Vanta Reviews

The main use cases are all healthcare related and specifically SOC and HIPAA compliance.

In my opinion, the best features of Vanta include a lot of functionalities. The document control makes sense to me and works pretty well. All our policy documents are organized so I always know where I can go to get the latest and greatest version of those. I think that's a relatively strong feature. It ties in with automation and some of the controls that we have as part of our policies, and the automation and some of the infrastructure testing is pretty handy. Vanta also does a strong job on things like corporate risk analysis, where they pre-build a tabulated rubric for you to use so I didn't have to create that from scratch. I think that's handy.

In general, some of those things they've done make things handier. There's more talk these days about AI features and I'm sure that's all possible, but we haven't had a chance to experience any of that just yet. We're just trying to get the basic compliance program bootstrapped.

Vanta provides a necessary repository that any compliance expert will look at and recognize right away. Being in the healthcare space and with Vanta, there are nothing but difficult problems. This is not one of them. Having Vanta, we know we're doing the industry-approved procedures. The company seems to be going in the right direction for us. We're just drafting on the capabilities that they have. I would give them at least an eight, maybe even a nine. I don't know enough about the competitive offers or we don't have a big enough problem with this that we feel anybody out there that's better or could do better.

There are always tons of rooms for improvement for Vanta. I kind of exaggerated a little bit about the policy control. I don't really love the way they handle the revision management of that feature. If I'm on V1 of the policy document and I make some changes to it, then I get rid of V1 and then I re-upload V2. It's not that it keeps a running history of each of the different revisions. A little bit of an issue with that, but workable. I don't really have any negative complaint right now that would be worthwhile expressing. It's just that there's a lot of features. The UI is not super intuitive, but now that I've worked with it for a couple of years, I know how to navigate and get around. Initially, it was a little bit of a struggle understanding how these things would all work.

I have dealt with Vanta for two years.

There are connection problems about 50% of the time because of the automated evidence collection.

Support is quite good. On a scale of one to ten, if I were to rate them for support, I would say their human support is quite good. Every time I ask their customer success team, if I get a technical question and I've done this half a dozen times in the last year, they will respond within the next 24 hours. If I leave a message at 7:00 or 8:00 at night, I'll have the message the next morning because their London team will pick up on it and respond. I find their success team and their customer support to be pretty effective. They come back and make good recommendations and I think they do actually care about us, who's a relatively low-end customer for them. That's very positive. From a sales point of view, I didn't find them difficult to work with either. In fact, we negotiated a favorable deal where we extended the contract for two years as opposed to one and they gave us the price we wanted. On both fronts, they've treated us well from a customer support point of view.

Positive

Vanta is not used for real-time security posture monitoring. It's pseudo real-time. If an alarm happens overnight or if there's an expiration of an SLA because there's been a vulnerability that hasn't been addressed in 45 days and now it's the 46th day, it will let you know that immediately. We use New Relic for most of the real-time monitoring. We have integrations into our cloud service with New Relic.

I am using Vanta for my consulting gig with the healthcare company in San Francisco, Healthx. We are highly integrated with AWS, so the integration capabilities with AWS or Google Cloud for our operations are not really a question. It's the heart and soul of what we're building. It's not that we have half the service with AWS and half the service with Google Cloud. We are AWS. There isn't that much integration. There is integration between Vanta and AWS, but I don't think it's as integral as our software integration with AWS. Our system basically works on their resources and it's tightly integrated.

At Healthx, I do several different things, but generally I'm a consultant working on the compliance program. My background is more as a VP of engineering, but I do this because I know the guys and I know the founding team. My overall rating for Vanta is eight out of ten in terms of customer satisfaction and customer support.

My main use case for Vanta is compliance in general, aiming for an ISO to be compliant with the standards.

A specific example of how I use Vanta for ISO compliance is that we have Vanta connected to our AWS account and our Azure DevOps repositories.

Regarding my main use case for Vanta, we are using it to make sure our security posture is good. For example Vanta has picked up all the AWS Inspector for our ECR repos vulnerabilities, and we create tickets and hand them out to our team, trying to remediate these images one by one, which provides a very useful view of our weak points.

The best features Vanta offers include reasonable recommendations, a nice user experience, and everything being organized. The remediation guidance is very nice, so if I don't have a clue about that item, Vanta gives me a hint on what to do and what the subject of that resource is.

Most of the time the recommendations are quite sufficient, which is great. Sometimes, if the task is a little bit complicated, it requires some extra research, but in general, it's good, especially for infrastructure as code. It even has solid examples on what to do.

Vanta has positively impacted my organization by helping us remediate a lot of vulnerabilities and bad practices, especially from vulnerable ECR repos, and enforced good behavior. For example, we enforce reviews for our pull requests, which wasn't mandatory before and was on a per-repo basis. Now, this enforcement is uniform across the entire organization.

After implementing those changes with Vanta, we tracked specific outcomes and metrics and improved compliance scores, which we can see in Vanta. We started out at around 17%, and we're now at over 80%. It's still a work in progress, but we've come a long way.

The only thing I wish for regarding the features is better RBAC. Permissions for platform users have been an issue. We've had to give admin access to Vanta for another team member to view all items. It would be great if the permissions of Vanta platform users had more verbosity to them, more dynamic.

To improve Vanta, I think the refresh after remediation takes place could be controlled more. If it could be faster, that would be great.

Besides the user permissions and the refreshing, which are improvements rather than issues, the rest looks fine. Vanta has been really nice, with a nice user experience, clear layout, and very reasonable recommendations compared to other platforms we've tried.

I've been using Vanta for the past 10 months, starting in early January this year.

Vanta is very stable; we haven't had any downtimes or weird behavior so far, which we really appreciate.

Regarding Vanta's scalability, our whole DevOps team and SRE teams have been onboarded, and it has been a smooth ride.

I haven't interacted with customer support yet, as we haven't had any need to contact them so far. I'm sure they will be good.

Neutral

I previously used Azure Defender, which was a hideous solution with inconsistencies. Connectors would go down randomly, and some suggestions from Azure Defender were very awful and unrealistic. We had a rough time with it; We've had a very nice time with Vanta so far compared to Azure Defender.

Besides achieving a better security posture and coming closer to ISO compliance, I have nothing else to share about return on investment.

My experience with pricing, setup cost, and licensing isn't in my domain to give a good answer.

Before choosing Vanta, our team lead evaluated other options, and I personally evaluated other options regarding security posture in general, mostly open-source ones.

For others looking into using Vanta, I would say it's great, and if they're new to compliance, that's the perfect place to start. Start using Vanta, narrow down the scope, and take the items one by one to get one step closer to good compliance.

I think Vanta is one of the good platforms out there. I'm glad we're using it. I'm comfortable with it, and so is my team.

On a scale of 1-10, I rate Vanta a 9 out of 10.

My main use case is certification.

I used Vanta to establish a HITRUST certification for a telecommunications organization, including evidence collection, report generation, compliance metrics, and data integrity for the implementation.

I no longer use Vanta day-to-day because I completed the project, but if I were to use it day-to-day, I would definitely use it for evidence collection as well as performance metrics for key performance indicators for framework compliance.

Vanta has positively impacted my organization by streamlining the whole HITRUST R2 assessment process.

It streamlined the process by reducing manual work because the data transferred from Vanta into the HITRUST CSF portal.

The best features Vanta offers in my opinion are the key performance indicators for framework compliance as well as integration into internal environments and accurate data provided towards compliance frameworks and metrics.

I was not directly involved with the integration into internal environments, but I was involved in the data integrity after the integration took place, where I performed data integrity tests to ensure that the data that integrated was correct in compliance towards the frameworks.

The benefits that I noticed from Vanta were the integration and how it helped streamline the HITRUST R2 assessment.

To improve Vanta, I suggest continuing to improve the areas of integration with the HITRUST CSF for R2 assessments. It would be helpful for much of the testing of the evidence to be done within Vanta's environment and then prior to the testing, to have the information tested and uploaded into the CSF portal.

I have used Vanta twice in the past year.

Vanta is stable.

Vanta's scalability is very good.

The customer support from Vanta is good.

Negative

I did not previously use a different solution.

Before choosing Vanta, I did not evaluate other options.

I would tell others looking into using Vanta to use it for HITRUST E1 and I1 assessments, as the R2 assessments are still a work in progress. I would rate this product an 8.

My use case involves SOC 2 and ISO 27001 compliance.

Vanta's integrations and automated tests have streamlined our SOC 2 compliance and provided a single entry point for addressing risks and failed tests.

The automated testing of controls and access reviews are valuable features. These two functions have saved countless hours of manual checks.

Failed tests for device CVEs seem to be cumulative, meaning I have to clear all CVEs before the test will pass, which makes it difficult to resolve the test before the next round of CVEs are published.

I have used the solution for one year.

We were evaluating Logic Gate but did not have access to automation. Vanta allowed a trial, which proved its worth.

If you have access to at least one SecOps professional, Vanta's pricing for small businesses allows you to double that person's SOC/ISO compliance capabilities for less than the cost of another staff member.

I evaluated Drata as an alternate solution.

If you're using moderately popular third-party products, Vanta's access review module is well worth the cost.

We're trying to get SOC 2 compliance, and we're trying to get HIPAA compliance.

We haven't seen any problem with that yet. That said, our company is a tiny 20-person company right now. We're probably six months ahead of where we should be in terms of doing compliance anyhow. We're not really at the critical masses yet, but we're trying to get a head start on it.

The fact it does the real-time integration with the APIs into our hosting service, which is AWS, can at times be painful - yet it's very effective. We get working pretty easily. They integrate into New Relic as a performance monitoring tool. 

When there's a control in Vanta that says, 'I want to know if you are doing performance monitoring on a certain web server,' it goes and knows how to talk to New Relic and grab that information and make it part of your Vanta Viewport.

Every product has a lot of areas to improve. They have an AI generator for the system description for SOC 2, for example, however, the outline is a little sketchy. The system description has to have a little more insight or context about your business and why you're different. A true auditor will look at that closely. A lot of it is a little bit too automated and not really realistic. One area that they tout as being a real-time savings, we haven't found that to be a time savings yet.

I've been using Vanta for about a year and a half.

I haven't seen a fail yet. But I am only using the tool about ten hours a week, and I'm a contractor as well, so I'm not working at this every day. But every time I seem to need it, it works.

We haven't seen any problem with that yet. Our company is a tiny twenty-person company right now. We're probably six months ahead of where we should be in terms of doing compliance anyhow. We're not really at the critical masses yet, but we're trying to get a head start on it.

I've had experience with both tech support as well as with their customer success. They're interchangeable at some point, at least for our size business. I would give them at least eight out of ten. They've been responsive, which is the most important thing. They seem to come back, and they give you good answers, and they give you good options to pursue what you're trying to do.

Positive

It's a fairly large learning curve to get going. Not impossibly so. Once you get familiar with the system and where things are located, then you can work around it reasonably well. It's more tolerant as you get to know the product a little more. Initially, they're not very clear about the differences between the need for evidence, so-called evidence, and what would be automated.

We're just not at scale to even evaluate that. And even if you could, it's hard to evaluate something like, okay, this company is running in a compliant way versus they're cutting corners. It's hard to attach a value to that.

Seems reasonable. We just renewed. I don't have a lot of experience in this space, but this is the first generation of automation products for purposes of compliance. There are a group of different companies out there, like Drata. They all seem to be similarly priced.

They've done a good job, actually. I can't tell if they're a leader or not. All I know is that it gets us that seems to be constructive right now. We're not investing that much money.

I'd rate the solution eight out of ten.

In our Vanta infrastructure, there's a mix of on-prem and cloud data. The cloud data is stored under WPH Cloud, which is why we can't access it directly as it's dedicated to CyberArk. We have component clusters and some BDIs on the cloud, and remote users need to access these resources for their DHL-related work. Managing this infrastructure involves using HCP Energy as the hypervisor, and hosting multiple Windows AM VMs, all running on version 22.04.

It helps us track the compliance of the components listed in our partner's directory. We can also check if the password manager, XML, and three log policies have been properly implemented on the desktop. We use JEM Cloud, which is a SaaS solution, and sometimes it experiences access issues. With Vanta, we can work on resolving these issues and ensuring policy compliance. Vanta also helps us maintain compliance with standards like SOC 2 and various data policies, which are essential for our documentation and communication requirements, ultimately ensuring enterprise software policy compliance.

In my role, which primarily involves IT responsibilities, I often deal with various policies. There are instances where specific policies, especially those related to quality, may not be implemented correctly. This primarily occurs with mainframes and devices owned by particular users. In such cases, Vanta helps us enable these policies on the devices and assign them to the relevant users. It also highlights when certain policies, such as version 86.x, are not assigned through SAP. Vanta provides guidance on configuring and mitigating these issues. Additionally, it helps us with GitHub account provisioning and deprovisioning, as well as managing GitHub and Google Workspace Flex. We also use the 1Password password manager, which Vanta assists in overseeing.

I have been working with Vanta for two years.

There is a delay with customer support and they are unsure of the answers we need. It could be because they're the first point of contact. But I comprehend the situation, and we're handling the process of receiving messages more swiftly. However, there might still be some occasional difficulty, possibly influenced by geographical factors or varying support response times. In general, I think the service is good.

Neutral

It's rather straightforward. Initially, when I set it up, I configure it, and then I test it. We have specific commands to troubleshoot issues. We can use OktaNet to check performance or errors. Additionally, there's an agent prospecting feature. They also offer a unit ID from my address, making installation quite simple. It's manageable through monitoring tools.

I can't determine if it's more expensive or cheaper, but I will advise you to explore the options and go with what aligns with what they offer and the prevailing market standards.

I would rate the solution a seven out of ten.

This is particularly important because for certifications like HIPAA and authorized certificates, if there's no dedicated team, the responsibility falls on individual people to regularly oversee all aspects. However, if we integrate all these steps, it becomes much easier to understand our requirements and what needs to be addressed. Therefore, it's a good solution to have a single platform like Vanta for integration and resolution by following all the necessary steps.

I've used Vanta for some time, and initially, we configured it, but the reflection isn't accurate. In such cases, we need to investigate. We've integrated it through JumpCloud, and we should examine the JumpCloud prospecting. If there are any issues, we can get in touch with JumpCloud support. In terms of management, if we rely solely on one platform, it might take more time. Typically, it takes almost a day before the changes reflect as expected.

We use the solution for automated security and compliance. Most of the time, it is about getting people to certifications.

Task management and vendor assurance are the most valuable features. It is also an easy tool to use.

Scalability could be improved.

I have been using Vanta for seven to eight months. 

There is no issue with the stability. 

The product is scalable.

Thirty or more people are using Vanta

We have contacted support once or twice, and they have been good.

The initial setup is easy.

Real-time security monitoring reduces the busy work of collecting evidence so that the security or IT folks can focus on other things. It has been easy for people to jump in and use the product.

I recommend the solution and advise you to have a plan and a security expert.

Overall, I rate the solution an eight out of ten.

Vanta helps us to achieve ISO 27001 compliance. 

The product has provided automated security controls for our cloud provider. It helps to automate security checks. Vanta offers a list of things that can be done to achieve ISO 27001 compliance. 

The tool's most valuable feature is automated tests. 

Some of the tool's automated tests do not work the way it should. 

I have been using the product since February. 

I rate the solution's stability a ten out of ten. 

I rate the tool's scalability a ten out of ten. 

Vanta is expensive. 

I rate the product a ten out of ten. 

Vanta is a GRC platform with continuous compliance automation and monitoring. Some things normally take us hours to do in terms of pulling screenshots and configuration. Vanta is continuously plugged into an API and reports back to us so that we can save time, effort, and FTE hours.

Vanta primarily helps our organization with the SOC 2 and the PCI audits, ensuring we're in compliance full-time without having us do internal audits as frequently.

The most valuable feature of Vanta would be the time savings from the automation and the continuous compliance monitoring once set up.

Currently, Vanta's user access review module is still in development, and we've been giving them continuous feedback to help them improve that.

I have been using Vanta for two to three months.

I haven't had any issues with the solution's stability. I rate Vanta a nine out of ten for stability.

I rate Vanta an eight or nine out of ten for scalability.

Vanta’s customer support team is fantastic.

Positive

Vanta's initial setup is pretty straightforward, but there are a lot of customizations that you need to tailor to your specific environment. It's not out-of-the-box plug-and-play ready. You need pretty heavy customization.

We have seen a return on investment with Vanta.

Before choosing Vanta, we evaluated Drata and OneTrust. We chose Vanta because the Vanta team was the most responsive and had the best pricing.

We are using the latest version of Vanta. Vanta is a cloud-based solution.

Users need to ensure they have absolute buy-in from all the stakeholders. You can't deploy Vanta in a vacuum. You need buy-in from IT, HR, engineering, legal, compliance, etc. Otherwise, it's a very expensive tool to sit on the shelf.

Overall, I rate Vanta an eight out of ten.

I use it for compliance management.

The most valuable feature of Vanta is its prebuilt control frameworks, which enable us to quickly achieve and sustain compliance without the need for extensive manual setup or configuration.

The main area for improvement in Vanta is the user interface's refresh rate. Sometimes, after satisfying a control, the dashboard may not immediately update, requiring multiple refreshes for accurate status display.

I have been using Vanta for about six months.

Overall, I would rate Vanta's stability around a nine out of ten. While there is occasional latency in status updates, it hasn't caused significant issues, and hitting refresh resolves any delays.

I would rate Vanta's scalability around a nine out of ten. With constant updates and added capabilities like AI for third-party vendor reviews, it efficiently accommodates our organization's growth and diverse compliance needs.

I would rate the technical support as a nine out of ten.

Positive

The initial setup of Vanta was straightforward and I would rate the easiness of it as a nine out of ten. While there were minor challenges with integrations, overall, it provided policy templates and allowed for easy customization, making the process relatively smooth.

Vanta offers value through its partner ecosystem, potentially reducing audit costs due to streamlined processes and volume discounts from previous modules. I would rate Vanta at a two out of ten in terms of costliness.

We use Vanta for SOC 2 compliance prep by integrating our security controls and policies. It automatically checks if controls are met, reducing audit time by about half since evidence is gathered beforehand, minimizing back-and-forth with auditors.

Vanta's continuous monitoring integrates with our ticketing system and vulnerability scanning solution, enabling real-time tracking of security issues. It provides an audit trail for vulnerability management, with built-in SLAs to ensure timely remediation and compliance.

I would recommend Vanta to others. It simplifies compliance management and consistently adds new features, making it effective and reliable for getting the job done.

Overall, I would rate Vanta as a nine out of ten.