External reviews
External reviews are not included in the AWS star rating for the product.
Vanta makes the process of becoming compliant very easy and straight forward.
What do you like best about the product?
It is logically built up with the automatic detection of security gaps in our IT infrastructure is great.
What do you dislike about the product?
Not all of our tools can integrate yet, so we still need to control access to some systems manually.
What problems is the product solving and how is that benefiting you?
SOC 2 compliance and we achieve that with very little resources.
- Leave a Comment |
- Mark review as helpful
Vanta - SOC2 compliance made easy
What do you like best about the product?
Vanta made our first SOC2 audit as seamless of an audit process as I could ask for. The real-time monitoring of user accounts, advice on security configuration, and the out of the box policies all helped us pass the audit with flying colors. We use it to manage vendor security as well, which has allowed us to store all of our security and compliance documentation in one spot. I've been through a number of these security audits in my career, and the process with Vanta made it more seamless and straightforward for us than I could have imagined. I've already recommended Vanta to peers at other companies and will continue doing so.
What do you dislike about the product?
I'd love to see Vanta make some improvements to their stock policies. I've spoken with their team and they've indicated this is something on their radar and they will be updating these soon.
What problems is the product solving and how is that benefiting you?
We are monitoring all user accounts with Vanta for onboarding, offboarding, and ongoing security. This allows us to manage our security infrastructure from one place which consolidates multiple tools/spreadsheets/processes down into one thing. It's awesome!
Recommendations to others considering the product:
Make sure you talk with your SOC2 auditor to ensure they understand how to use Vanta. There is a separate login for auditors to review, which makes the whole process 100x easier, but the auditors have to understand what they need to do.
We would have been LOST without Vanta!
What do you like best about the product?
Do I have to pick just one thing?! In short, Vanta was able to simplify what is otherwise an extremely difficult project (especially for a company our size, about 75 people). Their employees are passionate and great to work with, from the very first call to handing off to a Customer Success Manager (CSM).
To explain in more detail, when we started the SOC II Type I Audit process we had no idea where to begin, and had previously spent 6-8 months attempting to complete things on our own, barely making any progress. As soon as we found Vanta, we immediately felt relief and confidence that we could complete the work required to pass our audit. The platform is easy to use, user-friendly, gives great insight into our high-priority risks, computers that need additional features, has a great email notification system for sending employees invites and reminders, and has very well thought out policies that allowed us to complete the work within a couple of months rather what I’m sure would have taken us more than a year. Our CSM met with us weekly to help us figure out where to start first, what to focus on each week, etc. and there is no way we could have completed this audit without them!
To explain in more detail, when we started the SOC II Type I Audit process we had no idea where to begin, and had previously spent 6-8 months attempting to complete things on our own, barely making any progress. As soon as we found Vanta, we immediately felt relief and confidence that we could complete the work required to pass our audit. The platform is easy to use, user-friendly, gives great insight into our high-priority risks, computers that need additional features, has a great email notification system for sending employees invites and reminders, and has very well thought out policies that allowed us to complete the work within a couple of months rather what I’m sure would have taken us more than a year. Our CSM met with us weekly to help us figure out where to start first, what to focus on each week, etc. and there is no way we could have completed this audit without them!
What do you dislike about the product?
I can't think of a single critique, Vanta is worth every penny!
What problems is the product solving and how is that benefiting you?
Vanta helps point out where our biggest security risks are, and points us in the direction to solve them, even down to the employee and device level. Vanta also helps us write and improve our security policies to continue improving our security posture. Because of Vanta, we were able to complete our SOC II Type I Audit in only a couple of months.
Recommendations to others considering the product:
If you are looking for a platform that is easy to use, user-friendly, gives great insight into your high-priority risks, computers that need additional features, a great email notification system for sending employees invites and reminders, very well thought out policies, and to essentially take something as complex as a SOC II audit and simplify the work so it can be completed within a couple of months, all while working with an awesome CSM who helps as much as needed the entire way, Vanta is for you. I do not think we could have completed our audit without them!
Great help for SOC2 compliance
What do you like best about the product?
Vanta is a huge help for on-boarding and off-boarding employees and recording that it was done correctly for compliance purposes. For example, they correlate GitHub accounts with employees names. When an employee leaves they alert me if I have not removed their GitHub account from our org. It's little things like this that prevent me from making mistakes. It also allows auditors to see that we have been following our policies and best practices.
What do you dislike about the product?
Their risk register needs more work. It should be more flexible. I would also like to see more Kubernetes focused security monitoring.
What problems is the product solving and how is that benefiting you?
It helps us maintain compliance, particularly SOC2 compliance. It also keeps us more secure.
High Impact Software for a fast growing business like RFP360
What do you like best about the product?
Easy to implement and provides high impact to our prospects and customers with very little time investment from an administration stand point.
What do you dislike about the product?
I would like better education on other solutions/uses Vanta could provide to our business.
What problems is the product solving and how is that benefiting you?
We are automating and simplifying security reviews for our customers and prospects.
Okay for speeding up a “check the boxes” audit
What do you like best about the product?
Has a lot of the checks you need for a SOC 2 built in. For example, it auto tracks all employees and installs an agent on their machine to make sure you have malware protection and encrypted hard drives.
What do you dislike about the product?
A lot of the checks are not necessary. Things like the Vanta agent “check the box”, but they don’t actually add a lot of security.
It’s not super configurable. You can link Datadog, but when it looks for monitoring on certain things, it only looks at CloudWatch. Why even allow to link Datadog?? When linking your ticketing system, it assumes the `Security` label means p0. If that’s not the convention you use, tough luck!
It’s not super configurable. You can link Datadog, but when it looks for monitoring on certain things, it only looks at CloudWatch. Why even allow to link Datadog?? When linking your ticketing system, it assumes the `Security` label means p0. If that’s not the convention you use, tough luck!
What problems is the product solving and how is that benefiting you?
SOC 2, continuous monitoring. It’s nice to be alerted when things go out of compliance or when new servers pop up without monitoring, or when vulnerabilities pop up.
Made the SOC2 process painless and easy
What do you like best about the product?
The entire process from creating and reviewing the policies, monitoring our cloud environment, code repository& addiotnal systems, together with collecting the evidence automatically was a huge offload. Bundled with great support before we started the process by Ashley and after we started it with Taylor was a great help.
What do you dislike about the product?
We experienced some minor issues with some cloud monitoring metrics, but they have all been addressed within days.
What problems is the product solving and how is that benefiting you?
We were able to get ready to the SOC2 audit within 6 weeks with significant less effort while still focusing on the business and customers, otherwise it could have been a full time work for a few months.
Vanta accelerated Klaus' path to SOC2 compliance
What do you like best about the product?
As a small organization we were able to really leverage automated integrations and guidance regarding best practices and guardrails for many if not most of our used technology platforms including Google Cloud Platform, Github, GSuite etc. The fact that Vanta makes the controls and checks transparent allowed us to go through the process much faster than we would have without them.
If you are new to the field of SOC2 then Vanta has solid policy templates (that they have recently improved) to be used as base and can also solve asset tracking using their Vanta Agent (osquery based lightweight tool).
As a positive highlight I would also like to bring out Vanta's customer support — whenever we had any hiccups these got solved quickly and the team was transparent around what had happened.
If you are new to the field of SOC2 then Vanta has solid policy templates (that they have recently improved) to be used as base and can also solve asset tracking using their Vanta Agent (osquery based lightweight tool).
As a positive highlight I would also like to bring out Vanta's customer support — whenever we had any hiccups these got solved quickly and the team was transparent around what had happened.
What do you dislike about the product?
There is always room for improvement and we do know Vanta is already tackling many of these. Initially we were faced with few UI/UX glitches and have faced some early integration problems but these have always been solved quickly or there have been ways around the issues.
If to highlight something that we would like to see tackled in the future then it would be improved facilitation of periodic processes (like access review etc.) and enhancement of tasks handling.
If to highlight something that we would like to see tackled in the future then it would be improved facilitation of periodic processes (like access review etc.) and enhancement of tasks handling.
What problems is the product solving and how is that benefiting you?
Vanta helps organizations to get aligned and meet the requirements to become SOC2 compliant and then continue to keep the controls in check by continuous monitoring. Their strong relationship with auditors helps to accelerate the process by assisting in evidence collection etc.
Recommendations to others considering the product:
Vanta is worth considering especially if new to the world of SOC2 compliance as their integrations and relations with auditors ease the complexity of the whole process.
Best way to automate a lot of the SOC-2 work
What do you like best about the product?
First, you have a dashboard for most of your SOC-2 requirements.
Integrates well with GCP, GSuite, Slack, GitHub - essentially covering almost all requirements.
Good policy templates.
Audit prices drop too because of the automation.
Integrates well with GCP, GSuite, Slack, GitHub - essentially covering almost all requirements.
Good policy templates.
Audit prices drop too because of the automation.
What do you dislike about the product?
The only rough edges we noticed were around supporting many different GCP projects, but support is very helpful in working on fixing this.
What problems is the product solving and how is that benefiting you?
Very quick ramp up to getting ready for SOC-2 Type 2.
SOC 2 Process for Virtual Power Plant Company using Customer Energy Data
What do you like best about the product?
The ability to integrate with our stack. There are a lot of common tools used that hook into Vanta very easily, making it clear what areas need to be addressed to become SOC 2 compliant.
What do you dislike about the product?
Vanta's interface doesn't change based on the level of SOC2 compliance. Depending on the Trust Service Criteria, not every feature is needed. Being able to turn off features/fixes based on the Trust Service categories being sought would be helpful.
What problems is the product solving and how is that benefiting you?
Getting out in-house security practices reviewed and, if needed, updated or changed to be SOC2 compliant. We expect the third-party vendor cybersecurity review process with our clients to be expedited, allowing for faster contracting.
showing 1,371 - 1,380