StarStarStarStarStar
Review

Healthcare HR Firm Addressed Critical Vulnerabilities 5 Minutes After Installing IONIX

Healthcare Firm
Recruiting/HR firm
Reviewer

Rick Beltran – Desktop Engineer and Security Manager

Industry

Recruiting/HR firm with
1,001-5,000 employees

Use Case

Gain visibility into external attack surface, identify public-facing systems

View Review On PeerSpot

“On the very first day we were able to identify and address two critical vulnerabilities within just five minutes! Additionally, we discovered a public-facing system that we weren’t previously aware of. Overall, it’s been a very impressive tool.”

What is our primary use case?

We use IONIX to gain visibility into our external attack surface. This allows us to see our organization from an attacker’s perspective, identifying potential vulnerabilities. By exporting reports, we can effectively communicate these risks to key stakeholders, enabling them to take proactive measures to mitigate them.
The most important thing was to identify all our public-facing systems. In other words, any systems that the public could access. Once I had that list, my priority was to ensure their security. That meant making sure they were free from vulnerabilities. Next, I wanted to have actionable intelligence on any vulnerabilities we found. This way, I could send it directly to the system owners, who could then take immediate action to fix the problems.

The IONIX platform has been instrumental in achieving this. On the very first day, I got access, we were able to identify and address two critical vulnerabilities within just five minutes! Additionally, we discovered a public-facing system that we weren’t previously aware of. Overall, it’s been a very impressive tool.

How has it helped my organization?

IONIX helps us with KPIs by identifying our assets and locating publicly accessible vulnerabilities within those assets. Additionally, it provides a severity rating for each vulnerability. The tracking is important because it ensures we are not replicating efforts.

IONIX prioritizes bug fixes based on severity using a scale of one to ten. This ensures that critical and high-priority issues are addressed immediately.

IONIX helps us identify our most critical assets, the ones that have the biggest impact on our risk exposure. It can also pinpoint any of these assets that are externally facing, meaning accessible to anyone on the internet. This is extremely valuable because having critical assets exposed to the public internet significantly increases the risk of attack. By identifying these exposed assets and highlighting their vulnerabilities, IONIX provides a crucial service.

IONIX excels at identifying risks in third-party digital supply chains. This makes it easy to leverage those KPIs and demonstrate a potential correlation between security and search engine optimization to our marketing team, thereby getting them involved.

Fortunately, I haven’t had any false positives. The majority of our alerts, particularly the medium-severity ones, seem to be triggered by hyperlinks to third-party websites. We have a significant number of these alerts, and I’m scheduled to meet with the marketing department to address them.

The IONIX user interface is truly user-friendly. Setting up a link, and credentials, and navigating the platform was incredibly fast and required no prior configuration. Within five minutes, I was up and running, able to explore a report and initiate action from our infrastructure team. It’s a remarkably fast and smooth experience.

Non-technical people can see the evidence and take action based on their one-sentence actionable items. IONIX integrates with our SOC tools to automate tasks. We plan to further leverage IONIX by integrating our AWS public-facing assets and Jira ticketing system. This will allow for automated project creation for our infrastructure team.

I realized the value of IONIX within the first five minutes. It identified two critical vulnerabilities that we were then able to address.
The Active Protection feature automatically detects exploitable vulnerabilities in our system and takes control of them, without requiring manual intervention from us. IONIX can potentially take control of an asset before an attacker does. This would prevent the attacker from gaining access. IONIX would notify us of the issue and help us mitigate it before returning control of the asset. Ultimately, it’s far better to have a trusted security provider like IONIX manage our assets than a malicious actor. The Active Protection feature is important to us for those reasons.

IONIX helps us reduce our mean time to remediation by providing clear and concise information. This allows our marketing team to address certain situations without requiring IT intervention. I’ve accessed the IONIX threat exposure radar three times since its implementation, and thankfully, there haven’t been any threats detected on any of those occasions.

“The IONIX user interface is truly user-friendly. Setting up a link, and credentials, and navigating the platform was incredibly fast and required no prior configuration. Within five minutes, I was up and running, able to explore a report and initiate action from our infrastructure team. It’s a remarkably fast and smooth experience.”

What is most valuable?

The most valuable feature of IONIX is the effortless setup.

What needs improvement?

I manage multiple cloud accounts for our SaaS applications. It would be extremely beneficial if IONIX could integrate with popular SaaS services like Salesforce, Box, Zoom, or NetSuite. This would streamline our workflows by having everything centralized within the IONIX platform.

For how long have I used the solution?

I have been using IONIX for 2 weeks.

What do I think about the stability of the solution?

I have not encountered any stability issues with IONIX.

What do I think about the scalability of the solution?

Regarding the scalability of IONIX, I can discuss its compatibility with some of our existing cloud systems, such as our AWS environment. We can integrate IONIX with AWS for a more comprehensive solution. Additionally, we can incorporate Jira, a project management tool, to assign tasks to different teams across our nine offices in the United States. This will ensure that all our public-facing assets are readily visible within IONIX. With this setup, I am confident that as we open new offices and their systems come online, they will automatically be reflected in the
IONIX platform.

How are customer service and support?

The technical support team impressed me with their ability to identify a common thread. We have three websites that essentially serve the same purpose. The team recognized that a single action taken across all three sites would minimize the risk. In other words, their assistance wasn’t limited to just one website; they identified a vulnerability that spanned all our assets. That’s what makes them truly amazing. Their response time is almost instantaneous.

“Even after eight months of using Rapid7 not all our assets were publicly identified. Similarly, CrowdStrike only shows maybe half of them. With IONIX, however, all our assets were readily apparent.”

How would you rate customer service and support?

Positive.

Which solution did I use previously and why did I switch?

We are using Rapid7 InsightVM, Rapid7 Insights, and Rapid7 InsightAppSec. However, the Rapid7 suite is not able to discover all the assets that IONIX identified. We will not be renewing the contract with Rapid7 because IONIX is much better.

I haven’t gotten complete asset visibility with other tools like I have with IONIX. For example, even after eight months of using Rapid7, not all our assets are publicly identified. Similarly, CrowdStrike only shows maybe half of them. With IONIX, however, all our assets were readily apparent.

How was the initial setup?

The initial setup was a breeze. It only took five minutes to complete. All I had to do was click a link and follow the prompts. Within five minutes, I was online and able to explore the IONIX platform. I even exported a CSV report and forwarded it to our infrastructure team. They were then able to address two critical vulnerabilities – all within that same five-minute window! After over 20 years in this industry, it’s truly exciting to use a system that requires zero configuration on my end.

What was your ROI?

In terms of return on investment, we’ve significantly improved what we were aiming for. This includes a minimal setup time, minimal training time, and the elimination of effort needed to convince stakeholders to use IONIX. Its simplicity means they can take action immediately. We can then rescan and instantly assess our risk score. This rapid risk evaluation is important to us.

What’s my experience with pricing, setup cost, and licensing?

The pricing is good.

Which other solutions did I evaluate?

I evaluated CrowdStrike for a month and did not get the information the IONIX provided within the first five minutes. CrowdStrike requires a long time to set up and collect information.

What other advice do I have?

I would rate IONIX ten out of ten. I was on the implementation team for the IONIX deployment. I am also an admin and user of IONIX. The only aspect of IONIX that I consider to be maintenance involves taking action to rescan the system whenever a vulnerability is identified. For anyone considering IONIX, I recommend adopting a security-focused mindset. This tool empowers you with clear instructions to address potential vulnerabilities that hackers might exploit.

REQUEST A THREAT EXPOSURE REPORT TODAY

Discover the full extent of your online exposure so you can protect it.