Vulcan Cyber Reviews

Our primary use case for Vulcan Cyber is for asset management and vulnerability management. We use it to assess vulnerabilities and assets, especially after a merger, to ensure that all assets are being assessed for vulnerabilities.

It is an asset management and vulnerability management tool. We have the agent on different assets that are being assessed. All the assets that we have on our systems are being checked for vulnerabilities.

There are significant improvements as we previously did not have a comprehensive view of the exact vulnerabilities on our assets. Now we have an overview of what needs to be addressed and how it can be resolved, which allows us to manage the assets and mitigate vulnerabilities effectively.

The single pane of glass that it offers for centralizing our security data is very important. We have a lot of assets in our portfolio. The interface helps to see all the vulnerabilities that our assets have, but it would be good if there was a centralized way to perform the remedies for the particular vulnerabilities.

We have a lot of detailed information about all the assets, attack surfaces, and vulnerabilities that the assets have. There is a lot of threat intelligence and a lot of analysis on threats present on our devices or assets. We have a realistic view of the vulnerabilities that are there for particular assets.

We classify each asset and particular groups, and that helps us get a clear overview of what assets we have and in which groups they reside. We have a good vulnerability management tool to assess particular problems we have with the assets. It provides a good threat analysis and good classification of vulnerabilities. It is a good tool overall as we can see all the threats and assets that we have.

We have quite a lot of assets under management, and we need to address each one of them individually, so it helps us provide a detailed overview of the assets and threats on particular assets. In a way, it does provide quite a substantial amount of data to us. We can create tickets with it very easily and address the vulnerabilities with the information we have from those tickets. That is a good way of providing data.

We have not yet seen a substantial reduction in the meantime to remediate because it is still a new tool for us. There is probably a 20% reduction so far.

The interface of Vulcan Cyber is intuitive with a lot of information about vulnerabilities, which helps in classifying and analyzing threats. We have a good view of assets and vulnerabilities. It helps to do good threat analysis because we can see exactly what the threat is and assess it accordingly. 

It offers a comprehensive view of the assets and their associated vulnerabilities, which aids in assessing and mitigating threats. I can see all the vulnerabilities that our assets have. I can check up on them and take action to mitigate the vulnerabilities or postpone them at a later time.

Improvements are needed in providing more concise details on how to apply remedies for particular vulnerabilities. I would like to have more information about the remedies for particular vulnerabilities so that we do not have to go through the CVE numbers and relevant pages to check for a particular vulnerability and its remedy. A more detailed view of how the remedy should be applied to a particular asset would be good. Overall, it is pretty simple to check the vulnerabilities and view the remedies, but we need to do some additional research online to review exactly what to do to mitigate those issues.

It would be beneficial if the platform allowed remote access to devices for immediate remedies. Rather than logging in manually on the device, we should be able to remote in through the Vulcan Cyber application.

They could also include features for backups and disaster recovery.

We have been using Vulcan Cyber for about three months, following a merger within our company. It was being used by our parent company.

I have not experienced any issues with the stability of the solution. I would rate it a nine out of ten in terms of stability.

The solution is highly scalable. We have a lot of assets under management, and it effectively scales up to accommodate hundreds or even thousands of assets.

It is being used in multiple departments and at multiple locations around the world. We have multiple headquarters, so it is deployed worldwide.

In our IT team, we have about 10 to 15 people, but overall, there might be about 70 users working with this solution.

Before Vulcan Cyber, we did not use another solution at our workplace to assess vulnerabilities and resolve them. However, personally, I have used Acronis Cyber Protect. 

Vulcan Cyber does provide a lot of benefits such as assisting vulnerabilities in a proper manner, providing which assets are affected. Acronis Cyber Protect platform is used along with agents installed on devices. It helps assess vulnerabilities and also mitigate them. It helps apply remedies directly through the web interface. We can apply remedies instantly with the click of a button, although that can be a security risk because it uses some utilities. Acronis Cyber Protect offers a lot of other solutions that Vulcan Cyber does not, such as accessing the device remotely via SSH through the web interface or performing backups of the devices. It also has other disaster recovery capabilities. There is still room for improvement for Vulcan Cyber. Being able to remediate vulnerability instantly through the web interface, perform backups, or remote into the device could help improve the product.

I was not involved in its deployment. From what I am aware of, it is an on-prem model.

In terms of maintenance, for the solution itself, we do not get involved in patching the solution itself. That is the duty of our cybersecurity team, but it helps us address different vulnerabilities and identify applications that need updating.

Personally, I have used Acronis Cyber Protect, which offers vulnerability management and other features like remote access and backups directly through its interface.

It is a new tool for us. We have to go through a bit of training. It took some time to get used to the tool and understand exactly what its capabilities are and what information it provides. It took a bit of time to assess how we could utilize the tool better. There is still much more to learn, but in the short time that we have spent with it, it gives us a good overview of what our assets are and how we can assess the vulnerabilities and manage threats.

I would recommend Vulcan Cyber for its ability to provide a good overview of assets and their vulnerabilities. It is overall a good product.

A DIY approach is feasible if one has strong technical skills for vulnerability risk management, but if you are looking for a more scalable solution, Vulcan Cyber is a good one. It helps quite a lot to have a good overview of the assets and the vulnerability of the particular assets.

I would rate Vulcan Cyber an eight out of ten.

We were searching for a tool in the market that would allow us to automate our vulnerability management processes. We found Vulcan Cyber to be the best one, at least for our company, for automating different tasks involved in vulnerability management. We not only have a centralized place where we can find all the vulnerabilities and assets. We also have an easy way to automate the creation of tickets for different owners of the assets and other things.

It is very important for us that Vulcan Cyber offers a single pane of glass for centralizing our security data. It was one of the most important topics for us when we were searching for this kind of tool. We wanted a single pane of glass to see all our assets in the company as well as all the vulnerabilities, not only from a single scanner but from different security scanners that we use in the company.

Vulcan Cyber is very good for collecting our organization’s risk signals from multiple tools and attack surfaces into a single data lake. It is able to ingest information from different sources. They also have some capabilities to deduplicate data that is already in different sources. When you see it in their platform, in their data lake as they call it, you see it as a single entry instead of having duplicates all over the place.

Vulcan Cyber has had a great impact because previously, we had to review the vulnerabilities manually before going ahead and communicating them to the different owners. Now, with the automation that Vulcan Cyber provides, it is very easy for us to see exactly what is the risk of a vulnerability, not only by the CVSS score, but also depending on if the vulnerability is currently exploited in the wild, or if there are exploits that are publicly available that can be used by anyone. All of those tasks are automated by Vulcan in the backend. We see a summary of the vulnerability, so we know whether it is very critical for us because it is affecting some of our assets. It could also be floating in the wild, so we need to take care of it immediately, or it might not be as critical as we thought initially. It might be classified as a high-risk vulnerability, but there is no expert available, so we have to wait a little bit longer to patch everything.

The combination of all the data that we get in the platform helps with the automation of a task. There were some decisions that we had to manually review previously. Now, with all the information provided by Vulcan in a single place for each vulnerability, it is easier for us to understand if something is really critical and needs to be patched immediately or it can wait a little bit longer until we have some spare time to patch different systems in the company.

Vulcan Cyber has helped reduce our organization’s mean time to remediation. We have the capability to open some tickets automatically for different vulnerabilities we have in the platform without having to go to different ticketing tools or business owners individually. In the company, we use different ticketing tools depending on the department, so having them all integrated inside of Vulcan is helpful. Having a single button to create tickets automatically, providing all the information already gathered by Vulcan in this ticket, and then just passing the ticket to different teams impacts the remediation.

Vulcan Cyber has, for sure, helped save costs for our organization when it comes to human hours spent to fix vulnerabilities. We do not have to manually review each vulnerability and go to the different threat intelligence sources to identify if there are any exploits or if they are being exploited in the wild by malicious threat actors. When we have all that information in the platform, we can make decisions based on the data that we already have. That saves a lot of human hours.

It is very good when it comes to ingesting information from different sources and then displaying this information in an easy-to-use platform.

We have already requested Vulcan several features. Mainly, what I would like from them is more maintenance of the different connectors they have in the platform. You can connect different sources and different security scanners to the platform, so you get all the data ingested into Vulcan, but some of these connectors are not maintained to the latest updates by different vendors. For example, if you have a new update on the Azure connector, sometimes, it does not work correctly or as expected just because Vulcan has not updated the connector from their side.

It has already been about five months. We have been using it since April of this year.

So far, we have not had any crashes or loss of availability to the platform.

We have around 100K assets from different sources being ingested into Vulcan every day. So far, the platform is quite smooth. I do not see any slowness or any problems with the search or the queries with the platform.

One of the best parts that we have found so far about Vulcan is the ability to ingest data from multiple sources, even if there are duplicate entries for assets and vulnerabilities. They are able to duplicate this data, so when you go to the Vulcan platform, you only see one entry for every asset and every vulnerability.

We have contacted their technical support. They reply quite fast to the support tickets that you open, at least for the initial triage of the issues that you have. For some of the support requests, it takes them some time to fix the issues, but they communicate correctly with you all the way.

Positive

We have used other solutions. One of the most common ones is the Microsoft Defender Vulnerability Management tool, but it is only for Windows machines. It is very similar to Vulcan because you can get different vulnerabilities for Windows endpoints and Windows servers. It provides information about the risks and affected assets, but it does not have the capability, for example, to automatically create tickets for different owners.

We use the cloud deployment model. I am not sure if they have an on-premise one. They most probably only have cloud deployments, but it is nice that you can at least choose the region in which you want Vulcan to be deployed. For example, we care about data protection, so we want everything to stay in Europe, and Vulcan was able to provide that kind of cloud in the Europe area.

For most connectors or sources that we integrated with Vulcan, the integration was quite easy. It was also easy to create different users in the platform and set up different vulnerabilities and automation, but there were some connectors that were not well maintained at the time. We had some problems where we were configuring different API tokens and different credentials for those connectors.

It took about five months because we were going to go live with everyone in the company and all the departments in August. From April when we started the POV until now, it has been approximately five months.

It does not require much maintenance from our side. The connector should be updated from the Vulcan side. If there are no errors and no tokens that have expired in the integration, or there is nothing similar that requires attention, there is not much maintenance.

We used our technical account manager and our customer success engineer from the Vulcan side but not from a third party.

Its pricing is quite fair compared to what is out there in the market, especially compared to the tool from Microsoft. It is a SaaS platform that has an annual cost, so it is something that is already used by many companies. It is quite affordable.

Vulcan was the only one that we were looking at when we did the POV with them. That was because we already had different scanners in the company. What we were looking for was a platform that would ingest all different scanners' data instead of having a new scanning platform in place.

Vulcan Cyber has been quite good so far for mitigating cyber risks. It provides a lot of insightful data about our environment. We have a single place to go when we want to look for our assets. It is like an asset inventory. We can also see different vulnerabilities that we have in the company. It is very useful to see what our security posture rating is, for example, to understand the level of security we have in the company. It is also very easy to see which vulnerabilities or patches we need to apply to be able to increase the security posture rating quite easily.

To a colleague who needs a vulnerability risk management solution but is considering a DIY approach, I would say that the effort needed to implement something similar to Vulcan is not worth it when you have this kind of tool in the market, especially when you know that they offer a lot of different innovations for automation. They can help reduce the cost of person-hours that you spend with your team working on solving or patching different assets. You can use those hours or that effort to increase the patching talents in your company or create better policies for patching.

I would rate Vulcan Cyber a nine out of ten.

We have multiple scanning tools, such as Wiz, BlackRock, and Snyk. Snyk is not good for this because it doesn't integrate with Vulcan. All of these tools produce reports that must be managed differently, and each is integrated with Jira to raise tickets to the engineering team. 

Vulcan offers a holistic approach to vulnerability management, so we can see all the scanner findings and open tickets from one place. Three architects, a few other team members, and management use it, so we have six or seven people using it.

Vulcan Cyber collects and aggregates results from our security scanning tools, so the engineering team only needs to use one tool. They don't need to use the other UIs and scanners. It offers an easier way to manage vulnerabilities. It has improved our visibility. It hasn't helped in the mitigation phase, but it has improved the management of mitigation actions. 

It enables us to prioritize our mitigation. We have all kinds of findings. We can open tickets and track everything from there. When we have critical vulnerabilities, we must solve them ASAP. It helps because we can define what we want to find first and open the ticket automatically. I don't have automation for everything, but only for the critical issues. Vulcan helps to identify the critical ones because it opens tickets automatically. Instead of manually looking at the other tools and scanners, we get it immediately through the automation feature.

We have multiple security teams. One is our architecture team, and the other is our SecOps, which has the analysts. As architects, our main task is to manage the security posture. Vulcan specifically helps the security teams because it's part of our daily activity. Instead of from one scanner to another, I can go to this and use it. It potentially helps security architects like us a lot. I don't think the engineering team cares because they just work tickets, but our team is potentially impacted by this a lot.

Automation helps reduce the amount of time needed to resolve the issue. We haven't collected the metrics, but I can say that we improved by a few percentage points. It could be up to 10 percent.

We haven't saved any money. It's a security tool so we cannot realize how much we've saved until we know what we have prevented. 

Vulcan enables us to automate tickets from multiple scanners. It has lots of analytics options that show us charts and allow us to view the statuses in different waves. The dashboard is nice because it's highly informative about the big picture.

Having that single pane of glass view is especially important for our company because we have a lot of teams and products. It's a mess.  We have a few tools that give us a high-level overview, but it's not enough because we do not have a single tool that provides us with all the information. That's what we were looking for. 

Most tools integrate with Vulcan but not all of them. Wiz is the most important for us because it's our CSPM system and covers container scanning, asset scanning, and VMs. We had a few problems that were fixed in the last few months. 

The performance is bad. The query and the UI are always slow, and it's quite frustrating. Vulcan is trying to solve this with a newer design. The dashboard is also crowded. It pulls in all this raw information that you need to filter. Vulcan has filtering capabilities, but they're hard to manage. The labels aren't very clear, so you need to do things by trial and error. It's not as easy as other tools we've been using. 

Collecting everything into a single data lake can be good and bad because it collects everything. For example, we didn't have a chance to work on the vulnerabilities yet in the beginning, so we had thousands of findings. I can see everything, but it's not manageable. Vulcan has good integrations but not with all the tools because we use Snyk for scanning, and it's not well-integrated yet. They collect all the information needed but do not organize it well enough.

I have used Vulcan Cyber for more than six months.

There is a bug in the UI, but Vulcan is otherwise quite stable. 

I rate Vulcan Cyber seven out of 10 for scalability. It can scale up to the environment but you'll face issues with performance. Most of the features are great, but when you try to use them at scale, they fall apart.

I rate Vulcan support seven out of 10. We had an issue a while back that took a while to solve. The communication was good, but we didn't understand each other a few times, so it took a while to fix the issue. It was partially fixed, and then it took a while until it was fully fixed.

Neutral

We didn't have a full management tool before. We used all the scanners, and most give you this capability on top of their engine. For example, Snyk for SaaS has a vulnerability management UI. So does Wiz and everything else, but we didn't have a unified console. Vulcan is the first unified tool we used. 

Deploying Vulcan isn't that complex, but it's more complex than other tools I use. 

I rate Vulcan Cyber seven out of 10. It isn't easy to get this level of vulnerability management at scale with a do-it-yourself approach. You could try to implement that on a small scale, but go for Vulcan if you're trying to implement it on a large scale. I would recommend it because it gives you visibility for everything you have. It isn't a perfect tool.