We changed our name from IT Central Station: Here's why

What advice do you have for others considering Bridgecrew?

If you were talking to someone whose organization is considering Bridgecrew, what would you say?

How would you rate it and why? Any other tips or advice?

ITCS user
11 Answer

author avatar
Top 5Real User

I'm not necessarily technical. I'm more on the consulting side of what policies they have and what they should have. I can't go into super details, beyond knowing, for example, if Ping or Port 22 or Port 443 be blocked on VSAT, should this load balancer be in this method, or should this actually sit in relation to X, et cetera. We'd primarily interact with those types of tasks. Typically, we work with clients that have up-to-date versions. 99% of the time we won't interact with clients that don't keep their systems up to date. This is due to the fact that if you're not updating then there's no point in even calling in a consultant, as that lack of updating likely is your number one problem. I would advise those considering the solution to certainly leverage all of the access with Palo Alto, in terms of setting up with the technical account management teams and ensuring that what you have in mind for the product is actually going to be what happens. I don't really like automated security solutions. I would probably give it, in terms of effectiveness in securing an organization by itself, out of the box, a six out of ten. With the proper configurations and design behind it, you could probably get that to an eight. With any solution. if you're just looking at them to just come out of the box and work it's going to be a rating of five or six. After you put the time into making sure that it's built around your environment, you could get them to an eight or nine, within six to eight months. Therefore, for me, I'd rate the product at an eight out of ten overall. BridgeCrew is marketed as an all-in-one DevOps security platform. However, there may be standards put into place such as the CIS standard or NIST, et cetera, and companies may follow those. Yet, I've never met a company that's followed that 100% unless their compliance requires them. I'd advise companies to make sure that whatever rule sets you have in place or whatever design or standard that you have at your company, that is properly configured within the product itself. That's the drawback to XDRs in general. If you have a rule that is only looking at a standardized NIST framework and table 20% of it, then you can only expect it to work at 80% effectiveness. That's where you have to go in there and add those additional data points.

Find out what your peers are saying about Palo Alto Networks, Threat Stack, Accurics and others in Cloud Workload Security. Updated: January 2022.
564,599 professionals have used our research since 2012.