Coming October 25: PeerSpot Awards will be announced! Learn more

Bridgecrew OverviewUNIXBusinessApplication

Bridgecrew is #16 ranked solution in Cloud Workload Protection Platforms . PeerSpot users give Bridgecrew an average rating of 8.0 out of 10. Bridgecrew is most commonly compared to Prisma Cloud by Palo Alto Networks: Bridgecrew vs Prisma Cloud by Palo Alto Networks. Bridgecrew is popular among the large enterprise segment, accounting for 63% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 16% of all views.
Buyer's Guide

Download the CWPP (Cloud Workload Protection Platforms) Buyer's Guide including reviews and more. Updated: September 2022

What is Bridgecrew?

Bridgecrew is transforming the way teams secure their cloud infrastructure by bridging the gap between run-time cloud security posture and build-time infrastructure code security. Learn how to automate and codify your infrastructure security from commit to cloud with Bridgecrew.

Bridgecrew Customers
Rapyd, BetterHelp, Brex, People.ai, Globality
Bridgecrew Video

Bridgecrew Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Founder/ CEO
Real User
Top 5
Easy to use with good technical support and strong brand recognition
Pros and Cons
  • "New users don't have too many problems with the product. They have a lot of training documentation around it."
  • "The biggest issue that I see companies run into is that they immediately think that, "Oh, this solution will be right, simply due to the name." But that's the same issue Splunk runs into. People will immediately jump to Splunk being the best SIEM tool, just because they're the largest. When in reality, QRadar, LogRhythm, and all these other ones are performing similar functions and would actually fit better in some people's environments. Therefore, it's important a company does its homework and does not assume one size fits all."

What is our primary use case?

A lot of the companies that we work with specifically have already had a foundation with Palo Alto, whether they've bought the on-premises solutions or are looking at the cloud side. However, Palo Alto is one of those names that hold a lot of weight in the industry, and they can't really put out a bad product. Being a Palo Alto engineer and having that title specifically has become its own job rec that a lot of companies just are standardizing. 

A lot of the clients that we interact with are not doing full-fledged SOCs. Most of them have less than 50 people dedicated to their security team. They're relying on third-party consultants to kind of come in and come up with the logic behind it. That's what we typically do from my side. We come up with the logic and then we will recommend someone to actually put the logic in place. The company may hire someone. We're more on the architecture side, however, finding an engineer for a Palo Alto solution is a lot easier than finding one for Carbon Black, for example, even though it is a huge company.

What is most valuable?

The brand behind the product is quite useful. The solutions that are coming out, granted out of the box, typically work a lot better than SIEM tools.

A lot of the problems you have with vendors are if they're new to the game in terms of developing software or hardware or firmware or anything along with that. For example, their support typically is lacking. CrowdStrike has run into that problem. However, with any Palo Alto product that they put out, they typically have a very extensive amount of documentation behind it. Their technical account management team is almost unrivaled. The only others I've interacted with that I would put above them would be Microsoft or Fortinet. You just have amazing support behind the product      

We have a lot of government contracts, and what is once about the product is that they've thought of processes and features at an enterprise level, as opposed to Microsoft Azure Firewall which is not really ideal for large, established companies. They've kind of released a base product as opposed to a fully-fledged one.

New users don't have too many problems with the product. They have a lot of training documentation around it.

Technical support is extremely helpful.

The stability is good.

It's my understanding that the solution can scale. 

What needs improvement?

Any solution would have its pros and cons, however, for the most part, it would come down to specific environments. For those considering purchasing the thing that I would try to avoid is buying it just for its name. I know people do that specifically, however, if you are going in thinking  "Hey, I've got some random environment, let me just go and buy this solution and it will work perfectly" you will be disappointed. The solutions themselves have to be architected or actually designed in there as opposed to just placed.

The biggest issue that I see companies run into is that they immediately think that, "Oh, this solution will be right, simply due to the name." But that's the same issue Splunk runs into. People will immediately jump to Splunk being the best SIEM tool, just because they're the largest. When in reality, QRadar, LogRhythm, and all these other ones are performing similar functions and would actually fit better in some people's environments. Therefore, it's important a company does its homework and does not assume one size fits all. Everyone needs to make sure that this actually works in the environment before just purchasing it.

For how long have I used the solution?

We've been dealing with the solution for three years or so at this point. I couldn't tell when the first client that we had was it or the last one. Palo Alto is pretty common out there, especially with a lot of the larger enterprise clients.

Buyer's Guide
CWPP (Cloud Workload Protection Platforms)
September 2022
Find out what your peers are saying about Palo Alto Networks, Accurics, Orca Security and others in CWPP (Cloud Workload Protection Platforms). Updated: September 2022.
635,987 professionals have used our research since 2012.

What do I think about the stability of the solution?

I haven't had any issues with stability and I haven't heard anyone say anything about them being bad. Before the Palo Alto acquisition, BridgeCrew had a reputation of them not being the best, however, since having that additional support from Palo Alto, I haven't heard of any issues.

What do I think about the scalability of the solution?

I haven't run into any problems with scaling. I've never really come in and actually had to scale a ton, however. From personal experience, I wouldn't be able to comment. That said, I haven't heard anyone complain either.

How are customer service and support?

The support is great. They are very helpful and give above and beyond. Companies just need to leverage them.

How was the initial setup?

I have not run into any problems with deploying any of their firewalls or any other security products. For the most part, they're really well-documented either with open-source intelligence or official documentation. 

We had a client just the other day that was deploying their PA-800 series, which is just a firewall. They have less than a thousand users and Palo Alto gave a dedicated engineer to them as well as a technical account manager that was able to walk them through the first 90 days of ownership. The support is certainly there. A lot of the time, from what I know, people just don't use that support.

What's my experience with pricing, setup cost, and licensing?

I'm not privy to a lot of the pricing information. From what I've seen, smaller companies are able to purchase them without blowing their budget out of the water. With Splunk conversation or even Azure Sentinel, a lot of smaller companies are not able to leverage those tools properly as the cost is insane. If these companies with less than a thousand employees are able to purchase them and use them effectively, then I don't see cost being a huge problem for other companies. I could be wrong there, I'm not a CFO or anything.

What other advice do I have?

I'm not necessarily technical. I'm more on the consulting side of what policies they have and what they should have. I can't go into super details, beyond knowing, for example, if Ping or Port 22 or Port 443 be blocked on VSAT, should this load balancer be in this method, or should this actually sit in relation to X, et cetera. We'd primarily interact with those types of tasks.

Typically, we work with clients that have up-to-date versions. 99% of the time we won't interact with clients that don't keep their systems up to date. This is due to the fact that if you're not updating then there's no point in even calling in a consultant, as that lack of updating likely is your number one problem.

I would advise those considering the solution to certainly leverage all of the access with Palo Alto, in terms of setting up with the technical account management teams and ensuring that what you have in mind for the product is actually going to be what happens.

I don't really like automated security solutions. I would probably give it, in terms of effectiveness in securing an organization by itself, out of the box, a six out of ten. With the proper configurations and design behind it, you could probably get that to an eight. With any solution. if you're just looking at them to just come out of the box and work it's going to be a rating of five or six. After you put the time into making sure that it's built around your environment, you could get them to an eight or nine, within six to eight months. Therefore, for me, I'd rate the product at an eight out of ten overall.

BridgeCrew is marketed as an all-in-one DevOps security platform. However, there may be standards put into place such as the CIS standard or NIST, et cetera, and companies may follow those. Yet, I've never met a company that's followed that 100% unless their compliance requires them. I'd advise companies to make sure that whatever rule sets you have in place or whatever design or standard that you have at your company, that is properly configured within the product itself. That's the drawback to XDRs in general. If you have a rule that is only looking at a standardized NIST framework and table 20% of it, then you can only expect it to work at 80% effectiveness. That's where you have to go in there and add those additional data points.

Disclosure: My company has a business relationship with this vendor other than being a customer: Implementer
PeerSpot user
DanielSieradski - PeerSpot reviewer
DevOps Engineer at a tech services company with 51-200 employees
Real User
Top 20
Multi-cloud, good scanning, and offers extensive guides
Pros and Cons
  • "In cases where they have automatic remediations, you can click a button and it'll just fix the configuration for you."
  • "We'd like to see better monitoring and the ability to deny certain resources from being scanned."

What is our primary use case?

Basically, what Bridgecrew does is scan our policy configurations inside of our public cloud provider. We were scanning for security misconfigurations and vulnerabilities in our packages to ensure that we had locked down everything as needed in terms of IM permissions and VPC access and things like that.

What is most valuable?

The software itself is good software and does great things. It's really useful. 

In terms of what it provides, it'll scan your services, it'll tell you what's misconfigured according to best practices. In cases where they have automatic remediations, you can click a button and it'll just fix the configuration for you. And then, in the cases where it doesn't have automated remediations, it has extensive guides walking you through step by step what you have to do to fix things. It's excellent in that regard. 

It's multi-cloud. If you have a multi-cloud environment, it's going to do that for you across all your cloud platforms. That's a wonderful thing. That's really useful. 

What needs improvement?

The challenge is that they charge you per resource. We had an issue where Google Cloud was generating secrets for our application configurations by the hundreds, which we would be charged by Bridgecloud. Our price would have surged to an insane amount due to the automatically generated secrets that we don't even use for anything, which isn't part of our security concern.

What we would like to know is if there is a way that we could exclude those from our resources so that we're not billed for that. We don't monitor that. They ignored me for a month through four emails asking about that.

They were just totally unresponsive. Then after a month, I said, "I guess you don't want our business." And they responded, "Oh, we're sorry to hear that." I'd say "You're sorry to hear that? Why didn't you respond to any of my emails?"

If you're trying to pay them less money, then they want to get rid of you. They don't want to talk to you. That's what it came across as. It's not like we weren't looking at spending thousands of dollars a month with them. We just weren't looking at spending $8,000 versus $2,000.

That was a bit frustrating. Generally, I do like their product. It's a useful product. It's good. We wanted to use it. However, since they blew us off, it left a bad taste in our mouths.

Their sales team needs a little bit of a jostle to get themselves together.

We'd like to see better monitoring and the ability to deny certain resources from being scanned.

For how long have I used the solution?

We did a trial of Bridgecrew at my new company within the last 12 months.

What do I think about the stability of the solution?

The solution is stable. There are no bugs or glitches. It doesn't crash or freeze. 

That said, I'd say that their web interface in and of itself can be a little slow - particularly the more resources that you have. There could be some improvements made in that department.

What do I think about the scalability of the solution?

It is a scalable product.

I've only worked for relatively small reliability teams.

How are customer service and support?

Before, when I worked with them previously in my last employer, they were really good about being in touch and following up and helping us clear things up. However, in my new organization, they've been unresponsive to our queries, and it hasn't been a pleasant experience. 

A lot of the customer support with a wide range of companies has just been on the decline for the last year or so. I don't know why, however, it seems to be a common theme with people I speak to. Support isn't what it used to be.

I wasn't trying to bother somebody who would have to deal with my questions for extended hours. I just wanted a simple question answered. That's pretty fundamental stuff for business.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

We did not previously use a different solution. 

How was the initial setup?

The solution is fairly simple. You basically give them some API keys with some advanced access to your system so that it can review all of the different settings. They just use those API keys to access information from within the cloud and then provide you with a dashboard with recommendations for how to resolve everything.   

In terms of getting up and running, it's very straightforward and simple. Then deleting access later is also very simple. It's just removing their IM permissions and killing the API. That's it.

I'd rate it a five out of five in terms of the ease of implementation.

In terms of deployment, to get up and running, it's just a few hours.

What about the implementation team?

We handled the setup in-house. 

What was our ROI?

In terms of ROI, 

I can't name anything specific. However, I could foresee a situation in which a hack can be costly, and this software would put you in a position to prevent that. By helping you to secure your environment, it reduces the likelihood of your exposure.

What's my experience with pricing, setup cost, and licensing?

It's the pre-resource cost. So it's X number of dollars per number of resources, depending on how many VMs you have, how many services are running, how many cloud functions, how many IMs are used, et cetera. It tallies up all those different things and then bases the problem on that. So it's relative to how big your project is, and that will be very specific to each use case. I don't know the specific pricing.

I would say for a smaller company; it's an affordable solution.

The thing that makes Bridgecrew super attractive is that for half the price of what it costs to hire a full-time security person, this will provide you with a whole lot of security coverage. Somebody still needs to go in there and do the work of securing things. 

In terms of doing a full-scale analysis of your platform, it's worth the money since you would have to pay another person full-time to do the work it would do. It would also go way slower than the software. In that way, it's a really good investment.

Which other solutions did I evaluate?

The other one we came really close to using in my last job and now look at in this job is ORCA.

It does similar things. However, instead of them looking through all of your policies, they do what's called side scanning, which is a different way of checking your security posture that I don't entirely understand. It's apparently a little more efficient than just the policy stuff because it monitors activities on an ongoing basis.

Bridgecrew is a policy analysis platform more than anything else. At the same time, ORCA is actively monitoring your traffic and things like that. So it's a little more in-depth and advanced - and more expensive.

What other advice do I have?

We're a customer. 

It's not run on different versions. It's a cloud software, so you are always using the latest deployed version.

I'd rate the solution eight out of ten. The product is a good product. There's room for improvement, however, I like the product. I just wish I liked them more.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Google
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Buyer's Guide
Download our free CWPP (Cloud Workload Protection Platforms) Report and find out what your peers are saying about Palo Alto Networks, Accurics, Orca Security, and more!
Updated: September 2022
Buyer's Guide
Download our free CWPP (Cloud Workload Protection Platforms) Report and find out what your peers are saying about Palo Alto Networks, Accurics, Orca Security, and more!