we have any old deprecated components within our software and points that out.

There are a couple of gates that we can set up. When we are pushing the code out of the repos into AWS, it finds any high-severity vulnerability. This is configurable, but we have critical, high, and medium severities. If it finds any, it blocks the push and puts some notes in for the developers to go in to remediate the issue before they can push the code into AWS. Let us assume the code is good in GitLab and gets over to AWS. It then does a couple of things on the AWS side. It looks at the overall infrastructure and how things are configured. There may be things in AWS that are misconfigured or old components that were manually built or deployed without going to GitLab. It points them out.

I have been very happy with the evidence-based reporting. It is not just theoretical. It scans the code or looks at the AWS environment and pulls back the details that tell us that this is a vulnerability. We have a good understanding of why it is a highly-rated vulnerability. It makes it much easier to prioritize and then go through and remediate the issue.

Agentless vulnerability scanning has been very good. It pulls back quite a bit of information that is actionable by our team.

Singularity Cloud Security includes proof of exploitability in its evidence-based reporting. That is critically important because especially in large environments, when you run scans or use the vulnerability scanning tool, you might be inundated with results. It takes a long time for analysts to go back through and validate whether it is a true positive or a false positive. Singularity Cloud Security can eliminate a lot of false positives or almost all of them, and we can focus on something that is a true issue, as opposed to wasting our time and resources.

The Offensive Security Engine is doing the attack path management. That is one of the most critical features to us because it tells us that we have this misconfiguration here, or we may have a secret or some vulnerability here. It tells us about the impact and how an attacker could exploit that to gain persistence in our environment and install data. We have a true impact of why this is important and why we need to fix it. With scanners like Rapid, Qualys, and others, we get the credentials and we get a scan, but then we spend an inordinate amount of time looking through reports and trying to figure out:

• Where do we spend our time?
• What do we prioritize?
• What is remediated?
• What is it that we can remediate?
• What is it that we can take action on and make an improvement in the environment?

It is very frustrating when you are spending hours only to run down something and realize it is a false positive, and there is nothing you can do to make a positive impact. Eliminating all those false positives really helps us.

We have had very good luck with the IaC. For us, it is hugely valuable because we can catch things very early in the process before they get promoted into production. In case something flips through or escapes, it still helps you to find it.

We started seeing its benefits literally the day after deployment. The only reason I say the day after is because we ended up working on it kind of late in the afternoon. We got things set up, and it took a few hours for results to start populating, but its benefits were very apparent when we started looking through the reports and dashboards.

Singularity Cloud Security significantly helped reduce the number of false positives we deal with. The biggest aspect for us is allowing the security and development teams and DevOps to be much more efficient. As opposed to spending 80 hours going through some big reports, we are able to cut that down to a fraction of the time and make a positive impact on the environment. We are not chasing a bunch of dead ends.

It has made a great impact on the risk posture. We are also able to look at the trends over time in terms of where we started and what we remediated. You can see the environment getting more secure as we keep knocking down vulnerabilities.

Our mean time to detect is much faster. It is a much lower number there. There has been a significant change in the number of vulnerabilities remediated or per hour of investment from the engineering and security teams. By implementing this tool, we are able to do a lot more with the same team size and remediate things much faster than before.

It has made it much easier for these disparate teams to have the conversation in terms of what needs to be prioritized and fixed, and then it has given a lot more information. It eliminates some of the he said, she said, or some of the frustration that can happen between different teams because one team is looking at a tool they are familiar with and the other team has a different tool. Historically, there were some disagreements in terms of what issues exist in the environment and where we should spend our time in terms of trying to make improvements and remediate.

Our favorite feature is attack path management. If you have an S3 bucket that is configured to be publicly accessible, it will look and inform you that it is publicly accessible. If someone gets in this bucket, they could ultimately traverse, get into this RDS, and do something negative or detrimental to the environment there. You not only get to know about vulnerabilities and misconfigurations but also some of the actual impacts of having these vulnerabilities. It is not just a raw data dump.

So far, it has been very easy to use. It gives very rich information or a lot of details about the findings. It has a lot of links to go back into GitLab or into AWS to validate the CDF configuration, and then it gives a lot of guidance for remediation.

Standing it up was pretty straightforward. We did get assistance from SentinelOne SE at the time of the trial to ensure that everything was configured and working correctly.

Looking at all the different pieces, it has got everything we need. Some of the pieces we do not even use. For example, we do not have Kubernetes Security. We are not running any K8 clusters, so it is good for us.

Overall, we find the solution to be fantastic. There can be additional education components. This may not be truly fair to them because of what the product is going for, but it would be great to see additional education for compliance. It is not a criticism of the tool per se, but anything to help non-development resources understand some of the complexities of the cloud is always appreciated. Any additional educational resources are always helpful for security teams, especially those without a development background.

I have been using this solution for six months.

We have not had any issues with stability. It has been solid on that front.

We are not huge, so we have not run into any sort of scalability problems at all. We are running only six or seven subscriptions in AWS. Our bill in AWS is less than 20K a month, so it is not huge.

I have talked to SentinelOne support multiple times, but not on the cloud-native security front. I cannot add anything on that side.

I have not used any other tool at this company. In the past, I have used some different tools.

It was very easy for us with one exception. We had a mono repo, and we worked it out with the SentinelOne security engineering team. We got some direction for them in terms of how to do some of the code-blocking configuration, but it was a pretty straightforward and quick setup.

It took us three weeks maybe, but it was not like we spent three weeks heavily. We did it slowly. We did most of the deployment in a couple of hours, and then we had some check-in meetings over the next few weeks to go through and just check on it, become familiarized with the system, and then ask questions. The initial deployment took less than a day and then learning, discovering, and getting familiar with it took us a few weeks.

It does not require any maintenance from our side. We may have some sort of maintenance to do. For example, we are planning to acquire assets from another institution. They are on-prem, so we will have to build up their AWS environment. Once we build out that environment, we may need to make some changes in SentinelOne so that it picks up those new environments. That is a guess. We have not done it yet.

We literally did it with SentinelOne SE. They provided all the setup work for us. We did not pull in a third party.

We found it to be fine for us. Its price was competitive. It was something we were happy with. We are not a Fortune 500 company, so I do not know how pricing scales at the top end, but for our cloud environment, it works very well.

We did look at Wiz, Orca Security, and Palo Alto's Prisma. We also looked at Lacework and ultimately settled on SentinelOne for a couple of reasons.

We did like the functionality provided by Palo Alto, but the way their licensing worked was frustrating, to say the least, and the cost was fairly high. We found it unaffordable. 

Lacework was still at an early stage. We did not feel that they provided all the functionality we needed, so we did not feel the confidence there. 

Wiz is a dominant player in the market. I have a lot of respect for them, but it did not provide all the reporting and data we needed. Especially for the price point, it was affordable for us. 

In the case of Orca Security, in the previous organization, we saw some pretty glaring false positives, which turned us off on that platform.

To new users, I would say that like any tool, you need to sit down and learn what the tool can do. Understand your objectives and then work through to make sure the tool meets your needs. It is straightforward and easy to use.

I would rate Singularity Cloud Security a ten out of ten at this point.

The primary use case is mainly for updating servers and client PCs. These are the main devices we update or patch with the software. 

The reason we went forward with this software is due to the fact that we needed a solution to patch servers, and it wasn't being done on a regular schedule.

We were using Microsoft Endpoint Manager to configure the update range for our devices across the organization. However, it wasn't getting all of the patches to the software we deployed regularly. We implemented this to supplement the updates alongside patch management. We didn't have a robust patch management solution which made the process of updating and installing cumbersome. Vicarius expedited the process for us.

We did not have any visibility before over the vulnerabilities that were within our network, other than what independent research provided. We'd have to read news and blogs. Now we have a simplified dashboard that highlights those vulnerabilities, including zero-days and the risk level of each vulnerability.

The dashboard has been really great. We can now see trends. We can see the vulnerabilities that are being detected and mitigated. 

It's helped us with challenges in an educational organization. It's made a big impact. It's improved the level of flexibility we have to deploy patches. We do get a lot more granularity and can see what kind of patches we want to deploy, the timeframe, and the groupings and various options we have for deployment. If we had devices that only need a certain patch due to specific software and other schools don't, we can isolate out groups and deploy patches to specific groups.

The solution consolidates vulnerability discovery, prioritization, and remediation all in one single platform. It eliminates the need for other services and simplifies management while expediting and streamlining vulnerabilities and patch management.

We've been able to reduce mean time to remediate vulnerabilities. We're on a good schedule for implementing updates and patches based on the level of severity. However, we can deploy patches on the fly if the need is severe and critical. This is the first time we've implemented patch management in this organization, so I can't speak to how much time has been saved. That said, prior to implementation, all patches were remotely handled by Windows updates. The reduction in mean time has positively affected operations as it's made it easier on our side. IT no longer has to manually research and do analysis. That part is almost non-existent. In the past, there was a lot of research into updates and trends. Vicarius does all the hard work for us. We get real-time, accurate information on the latest cybersecurity trends in order to respond accordingly. They have a robust library of scripts that we can deploy as opposed to not just knowing there is a vulnerability but having to create a script.

We've been able to reduce the amount of time spent on patching. We used to do it manually. If it wasn't possible to do it through a Windows update or if the Intune process did not get the patch applied, we would have to try and get all devices across all organizations to the latest versions and make sure the software was also patched. It's saved us an incredible amount of time. We no longer have to touch those systems. We can just rely on the automated system and the schedules we've set. It's a huge time saver. It's saved us hundreds of hours. 

Patchless Protection helps protect us from vulnerabilities that may not yet have patches from the manufacturer. I've used it for a piece of software that we don't have a patch for. It monitors that software, analyzes it, and makes sure nothing nefarious is going on when it's vulnerable. 

The scripting engine enables us to create custom scripts. I haven't written any scripts; however, I have used it to push out an upgrade, for example. They have a ton of scripts provided by the community. Since I started with the solution, the growth of the library has been extensive. I've been excited with what I've seen and I know I'll be able to use it in the future.

They have a great forum. I haven't used it and haven't felt like I needed to, although I have used their FAQ and documentation, and that's been really helpful. 

It's great for keeping our environment protected. It does an extremely good job of patching everything we need it to.

While it's not under their control, I would like to see more ways to get some apps with vulnerabilities patched. They do a good job of giving us a good inventory of what we really need to keep an eye on. However, if they can work with the vendors a bit more to find some solutions to open vulnerabilities, it would be ideal.

I've given Vicarius some feedback in regards to granular naming or groupings of devices. We have so many sites that I've asked if it's possible to make changes. For the most part, they've been helpful in addressing this. They've been really trying to take any feedback to their engineers and they do try to implement our requests. 

We deploy our applications via Microsoft Endpoint Manager to our devices. However, when Vicarius rolls out a patch, and we roll it out via Microsoft, the version changes on that application. Endpoint Manager will determine if the app is no longer installed and try to update the app. It needs to not trigger Microsoft so that Microsoft no longer thinks the app is installed. However, the workaround is that we can install it from their platform console instead of Microsoft, and that seems to fix the issue. 

They do have a search function for device names. They already have a list of all our devices, however, if I'm looking for something, sometimes the name does not come up at the top of the list. I have to search. And when you have thousands of devices, that process can become quite tedious. I've given this feedback and they've mentioned that's an issue they want to fix.

I've used the solution for about a year.

Technical support and VicariousRx (vRx) has been great. They are professional and responsive. We've met with them frequently - once or twice a month - to go through questions we have or them getting feedback after an implementation. Even their chat system has been helpful. I've used it to ask questions, and I've gotten a response within a few minutes. The communication is great.

Positive

Compared to other solutions, it's more robust as a remediation solution. Not only dos it handle patch management, but we can deploy applications from Vicarius instead of Microsoft or any other MDM. We can leverage their inventory management as well. 

Their scripts have helped us. We needed to upgrade Windows 10 to Windows 11, and they had a great script that was community-driven. We were able to leverage that to upgrade a lot of our computers remotely. We could send the script and have it run in the background and it's saved us a lot of time. 

I ran into one issue when I was deploying their software to our servers. However, it turned out to be a configuration change that had to be done on our end. That's the only issue. We've had no issues deploying. 

It did take a while to deploy more due to my schedule. That said, it shouldn't take too long. If they had a more automated setup system, it would be ideal. Some I have to deploy manually.

We're a customer and end-user. 

As a unified vulnerability remediation platform, I'd suggest that clients who already have a patch management tool consider Vicarius. There are many great products on the market. However, from personal experience, if someone is looking for something better, I'd recommend Vicarius. Their team is very helpful. We've dealt with vendors where product managers don't have control. Vicarius has a team that is extremely helpful, accommodating, responsive, and knowledgeable. They made the whole setup process easy, and if we need help, they are ready to assist. When you can't find someone who is able to give you the support you need, it's frustrating. Vicarius is 100% ready to provide solutions when they see a problem, and they are great at letting us know about the roadmap of features. They're on top of making our systems better. 

We noted the benefits of Vicarius pretty immediately - within a month or so. That's when I first started deploying it to a large amount of devices. I was able to see the progress of the updates I was pushing and the remediations. The benefits were pretty apparent right away.

I'd rate the solution nine out of ten. They are a young company, and I see a lot of good things on the horizon. Their team is growing, and they will be implementing a lot of stuff. They are going to have a well-polished product very soon.