I helped to select the product and negotiate the contract terms for the product. I was on the team that designed, implemented, or customized the solution.
The KPI would be the completeness of attack surface visibility, the remediation time target, and the effectiveness of other surveillance and monitoring processes like a double-checking mechanism.
Initially, the problem we encountered was understanding the full spectrum of the attack surface, particularly with internally operated network address spaces and third-party operated address spaces. We also used the solution to see what the network address looks like and whether it is clean regarding vulnerabilities from a security standpoint.
From a prioritization perspective, IONIX is super helpful. It has its own prioritization algorithm. Unlike other scanners, IONIX sees whether the detected vulnerabilities can be exploited. This gives us a very clear view of what we need to fix now and what we need to fix in 30 to 60 days. The solution provides very clear visibility.
Prioritization is also very helpful because of the accurate distinction of network ownership between third-party and my team operations. Having the right ownership marked appropriately helps get the right people to take the right actions very quickly. We waste much less time figuring out the ownership, which is very helpful.
We have other means to identify assets that are most critical to our operations and have the biggest impact on our risk exposure. IONIX helps ensure we do not miss any among our many thousands of IP addresses. If somebody has a random IP address, we can very quickly say it is in this category owned by these people. IONIX helps a lot with ownership rather than just priority or criticality.
IONIX identifies digital supply chain risks in the third-party digital products and services our organization uses. IONIX helps us with a third party because it already has a view of all our third parties and their connectivity back into my organization. They also monitor the potential exposure of these third parties.
When vulnerabilities are exposed, IONIX is very quick to point them out so that we can work with the right third party to remediate them very quickly. I would not be able to identify and monitor all of them internally. It's just a scaling problem. IONIX is able to scale very quickly into each of those third parties and identify them. This is only for any of the internet phasing types of IP addresses.
IONIX has tremendously helped reduce our organization's false positives. The false positives can come because of many different reasons. Firstly, IONIX helps us accurately identify which assets we own. We get many different reports daily, but we often don't own those assets. That's why it is not a false positive. Even if the issue exists, we always get to the wrong owners.
IONIX helps with getting the reports to the right people. We also get a lot of different reports about vulnerabilities that generally don't exist. The solution's detection is very accurate. IONIX helps us get to the right owner or the right reason very, very quickly just because of the accuracy of their data.
The solution's Action Items are written in simple language so that IT personnel can fix them rather than needing security experts. IONIX correlates the data with the right CBE number, which helped to do further research if necessary. IONIX's language is genuinely industry-friendly, so the instructions are clear.
IONIX provides automated integration into our SOC tools. The solution has APIs from which we pull data. Once we pull the data, we use it in many different ways, shapes, or forms, including asset inventory and prioritization. There are a few criticality adjustments, but mostly, it is used for priority and ownership.
It took us about 60 days to start seeing the benefits of IONIX. Initially, it took some effort to ensure that our network rangers recorded or detected accurately. We need a little bit of an education session with IONIX to be able to distinguish between our assets and the third parties' assets.
A certain level of investment from my side was required, and if I did not do that work, then any of the data coming from IONIX would be useless. The initial investment is what makes it accurate. Once a one-time investment is made, we can get very accurate detection and results out of IONIX within 60 days.
The solution's Active Protection feature automatically mitigates specific exploitable vulnerabilities without action on our part. The Active Protection feature requires zero amount of work from my organization. It offers a great deal of protection as soon as IONIX can detect it. It is one of those exceptional cases when we have to do nothing, and the tool does everything to offer us protection.
The solution's Threat Exposure Radar provides a unified view of critical exposures across our entire attack surface. Every organization will have its own operated IP address space and third party. In some cases, some of our websites are also linked to relatively unknown organizations.
The solution's Threat Exposure Radar helps us identify where the threats are located and gives us a one-panel view of the entire landscape. It is one of those TV screens that gives us an executive view of where things are and whether we're healthy or not.
IONIX has significantly helped reduce our mean time to remediate. We also have the service of a support analyst, with whom we meet regularly. Not only are we getting the wording in the form of a website, but we also get somebody who can explain things to the technical team. They're very, very responsive, and they answer very quickly if we have any questions.
Over the last four years, we have gone through two people, and both of them are very, very technical and able to articulate very complex topics to us in a very, very clear manner. In addition, the meantime to remediate comes back to the accuracy of the data. We have many other vendors in this space. The accuracy of the data and the ability to portray ownership to us is very, very crucial. Once you have the right data, the action becomes much more effective.
We don't use the solution's Threat Exposure Radar to prioritize threat remediation because we use many other analytics and pull in multiple data sources to do that. That particular feature is not as useful for us, but it's only because we have many other tools and data sources to consider. We have invested very heavily in that.
The solution's false positive ratio is extremely low because it's able to recognize which assets are mine and which are not. That helps to reduce a lot of confusion, which is a big deal. If we look at the reporting numbers by other vendors in this particular space, IONIX reports about half of the vulnerabilities to me. I would say 90% of those half will be false positives.