Invicti vs Sysdig Secure comparison

"Crawling feature: Netsparker has very detail crawling steps and mechanisms. This feature expands the attack surface."

"I am impressed by the whole technology that they are using in this solution. It is really fast. When using netscan, the confirmation that it gives on the vulnerabilities is pretty cool. It is really easy to configure a scan in Netsparker Web Application Security Scanner. It is also really easy to deploy."

"This tool is really fast and the information that they provide on vulnerabilities is pretty good."

"High level of accuracy and quick scanning."

"Invicti is a good product, and its API testing is also good."

"Netsparker provides a more interactive interface that is more appealing."

"The most attractive feature was the reporting review tool. The reporting review was very impressive and produced very fruitful reports."

"I am impressed with Invictus’ proof-based scanning. The solution has reduced the incidence of false positive vulnerabilities. It has helped us reduce our time and focus on vulnerabilities."

"Sysdig Secure has positively impacted our organization by improving visibility into our Kubernetes environment and focusing on real risk, which has reduced alert noise, improved threat detection at runtime, and made vulnerability management more efficient by prioritizing issues that actually affect running workloads."

"Sysdig Secure has many strong foundational features like compliance and benchmark, security, network access management, and vulnerability management."

"The log monitor is the most valuable feature."

"I see Sysdig as the most comprehensive solution in comparison to its competitors."

"The proactiveness of the support has been fantastic. Every time we mention something in a meeting that we're trying to do, he proactively takes that as an investigation topic and looks into it. He'll provide the solution even though we might not have asked him to investigate it."

"From a container-based standpoint, it offers excellent scalability to its users...I would tell those planning to use the solution that, from a container standpoint, it's excellent."

"We appreciate this feature, especially when combined with CD monitoring. The implementation of requested features has been remarkable, such as scanning for compliance in CRM processes for the US government. We heavily rely on this feature to assess compliance with federal requirements."

"In terms of measurable outcomes, I have seen a reduction in vulnerabilities, as Sysdig Secure can tell us how many vulnerabilities are present on a day-to-day report basis, which has improved our efficiency by more than 50% and helps us stay compliant with necessary regulations."

"The support's response time could be faster since we are in different time zones."

"The license could be better. It would help if they could allow us to scan multiple URLs on the same license. It's a major hindrance that we are facing while scanning applications, and we have to be sure that the URLs are the same and not different so that we do not end up consuming another license for it. Netsparker is one of the costliest products in the market. The licensing is tied to the URL, and it's restricted. If you have a URL that you scanned once, like a website, you cannot retry that same license. If you are scanning the same website but in a different domain or different URL, you might end up paying for a second license. It would also be better if they provided proper support for multi-factor authentications. In the next release, I would like them to include good multi-factor authentication support."

"I think that it freezes without any specific reason at times. This needs to be looked into."

"The scannings are not sufficiently updated."

"The licensing model should be improved to be more cost-effective. There are URL restrictions that consume our license. Compared to other DAST solutions and task tools like WebInspect and Burp Enterprise, Invicti is very expensive. The solution’s scanning time is also very long compared to other DAST tools. It might be due to proof-based scanning."

"It would be better for listing and attacking Java-based web applications to exploit vulnerabilities."

"Invicti's reporting capabilities need enhancement."

"They don't really provide the proof of concept up to the level that we need in our organization. We are a consultancy firm, and we provide consultancy for the implementation and deployment solutions to our customers. When you run the scans and the scan is completed, it only shows the proof of exploit, which really doesn't work because the tool is running the scan and exploiting on the read-only form. You don't really know whether it is actually giving the proof of exploit. We cannot prove it manually to a customer that the exploit is genuine. It is really hard to perform it manually and prove it to the concerned development, remediation, and security teams. It is currently missing the static application security part of the application security, especially web application security. It would be really cool if they can integrate a SAS tool with their dynamic one."

"The dashboard could be more simple and show the more important issues that are detected first. We'd like to be able to set it up so more important issues show up more prominently in the dashboard."

"Banks and financial institutions cannot use Sysdig Secure because it doesn't sell SaaS-hosted versions for under two hundred working nodes."

"Sysdig Secure needs to scale more for complete cloud-native coverage."

"Sysdig's biggest weakness is dashboarding and reporting. You have access to the data and can get everything you need, but we need the ability to summarize the information quickly in a format that senior leaders can understand. We report to the executive level and global board. I need to roll all that in-depth information into a quick summary, and their maturity level isn't there. I'm seeing that on the future road map, but it isn't there now."

"Reporting can definitely be better. Live dashboards should be configurable for a longer period of time rather than 30 days. Being able to go back in time to compare six months ago to today would be valuable."

"They should make it specific with a couple of features only."

"The solution needs to improve overall from a CSPM standpoint since they can't compete with Wiz or Orca."

"There was a security concern related to a specific feature. While the feature itself was promising, it posed a challenge. The situation revolved around code scanning. If your source code is hosted within your own premises, say on Bitbucket, you naturally wouldn't want your code to be accessible to external parties beyond your company. Keeping your code base private is a standard practice. However, in the case of code scanning using Sysdig Secure, they copy your code to their SaaS platform. This posed an issue for us. When we inquired about this, their response acknowledged the concern. In an upcoming release, they plan to enable code scanning within your on-premises environment through the assistance of an agent. This change is already in progress. While this tool stands out compared to existing solutions in the market, it's important to note that there are still some limitations to consider. Another drawback we encountered relates to our expertise with Kubernetes. The tool can monitor Kubernetes audit logs, triggering alerts and notifications. However, it falls short in terms of taking direct action based on these alerts. There are different methods of event capture, including through system labels and system calls, as well as via Kubernetes audit events. Notably, at the system level, Sysdig Secure can both detect and respond to events, allowing actions like blocking and warning. This proactive approach is effective at the system call level. However, when it comes to monitoring Kubernetes audit events, Sysdig Secure can only notify without being able to execute any further actions. It can't block access or containers. The vendor likened their role to that of a monitoring camera, observing events and sending notifications without the capacity to intervene. This limitation applies to Kubernetes audit events. Given that everything operates within our system, there is a workaround available: configuring system-level policies to block containers as necessary."

"Netsparker is one of the costliest products in the market. It would help if they could allow us to scan multiple URLs on the same license."

"Invicti is best suited for large enterprises. I don't think small and medium-sized businesses can afford it. Maintenance costs aren't that great."

"We are using an NFR license and I do not know the exact price of the NFR license. I think 20 FQDN for three years would cost around 35,000 US Dollars."

"It is competitive in the security market."

"I think that price it too high, like other Security applications such as Acunetix, WebInspect, and so on."

"OWASP Zap is free and it has live updates, so that's a big plus."

"We never had any issues with the licensing; the price was within our assigned limits."

"The price should be 20% lower"

"It is quite costly compared to other tools."

"In comparison to other cloud solutions, it's reasonably priced. However, when compared to in-house built open-source projects, it might be considered somewhat costly. The cost depends on whether someone sees the support provided by Sysdig as an advantage or if it's deemed unnecessary. Personally, I find the support to be excellent and consider it a good value."

"I am always going to say that it could be a little bit cheaper. I do feel that it is a little bit on the expensive side."

"Sysdig is competitive. The quality matches the pricing. Obviously, everyone wants things to be cheaper, but if you're realistic, you acknowledge that quality service comes with a price. Sysdig is the gold standard for Kubernetes, and I wouldn't choose anything else. We live in Kubernetes. Everything is containerized, so that means a lot to us, and we're willing to make an investment."

"The solution's pricing depends on the agents...In short, the price depends on the environment of its user."