It is a SaaS solution, and we have integrated all the different apps into the Adaptive Shield. For some of them, we need a dedicated user, and for some of them, we use our SSO service. For every app, we add the admin user into the Adaptive Shield, and once a week, I try to meet the app admin to go through all the security checks that it showed us as failed.
Provides not only visibility but also remediation information and is helpful in working with people who are not in security-oriented roles
What is our primary use case?
How has it helped my organization?
The whole purpose of Adaptive Shield was to get more clarity. It is good for us because it gives us things that we didn't know. It gave us a lot of clarity, and we got to know about the things we didn't think we could do in those apps. We got to know about the settings that we didn't know existed. Now, we know how to handle our app more efficiently. We have obviously got more security, but we also know how to handle them more efficiently.
It provides clarity into SaaS misconfigurations, vulnerabilities, and weaknesses on a full SaaS stack. When you click Show More, it gives you more than the summarized description of a security check. This visibility is pretty important because I'm acting as a security engineer. I'm not the app admin. So, I need to give app admins, who might not necessarily be security-oriented, information about what they need to do and why. This is what this solution is good at. Every organization uses different apps in different ways, and visibility is really important just because not everyone is security-oriented. So, you need everything to be visible and clear. It helps in emphasizing the importance of security when you are working with somebody who is not security-oriented.
It gave us more clarity into who is doing what and has brought a sense of cooperation between different parts of the organization. It also helps in understanding what you have in your hands, what you can do with all the apps, and how you can use them smartly in a more secure way.
It shows you the app areas that can be vulnerable to certain things. It gives a lot of clarity. In a world where you have multiple apps in multiple settings, things can get missed, and it gives you a map of the app that you can use to see what can be done. It has helped us in preventing things that could be bad. It is very good, and I would recommend it to anybody.
It is good at showing severities in the full SaaS stack. The information is very clear, and there is a description for every alert. I would rate it an eight out of ten in this aspect.
It provides us the ability to customize it based on our organizational policies. One of the strong points of this solution is that the team is very approachable and available. We asked for five or six customized queries, and they made the changes in a day and followed up to confirm if those were the changes that we wanted. They're very active and available when it comes to customization and support, which is important for us as an organization. It is nice that they can customize it for our needs. They're willing to customize it not just for our organization but also for other organizations. We're very glad that they do it.
What is most valuable?
The security checks are valuable because you need to understand what can be improved. There is a remediation tab inside the security check, So, you don't need to go and search how to fix those things. It gives you step-by-step information for all different apps, which is a really strong feature.
It provides alerts in case of a change. If something passed one of the checks on one day but failed another day, it can show you what has failed. You can see the whole landscape. You can see all the apps and the percentage of the passed test. It encourages you to fix more and get a higher percentage, which is important.
We didn't have any problem integrating it with a lot of the apps. It seems to run smoothly.
What needs improvement?
For compliance security checks, it identifies and tells you about a specific compliance, but it would be better if they also attach a link to the rule of the compliance they are referring to. That will be a lot more clear. You won't have to leave the platform every time to find information on the web. They do have a lot of things that keep you inside the app and give you clarity, but there are a couple of little things that got missed.
One feature about which I have talked to them multiple times is related to being able to rescan or do a recheck on a specific security issue. Currently, when you fix something and you want to check if it is fixed, you need to power off the integration and then power it on. If there is a clickable button that can re-scan and do a single check or even the whole security check, without powering off and powering on, it will be easier and more efficient.
For how long have I used the solution?
I have been using this solution for about four months.
What do I think about the stability of the solution?
It is stable. I had one problem, but it was nothing major.
What do I think about the scalability of the solution?
It has good potential to scale. There are more than a thousand apps that it can integrate with and go into.
How are customer service and support?
I used their support twice in the last four months for a specific integration, and they were very good. I would rate them an eight out of ten. They could do more hands-on help. One time, the help was very hands-on where we arranged a meeting, and another time, it was just sending the right documentation. If they could be hands-on every time, it would be great, but I know it is a big request.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We didn't use any other solution in this way.
How was the initial setup?
I wasn't a part of the deployment. I'm fairly new to the security team. I came right after the PoC was over and my project was approved.
I'm now deploying all different apps to Adaptive Shield, and it is fairly easy. You have a lot of documentation on how to do various things. If documentation is not enough, which is rare, their team is always available.
I go into the app daily. I do the checks every day, and I do weekly meetings with different app managers. If we have fixed all the things that we agreed to fix, and there is nothing new, it could even be a month without changing anything.
What was our ROI?
It probably saves us money by preventing a security hazard, but it is hard to measure the savings. However, it does improve the efficiency of app admins. They can go inside the platform and see all the things they can do with the app in terms of different settings. Even if you are not the one who makes changes, you can still learn from it.
What's my experience with pricing, setup cost, and licensing?
I'm not sure about the pricing, but it is worth it.
What other advice do I have?
It is a very good solution. I recommend it to a lot of friends who work in different organizations. It gives you a lot of knowledge. The more you know, the more powerful you can be.
I would rate it a nine out of ten.
Which deployment model are you using for this solution?
Public Cloud
