ImmuniWeb Reviews

We use ImmuniWeb as an instrument to discover our externally visible perimeter. This includes the web services accessible from the internet domain names or IP address ranges, everything we register, and maybe some surprising services that are silently running out of our site. 

We also leverage the functionality to search through the public repositories or dark web and look for any entries related to our business or business name. Some may be stolen accounts, source codes, or similar items, but not many vendors around the world offer such a service within one single subscription, which is also important. We try to use every single feature that ImmuniWeb Discovery provides us.

I like the fully automated continuous discovery run by ImmuniWeb in the background. We do not need to rerun the same tests or the same scanning against our resources. We need to supply our IP addresses, domain names, and significant resources with special domain names and URLs, and we need to do it only once. Then we always have an up-to-date picture. 

I also like the integration with our single sign-on system. We do not need to maintain a separate set of usernames or user accounts. We can plug this ImmuniWeb service into our authentication technology, enabling two-factor authentication. We have secure authentication right out of the box. 

The other important feature I like is the executive view. You can easily switch from a technical view to an executive view and have a helicopter view of the compliance status. We can see how much effort is required and our current status.

It would be better if they had an automated tagging feature. The tagging functionality currently requires manual tagging, and that's probably the most needed feature from my standpoint.

We also do not have enough tools, enough features, or options to display different resources in the way we need. There are basic grouping and some filtering features, but we still cannot fully separate some flavors of our resources. However, we may not be aware of the latest features.

I have been using ImmuniWeb since September 2021, about a year and a half.

ImmuniWeb is a cloud-based stable solution.

ImmuniWeb is cloud-based, so it's easily scalable. It can be scaled up at the vendor's discretion. We need to throttle some of the scan intensity for some resources, but it's only on our side, and we can control that. We do not care about the scalability on the vendor side in terms of the product's speed and performance. It's not our issue, and we do not notice any problems.

Technical support is nicely designed and embedded right into the product or into the web portal. Often when you have Discovery and from different situations when you probably need to ask for support, you are just a couple of clicks away from creating the ticket and asking the support, and they are very responsive.

Positive

The initial setup is straightforward. Even if we had a hundred or thousand more resources, they could all be imported quite easily. It also seamlessly connects to our Azure Active Directory. All imported resources can be tagged in advance, grouped, and sorted in whichever way is feasible for the users. It's straightforward to get into and start getting that value right away.

ImmuniWeb is relatively cheap. It's a competitive price compared to other products in the marketplace. It's worth the money we are paying for it.

I would tell potential users that they should use it. However, they should probably start using the pre-community tools to ensure it's mature enough to provide useful functionality, even for free. 

It will be worth the money if you pay for more advanced functionality. I have been using ImmuniWeb's free edition since it was known by a different name, HT Bridge.

On a scale from one to ten, I would give Immuniweb an eight.

I should say that we've already used ImminiWeb services before. But it was a traditional penetration test of a website. We were absolutely satisfied with their work and selected ImmuniWeb to test our new project for bugs and vulnerabilities.

ImmuniWeb has grown dramatically in these last 4 years. Now, it's a large platform that handles the discovery of your IT assets and launches an AI automated penetration test to fix bugs found.

The first discovery revealed some critical bugs in our assets. ImmuniWeb's team responded very quickly and soon provided a detailed report and guidelines for remediation.

The ImmuniWeb Platform is the best and easiest way to secure a business online. It's a really great experience. We got reports with zero false-positives and detailed instructions regarding how to solve problems and remove any vulnerabilities found with ImmuniWeb Discovery. We didn't have to purchase any complicated software. Everything is online in the cloud.

We are sure that ImmuniWeb is definitely the best alternative to traditional penetration testing. They really reduced our security costs and made our business compliant with GDPR and other European and international laws and regulations.

I like that ImmuniWeb finds all your assets literally anywhere, including on your website, clouds, repositories, network infrastructure, et cetera. Moreover, it scans the Dark Web for assets. Dark Web Monitoring is the most valuable tool. It quickly scans the dark web and you see it all in the dashboard. In our case, we found a password leak.

After the assessment, you clearly know which assets require penetration testing.

The penetration test itself is AI-driven, easily customizable, and provided with a zero false-positive SLA.

You may find the dashboard a bit complicated. That's because of a large number of features. If ImmuniWeb will make a kind of presentation on how to work with a platform when you log in for the first time, that would be ideal.

On the other hand, ImmuniWeb holds monthly webinars where they explain how to use the platform. I took part in one of them and found out a lot of new options I didn't know about before.

A great idea would be to make a mobile application for the ImmuniWeb portal so that all information would be available on the go and from a mobile phone as well. It would be much more convenient.

We have been using ImmuniWeb for 6 months already.

The product offers fast 24/7 support. 

I used the vulnerability scanner from Acunetix and some Qualys products. The scanner is nice but very expensive. It also didn't give the full view of the problems within the website.

I would advise users to start with a small package. Other packages may look costly for an SMB. That said, the price/value ratio is perfect.

We did look at Qualys.

Our customers use the solution for web scanning, application testing, and attack surface management.

The solution's most valuable feature is reporting.

They should improve the solution's reporting for web scanning tools. Presently, there are many restrictions to accessing the reports. I have to pass some security tests. Despite this, sometimes I couldn't see any information.

They should add more automated tools to demonstrate the possibility of hacks. Also, the tools should help us check the possibility of deploying the databases found before. Along with this, they should add more CRM-related features for better administration. In addition, there needs to be a tool for firewalls and vulnerability management. They should provide security assessments for applications and systems like firewalls, IPS, and web gateway.

The solution's technical support team must provide customers with a clear, easy-to-understand product description.

The solution's initial setup is straightforward. The customers have to log in, enter their company's domain and proceed to scan.

The solution is quite expensive. The license costs around $10,000 per test. Also, the customers have to pay extra for every update.

I advise others to thoroughly understand the technical requirements of their business when it comes to security testing. They should evaluate other solutions, such as Tenable and Qualys. Further, they should make a buying decision after an in-depth analysis using different tools.

I rate the solution as a five.