IONIX Reviews

We use IONIX to gain visibility into our external attack surface. This allows us to see our organization from an attacker's perspective, identifying potential vulnerabilities. By exporting reports, we can effectively communicate these risks to key stakeholders, enabling them to take proactive measures to mitigate them.

The most important thing was to identify all our public-facing systems. In other words, any systems that the public could access. Once I had that list, my priority was to ensure their security. That meant making sure they were free from vulnerabilities. Next, I wanted to have actionable intelligence on any vulnerabilities we found. This way, I could send it directly to the system owners, who could then take immediate action to fix the problems. The IONIX platform has been instrumental in achieving this. On the very first day, I got access, we were able to identify and address two critical vulnerabilities within just five minutes! Additionally, we discovered a public-facing system that we weren't previously aware of. Overall, it's been a very impressive tool.

IONIX helps us with KPIs by identifying our assets and locating publicly accessible vulnerabilities within those assets. Additionally, it provides a severity rating for each vulnerability.

The tracking is important because it ensures we are not replicating efforts.

IONIX prioritizes bug fixes based on severity using a scale of one to ten. This ensures that critical and high-priority issues are addressed immediately.

IONIX helps us identify our most critical assets, the ones that have the biggest impact on our risk exposure. It can also pinpoint any of these assets that are externally facing, meaning accessible to anyone on the internet. This is extremely valuable because having critical assets exposed to the public internet significantly increases the risk of attack. By identifying these exposed assets and highlighting their vulnerabilities, IONIX provides a crucial service.

IONIX excels at identifying risks in third-party digital supply chains. This makes it easy to leverage those KPIs and demonstrate a potential correlation between security and search engine optimization to our marketing team, thereby getting them involved.

Fortunately, I haven't had to discuss any false positives. The majority of our alerts, particularly the medium-severity ones, seem to be triggered by hyperlinks to third-party websites. We have a significant number of these alerts, and I'm scheduled to meet with the marketing department to address them.

The IONIX user interface is truly user-friendly. Setting up a link, and credentials, and navigating the platform was incredibly fast and required no prior configuration. Within five minutes, I was up and running, able to explore a report and initiate action from our infrastructure team. It's a remarkably fast and smooth experience.

Non-technical people can see the evidence and take action based on their one-sentence actionable items.

IONIX integrates with our SOC tools to automate tasks. We plan to further leverage IONIX by integrating our AWS public-facing assets and Jira ticketing system. This will allow for automated project creation for our infrastructure team.

I realized the value of IONIX within the first five minutes. It identified two critical vulnerabilities that we were then able to address.

The Active Protection feature automatically detects exploitable vulnerabilities in our system and takes control of them, without requiring manual intervention from us. IONIX can potentially take control of an asset before an attacker does. This would prevent the attacker from gaining access. IONIX would notify us of the issue and help us mitigate it before returning control of the asset. Ultimately, it's far better to have a trusted security provider like IONIX manage our assets than a malicious actor. The Active Protection feature is important to us for those reasons.

IONIX helps us reduce our mean time to remediation by providing clear and concise information. This allows our marketing team to address certain situations without requiring IT intervention.

I've accessed the IONIX threat exposure radar three times since its implementation, and thankfully, there haven't been any threats detected on any of those occasions.

We use IONIX to identify and monitor any vulnerabilities or issues within the attack surface. It is also used to validate the remediation actions.

I helped to select the product and negotiate the contract terms for the product. I was on the team that designed, implemented, or customized the solution.

The KPI would be the completeness of attack surface visibility, the remediation time target, and the effectiveness of other surveillance and monitoring processes like a double-checking mechanism.

Initially, the problem we encountered was understanding the full spectrum of the attack surface, particularly with internally operated network address spaces and third-party operated address spaces. We also used the solution to see what the network address looks like and whether it is clean regarding vulnerabilities from a security standpoint.

From a prioritization perspective, IONIX is super helpful. It has its own prioritization algorithm. Unlike other scanners, IONIX sees whether the detected vulnerabilities can be exploited. This gives us a very clear view of what we need to fix now and what we need to fix in 30 to 60 days. The solution provides very clear visibility.

Prioritization is also very helpful because of the accurate distinction of network ownership between third-party and my team operations. Having the right ownership marked appropriately helps get the right people to take the right actions very quickly. We waste much less time figuring out the ownership, which is very helpful.

We have other means to identify assets that are most critical to our operations and have the biggest impact on our risk exposure. IONIX helps ensure we do not miss any among our many thousands of IP addresses. If somebody has a random IP address, we can very quickly say it is in this category owned by these people. IONIX helps a lot with ownership rather than just priority or criticality.

IONIX identifies digital supply chain risks in the third-party digital products and services our organization uses. IONIX helps us with a third party because it already has a view of all our third parties and their connectivity back into my organization. They also monitor the potential exposure of these third parties.

When vulnerabilities are exposed, IONIX is very quick to point them out so that we can work with the right third party to remediate them very quickly. I would not be able to identify and monitor all of them internally. It's just a scaling problem. IONIX is able to scale very quickly into each of those third parties and identify them. This is only for any of the internet phasing types of IP addresses.

IONIX has tremendously helped reduce our organization's false positives. The false positives can come because of many different reasons. Firstly, IONIX helps us accurately identify which assets we own. We get many different reports daily, but we often don't own those assets. That's why it is not a false positive. Even if the issue exists, we always get to the wrong owners.

IONIX helps with getting the reports to the right people. We also get a lot of different reports about vulnerabilities that generally don't exist. The solution's detection is very accurate. IONIX helps us get to the right owner or the right reason very, very quickly just because of the accuracy of their data.

The solution's Action Items are written in simple language so that IT personnel can fix them rather than needing security experts. IONIX correlates the data with the right CBE number, which helped to do further research if necessary. IONIX's language is genuinely industry-friendly, so the instructions are clear.

IONIX provides automated integration into our SOC tools. The solution has APIs from which we pull data. Once we pull the data, we use it in many different ways, shapes, or forms, including asset inventory and prioritization. There are a few criticality adjustments, but mostly, it is used for priority and ownership.

It took us about 60 days to start seeing the benefits of IONIX. Initially, it took some effort to ensure that our network rangers recorded or detected accurately. We need a little bit of an education session with IONIX to be able to distinguish between our assets and the third parties' assets.

A certain level of investment from my side was required, and if I did not do that work, then any of the data coming from IONIX would be useless. The initial investment is what makes it accurate. Once a one-time investment is made, we can get very accurate detection and results out of IONIX within 60 days.

The solution's Active Protection feature automatically mitigates specific exploitable vulnerabilities without action on our part. The Active Protection feature requires zero amount of work from my organization. It offers a great deal of protection as soon as IONIX can detect it. It is one of those exceptional cases when we have to do nothing, and the tool does everything to offer us protection.

The solution's Threat Exposure Radar provides a unified view of critical exposures across our entire attack surface. Every organization will have its own operated IP address space and third party. In some cases, some of our websites are also linked to relatively unknown organizations.

The solution's Threat Exposure Radar helps us identify where the threats are located and gives us a one-panel view of the entire landscape. It is one of those TV screens that gives us an executive view of where things are and whether we're healthy or not.

IONIX has significantly helped reduce our mean time to remediate. We also have the service of a support analyst, with whom we meet regularly. Not only are we getting the wording in the form of a website, but we also get somebody who can explain things to the technical team. They're very, very responsive, and they answer very quickly if we have any questions.

Over the last four years, we have gone through two people, and both of them are very, very technical and able to articulate very complex topics to us in a very, very clear manner. In addition, the meantime to remediate comes back to the accuracy of the data. We have many other vendors in this space. The accuracy of the data and the ability to portray ownership to us is very, very crucial. Once you have the right data, the action becomes much more effective.

We don't use the solution's Threat Exposure Radar to prioritize threat remediation because we use many other analytics and pull in multiple data sources to do that. That particular feature is not as useful for us, but it's only because we have many other tools and data sources to consider. We have invested very heavily in that.

The solution's false positive ratio is extremely low because it's able to recognize which assets are mine and which are not. That helps to reduce a lot of confusion, which is a big deal. If we look at the reporting numbers by other vendors in this particular space, IONIX reports about half of the vulnerabilities to me. I would say 90% of those half will be false positives.

IONIX enhances our understanding of our attack surface by revealing both known and unknown aspects of our systems. This insight helps us anticipate the various tactics attackers might use to penetrate our network. With IONIX, we can evaluate the risks associated with vulnerabilities in our internal systems.

Moreover, the recent addition of a threat sensor feature enables us to prioritize these risks more effectively.

When we started using the IONIX platform, we had hundreds of vulnerabilities. Over the years, this number has decreased significantly, and we now maintain an average of about 50 open vulnerabilities in our application space.

IONIX helps us prioritize vulnerabilities in both applications and infrastructure, but my focus is on applications.

IONIX uses scoring algorithms to identify critical assets, though it lacks some internal data we have. Despite this, its prioritization is useful and complements our analysis. The platform helps us prioritize security fixes by assigning severity levels to vulnerabilities, which we trust and follow.

IONIX has also reduced false positives, saving us time and resources. Its active protection feature automatically mitigates exploitable vulnerabilities, providing temporary solutions while we work on permanent fixes. We use

IONIX's APIs to connect with our SIM systems and other tools, though we haven't fully utilized these integrations yet.

The platform offers clear visibility into our attack surface, especially non-production assets on the network perimeter, which are more vulnerable. Since implementing IONIX, we've seen a significant reduction in perimeter vulnerabilities.

IONIX's remediation information is often actionable by our AD teams, and we support them as trusted advisors.

The threat exposure radar helps us identify and prioritize areas with concentrated vulnerabilities, allowing us to allocate resources effectively.

IONIX has transformed our security posture, reduced the number of vulnerabilities and eased the burden on our security teams. It also helps identify digital supply chain risks, allowing us to work with our third-party business management team to address these issues and improve our overall security.

IONIX provides visibility into our assets, such as our web interfaces and services. 

IONIX enables us to manage all our assets from one platform. We can see all the assets, login pages, web services, etc., from one place. It automatically scans everything so we can find new information about our organization. We don't need to add each asset or interface manually. IONIX allows us to see every registered domain and any DNS changes. Using IONIX has saved me about five or six hours each week. 

It is an attack surface management tool. We use it to detect unknown assets actively exposed to the Internet.

We wanted to look for threats that were exposed to the Internet that we did not know about. We were looking for those unknown things out there on the Internet. We were trying to make sure that we knew what our attack surface looked like from an outside point of view. We were looking for a platform to identify that.

Understanding our attack surface and what is exposed has been a huge benefit. We could see some of its benefits during the POV, which also compelled us to buy it.

IONIX helps prioritize fixes by letting us know what is urgent for our security team to fix. This is very important. It does a very good job of identifying what is critical or high priority and making sure that we are focusing only on the critical things.

IONIX helps identify which assets are most critical to our operations and have the biggest impact on our risk exposure. It helps identify web apps that have been forgotten or that have been decommissioned but something is still available on the Internet. It helps to identify such things so that we can get rid of them.

IONIX is very good for identifying digital supply chain risks, meaning risks found in the third-party digital products and services that our organization uses. It is very thorough. It allows us to use the findings for leveraging and getting better service from our third-party vendors.

We have not had any false positives so far, which is nice. We have not had anything yet. However, we have set up a weekly cadence with them. If one does come up, we would just identify it there, and I am sure they would take care of it.

IONIX has been pretty positive for the security team. The biggest burden is on the people trying to fix the issues. It does not fall on the security team. It involves the operational teams because some of the fixes are quite involved in nature. In some cases, they might need to reengineer something, which takes time. However, from an operational burden perspective, it has been very straightforward for us.

It integrates with a couple of our tools. It has Jira and ServiceNow integrations, but we are not completely integrated. We are leveraging their API to do some of the assignments.

IONIX's Active Protection feature automatically mitigates specific exploitable vulnerabilities without action on our part. We use it for the most egregious ones, such as hijackable domains. This automatic mitigation is amazing. We do not have to stay up all night trying to figure out who is going to remediate in an emergency.

IONIX has not helped reduce our mean time to remediate. It is about average as to what you would expect. However, we are not tossing a bunch of things over the fence. We are prioritizing things, so in the sense of noise, it definitely helped us streamline that.

We are using Threat Exposure Radar for different configuration types of weaknesses. We are exploring it, but it is more of a proactive approach than a reactive one. We are very reactive, but we are trying to get proactive. We are starting to leverage it so that we can prioritize some of the proactive work with best practices, etc. Threat Exposure Radar does a good job of providing a unified view of critical exposures across our entire attack surface.

Threat Exposure Radar helps to prioritize threat remediation in the sense that we know that we are going in the right direction by dealing with some of the more egregious and higher severity things. It does help us understand what is next after that. As soon as we are done with the critical ones, we will go back to tackle one of the subcategories and try to figure out what steps we want to take next.

Threat Exposure Radar provides insights and next steps for helping remediate threats. This information is helpful.

We are using IONIX to scan our public network ranges for vulnerabilities as part of our external technology service management.

We implemented IONIX after our previous supplier discontinued their services.

IONIX helps us track, for example, how many critical vulnerabilities we have on our web shops. We are looking to identify the most critical vulnerabilities, which serve as key indicators of our security posture.

IONIX's ability to prioritize vulnerabilities has been great. All the engineers within our organization, who have reviewed the findings, have found them extremely helpful.

Its ability to identify which assets are most critical to our operations and have the biggest impact on our risk exposure is good. They can identify 80 percent of our critical assets without us having to do additional work.

IONIX provides us with accurate reports with no false positives.

The action items and the description of the findings provided by IONIX are written in a simple language that our IT personnel can understand without the need for a security expert. This way all we have to do is forward the information to the engineer.

We recently upgraded our SOC and began leveraging the insights from IONIX more extensively. Previously, as a team of only four, comprehensively analyzing all the findings was a significant challenge. Fortunately, doubling our team size has provided us with the bandwidth to delve deeper into these findings and utilize them effectively. While this has understandably increased our workload, it aligns with our goal of implementing a solution that comprehensively identifies vulnerabilities.

IONIX continuously updates the types of vulnerabilities they scan for. Whenever a new vulnerability appears on the market, we're typically informed, and they scan our network for it. They also try to address some of our desired product improvements, which we work towards implementing.

IONIX's active protection feature automatically mitigates specific exploits without intervention on our part. This year, it detected a critical vulnerability: a back-end link pointing to an unclaimed domain. To prevent its exploitation, the system proactively purchased the domain, effectively removing it from potential attack scenarios.

We saw the time to value of IONIX within the first month of use.