IONIX Greatly reduced false positives vs. CyCognito (previous solution)  

“From a prioritization perspective, IONIX is super helpful. It has its own prioritization algorithm. Unlike other scanners, IONIX sees whether the detected vulnerabilities can be exploited. This gives us a very, very clear view of what we need to fix.”

What is our primary use case?

We use IONIX to identify and monitor any vulnerabilities or issues within the attack surface. It is also used to validate the remediation actions.

What is most valuable?

We’re constantly surprised by how good IONIX is at detecting timely vulnerabilities. If things were to happen today, I would likely get a report tomorrow. IONIX is staying on the cutting edge to help us detect emerging threats on our attack surface.

What needs improvement?

I don’t have anything that I don’t like, but there is a feature that IONIX can also consider. We’re a heavy user of IONIX services and have a very, very good partnership. However, IONIX only looks at certain domains, particularly the external-facing perimeter. There are services in modern-day organizations that could potentially expose internal resources to the perimeter side as well, like whether your authentication to internal identities is exposed through the internet.

All organizations are very concerned about that. Even big organizations like Microsoft are falling for that kind of attack. IONIX can offer additional services to detect any potential bridging of very sensitive internal resources to the external side.

“IONIX has tremendously helped reduce our organization’s false positives. IONIX helps us accurately identify which assets we own. The solution’s detection is very accurate. IONIX helps us get to the right owner or the right reason very, very quickly just because of the accuracy of their data.”

How long have you been a customer?

I have been using IONIX for four years.

How are customer service and support?

We work in a partnership methodology, where we have regular standing meetings with IONIX’s support team. We already have standing meetings at regular intervals, and we review not just issues we have but also the reporting that they provide. This helps us ensure that we fully understand all the reporting and monitor the situation or the attack surface as a result. The technical support benefits us only because we invest time into it.

How would you rate customer service and support?

Positive.

Which solution did I use previously and why did I switch?

I have previously used CyCognito. With CyCognito’s recognition of network addresses, we get a tremendous amount of false positives. The difficulty is that I get an overwhelming amount of detection, which we find out does not belong to my organization. That created a lot of conflict between the different teams because it became confusing, and people chased the wrong owners to remediate things that didn’t exist in the organization.

There’s seemingly very good marketing about the effectiveness of many other vendors. But once organizations like mine go and test out and try different vendors, the results are very, very clear. IONIX is the vendor that can distinguish those really, confusing details and provide accuracy.

How was the initial setup?

The solution’s initial deployment depends on the organization’s understanding of the environment. For us, the initial deployment was reasonable. I would not say it’s easy, but it requires a certain amount of understanding. For example, we need to know our IP address spaces. IONIX will provide a list of assets like IP addresses and check if they belong to us. If we’re not able to identify them, or if we’re not even able to know our organization’s structure, then it could have been more difficult.

It comes back to whether the people working with IONIX understand their environment. If they do not understand the environment, it would be very difficult. It’s not a technical thing but more of an organizational thing. For example, when IONIX asks us if a company is one of our subsidiaries, we immediately know that it is, and in some cases, it isn’t. That’s the level of work effort that is required.

What’s my experience with pricing, setup cost, and licensing?

The solution’s pricing is reasonable and at par with the rest of the industry.

What other advice do I have?

I helped to select the product and purchase or negotiate the contract terms for the product. I was on the team that set up, implemented, and customized the solution. The KPI’s we use are the completeness of attack surface visibility, the remediation time target, and the effectiveness of other surveillance and monitoring processes like a double-checking mechanism.

Initially, the problem we were looking to solve was understanding the full spectrum of the attack surface, particularly with internally operated network address spaces and third-party operated address spaces. We also used the solution to see what the network address looks like and whether it is clean regarding vulnerabilities from a security standpoint.

From a prioritization perspective, IONIX is super helpful. It has its own prioritization algorithm. Unlike other scanners, IONIX sees whether the detected vulnerabilities can be exploited. This gives us a very, very clear view of what we need to fix now and what we need to fix in 30 to 60 days. So, the solution provides clear visibility.
Prioritization is also very helpful because of the accurate distinction of network ownership between third-party and my team operations. Having the right ownership marked appropriately helps get the right people to take the right actions very quickly. We waste much less time figuring out the ownership, which is very helpful. IONIX helps a lot with ownership rather than just priority or criticality.
IONIX identifies digital supply chain risks in the third-party digital products and services our organization uses. IONIX helps us with third party risks because it already has a view of all our third parties and their connectivity back into our organization. They also monitor the potential exposure of these third parties.

When things are exposed, IONIX is very quick to point it out so that we can work with the right third party to remediate very, very quickly. I would not be able to identify and monitor all of them internally. It’s just a scaling problem. IONIX is able to scale very, very, very quickly into each of those third parties and identify them. This is only for any of the internet phasing types of IP addresses.

IONIX has tremendously helped reduce our organization’s false positives. The false positives can come because of many different reasons. Firstly, IONIX helps us accurately identify which assets we own. We get many different reports daily, but we often don’t own those assets. That’s why it is not a false positive. Even if the issue exists, we always get to the wrong owners.

IONIX helps a lot with getting the reports to the right people. We also get a lot of different reports about vulnerabilities that generally don’t exist. The solution’s detection is very accurate. IONIX helps us get to the right owner or the right reason very, very quickly just because of the accuracy of their data.

The solution’s Action Items are written in simple language so that IT personnel can fix them rather than needing security experts. IONIX correlates the data with the right CBE number, which helped to do further research if necessary. IONIX’s language is genuinely industry-friendly, so the instructions are clear.

IONIX provides automated integration into our SOC tools. The solution has APIs from which we pull data. Once we pull the data, we use it in many different ways, shapes, or forms, including asset inventory and prioritization. There are a few criticality adjustments, but mostly, it is used for priority and ownership.

It took us about 60 days to start seeing the benefits of IONIX. Initially, it took some effort to ensure that our network rangers recorded or detected accurately. We need a little bit of an education session with IONIX to be able to distinguish between our assets and the third parties’ assets.
A certain level of investment from my side was required, and if I did not do that work, then any of the data coming from IONIX would be useless. The initial investment is what makes it accurate. Once a one-time investment is made, we can get very accurate detection and results out of IONIX within 60 days.

The solution’s Active Protection feature automatically mitigates specific exploitable vulnerabilities without action on our part. The Active Protection feature requires zero amount of work from my organization. It offers a great deal of protection as soon as IONIX can detect it. It is one of those exceptional cases when we have to do nothing, and the tool does everything to offer us protection.

The solution’s Threat Exposure Radar provides a unified view of critical exposures across our entire attack surface. Every organization will have its own operated IP address space and third party. In some cases, some of our websites are also linked to relatively unknown organizations. The Radar helps us identify where the threats are located and gives us a one-panel view of the entire landscape. It is one of those TV screens that gives us an executive view of where things are and whether we’re healthy or not.

IONIX has significantly helped reduce our mean time to remediate. We also have the service of a support analyst, with whom we meet regularly. Not only are we getting the wording in the form of a website, but we also get somebody who can explain things to the technical team. They’re very, very responsive, and they answer very quickly if we have any questions.
Over the last four years, we have gone through two people, and both of them are very, very technical and able to articulate very complex topics to us in a clear manner. In addition, the meantime to remediate comes back to the accuracy of the data. We have many other vendors in this space. The accuracy of the data and the ability to portray ownership to us is very, very crucial. Once you have the right data, the action becomes much more effective.

The solution’s false positive ratio is extremely low because it’s able to recognize which assets are mine and which are not. That helps to reduce a lot of confusion, which is a big deal.

Overall, I rate the solution a nine out of ten.