Global Retailer improves risk posture with vulnerability prioritization and impact analysis

“I favor IONIX over our previous solution because it offers significantly deeper visibility into findings.”

What is our primary use case?

We are using IONIX to scan our public network ranges for vulnerabilities as part of our external technology service management.

We implemented IONIX after our previous supplier discontinued their services.

How has it helped my organization?

IONIX helps us track, for example, how many critical vulnerabilities we have on our web shops. We are looking to identify the most critical vulnerabilities, which serve as key indicators of our security posture.

IONIX’s ability to prioritize vulnerabilities has been great. All the engineers within our organization, who have reviewed the findings, have found them extremely helpful.

Its ability to identify which assets are most critical to our operations and have the biggest impact on our risk exposure is good. They can identify 80 percent of our critical assets without us having to do additional work.

IONIX provides us with accurate reports with no false positives.

The action items and the description of the findings provided by IONIX are written in a simple language that our IT personnel can understand without the need for a security expert. This way all we have to do is forward the information to the engineer.

We recently upgraded our SOC and began leveraging the insights from IONIX more extensively. Previously, as a team of only four, comprehensively analyzing all the findings was a significant challenge. Fortunately, doubling our team size has provided us with the bandwidth to delve deeper into these findings and utilize them effectively. While this has understandably increased our workload, it aligns with our goal of implementing a solution that comprehensively identifies vulnerabilities.

IONIX continuously updates the types of vulnerabilities they scan for. Whenever a new vulnerability appears on the market, we’re typically informed, and they scan our network for it. They also try to address some of our desired product improvements, which we work towards implementing.

IONIX’s active protection feature automatically mitigates specific exploits without intervention on our part. This year, it detected a critical vulnerability: a back-end link pointing to an unclaimed domain. To prevent its exploitation, the system proactively purchased the domain, effectively removing it from potential attack scenarios.

We saw the time to value of IONIX within the first month of use.

What is most valuable?

The integration was easy. During the POV they used our IP ranges and ran a scan that barely required any adjustments.

I also like that in addition to the vulnerabilities, they also provide possible solutions.

What needs improvement?

We’re looking for a case management system where we can assign specific findings to individuals within our company and facilitate discussion on those findings directly within the portal. Unfortunately, this isn’t currently possible due to the lack of integration between IONIX and our on-premise Jira instance. IONIX only integrates with the SaaS version of Jira. Integrating on-premise Jira with IONIX to track changes and discussions would be highly beneficial for us in the future.

For how long have I used the solution?

I have been using IONIX for almost one year.

What do I think about the stability of the solution?

I would rate the stability of IONIX nine out of ten.

What do I think about the scalability of the solution?

I would rate the scalability of IONIX ten out of ten.

How are customer service and support?

The technical support is good.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I favor IONIX over our previous solution because it offers significantly deeper visibility into findings and also covers a much larger portion of our network. Furthermore, I find IONIX generally user-friendly. It’s great to have a dedicated account manager who responds promptly to our inquiries.

How was the initial setup?

The initial deployment of IONIX was simple and efficient. It only required one person and took one week to implement and scan the entire network.

What other advice do I have?

I would rate IONIX a nine out of ten.

IONIX can provide automated integration into our SOC tools but we can’t take advantage of this because our infrastructure is on-premises and they mainly connect to cloud services.

We currently have some processes in place that are proving difficult to manage effectively. One challenge is the high volume of project work, which often delays the prioritization of identified vulnerabilities. However, we are actively working on improving our system to prioritize these vulnerabilities and reduce our mean time to remediation.

We have eight people that use IONIX all from the same team.

The only maintenance required is keeping track of the domains being scanned. We can add new domains to the list of scanned objects when needed.

I recommend IONIX to others, but it depends on the customer’s specific needs. A proof of concept is advisable.

Which deployment model are you using for this solution?

On-premises

*Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.