Vulcan Cyber Reviews

Our use cases generally involve servers, particularly Linux servers. With Vulcan Cyber, we scan all of our servers for vulnerabilities or security-related issues. The system alerts us of any issues, based on which we take action. It can involve checking if any reboot is needed, if certificates are expiring, or if any licenses are due for renewal. We accordingly take action on that.

It provides a single pane of glass. We have centralized data to manage all our servers' security and vulnerabilities. It is a simple, centralized system. It has been very helpful.

I have worked on only one other similar solution. It was an internal tool. Capability-wise, Vulcan Cyber is more capable. It has a lot of features, and we are still exploring it. We have people from Vulcan assisting with it. They are helping us with new features and customization requests for proper asset management. With the previous solution, we did not see any customization options.

We were able to realize its benefits immediately. A new solution requires some time to become familiar, but after one week, we found it to be good compared to the old solution. It took us one week to get used to the solution.

We are getting alerts twice a week, and we are effectively managing things. Our team accordingly works on them. 

Vulcan Cyber has been 90% effective in triaging cyber risks. We are still working with the vendor on some customizations. There are some challenges on the server side, and we are working on resolving them.

Vulcan Cyber has helped reduce our organization’s mean time to remediation. There is a lot more visibility.

Being able to export vulnerability information based on groups is valuable. For instance, if we have one application with 15 servers and another application with 45 servers, we can regroup them by giving some names. We can export the vulnerabilities related to the application servers and work on them flexibly. There is a lot of flexibility in exporting, making it a really good feature. The exporting flexibility based on application type is commendable and provides significant value.

If there was a way for me to connect to the vendor directly from the application, it would be helpful. We have the highest privilege in the application, and at least for members with the highest privilege, having the capability to reach out to the vendor directly from the application would be beneficial. It seems this feature is missing, but it would be really helpful, especially for the admins who manage the application. As an admin, this functionality is not present.

I have used the solution for six months to one year.

As of now, we have not seen any stability issues.

The scalability is excellent. It processes any number of servers added and provides the output efficiently. The scalability is amazing, which is why we switched from the old tool to this one. It is really good in scalability.

Our manager deals directly with vendor support. Their technical support team is very good, knowledgeable, and helpful.

This is the second one we are using. The first one we used was an internal one, and it did not have many features. Our company opted for Vulcan Cyber, but I do not know the reason for the choice. It has been very nice for what we were looking for.

Vulcan Cyber has improved our operations a lot. Previously, there was no flexibility in exporting the vulnerabilities. In addition, it provides flexibility to extend a server that is expiring for a particular period of time. This is very helpful. I do not see this feature with any other tools.

The process is completely managed by the vendor and is very simple. One of their staff helped us with everything, including setting up asset management. He assisted in deploying all servers based on server application type, allowing us to group by application. He helped us once initially, and from then on, we managed independently without issues. The setup was completed in a single day. We also had a couple of KT sessions, allowing us to manage it effectively. Overall, it took us a week.

It does not require any maintenance from our end.

We worked as a team of three to four people.

I would suggest going with this solution without a second thought. The first week may be difficult, but once you get used to it, it becomes a cakewalk. 

I would rate it a nine out of ten. It is still a new tool for us.

We have multiple scanning tools, such as Wiz, BlackRock, and Snyk. Snyk is not good for this because it doesn't integrate with Vulcan. All of these tools produce reports that must be managed differently, and each is integrated with Jira to raise tickets to the engineering team. 

Vulcan offers a holistic approach to vulnerability management, so we can see all the scanner findings and open tickets from one place. Three architects, a few other team members, and management use it, so we have six or seven people using it.

Vulcan Cyber collects and aggregates results from our security scanning tools, so the engineering team only needs to use one tool. They don't need to use the other UIs and scanners. It offers an easier way to manage vulnerabilities. It has improved our visibility. It hasn't helped in the mitigation phase, but it has improved the management of mitigation actions. 

It enables us to prioritize our mitigation. We have all kinds of findings. We can open tickets and track everything from there. When we have critical vulnerabilities, we must solve them ASAP. It helps because we can define what we want to find first and open the ticket automatically. I don't have automation for everything, but only for the critical issues. Vulcan helps to identify the critical ones because it opens tickets automatically. Instead of manually looking at the other tools and scanners, we get it immediately through the automation feature.

We have multiple security teams. One is our architecture team, and the other is our SecOps, which has the analysts. As architects, our main task is to manage the security posture. Vulcan specifically helps the security teams because it's part of our daily activity. Instead of from one scanner to another, I can go to this and use it. It potentially helps security architects like us a lot. I don't think the engineering team cares because they just work tickets, but our team is potentially impacted by this a lot.

Automation helps reduce the amount of time needed to resolve the issue. We haven't collected the metrics, but I can say that we improved by a few percentage points. It could be up to 10 percent.

We haven't saved any money. It's a security tool so we cannot realize how much we've saved until we know what we have prevented. 

Vulcan enables us to automate tickets from multiple scanners. It has lots of analytics options that show us charts and allow us to view the statuses in different waves. The dashboard is nice because it's highly informative about the big picture.

Having that single pane of glass view is especially important for our company because we have a lot of teams and products. It's a mess.  We have a few tools that give us a high-level overview, but it's not enough because we do not have a single tool that provides us with all the information. That's what we were looking for. 

Most tools integrate with Vulcan but not all of them. Wiz is the most important for us because it's our CSPM system and covers container scanning, asset scanning, and VMs. We had a few problems that were fixed in the last few months. 

The performance is bad. The query and the UI are always slow, and it's quite frustrating. Vulcan is trying to solve this with a newer design. The dashboard is also crowded. It pulls in all this raw information that you need to filter. Vulcan has filtering capabilities, but they're hard to manage. The labels aren't very clear, so you need to do things by trial and error. It's not as easy as other tools we've been using. 

Collecting everything into a single data lake can be good and bad because it collects everything. For example, we didn't have a chance to work on the vulnerabilities yet in the beginning, so we had thousands of findings. I can see everything, but it's not manageable. Vulcan has good integrations but not with all the tools because we use Snyk for scanning, and it's not well-integrated yet. They collect all the information needed but do not organize it well enough.

I have used Vulcan Cyber for more than six months.

There is a bug in the UI, but Vulcan is otherwise quite stable. 

I rate Vulcan Cyber seven out of 10 for scalability. It can scale up to the environment but you'll face issues with performance. Most of the features are great, but when you try to use them at scale, they fall apart.

I rate Vulcan support seven out of 10. We had an issue a while back that took a while to solve. The communication was good, but we didn't understand each other a few times, so it took a while to fix the issue. It was partially fixed, and then it took a while until it was fully fixed.

Neutral

We didn't have a full management tool before. We used all the scanners, and most give you this capability on top of their engine. For example, Snyk for SaaS has a vulnerability management UI. So does Wiz and everything else, but we didn't have a unified console. Vulcan is the first unified tool we used. 

Deploying Vulcan isn't that complex, but it's more complex than other tools I use. 

I rate Vulcan Cyber seven out of 10. It isn't easy to get this level of vulnerability management at scale with a do-it-yourself approach. You could try to implement that on a small scale, but go for Vulcan if you're trying to implement it on a large scale. I would recommend it because it gives you visibility for everything you have. It isn't a perfect tool.