Vanta
VantaExternal reviews
2,420 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Vanta Streamlines Compliance with Powerful Automation and Integrations
What do you like best about the product?
Automation is key these days. By using Vanta, we’ve greatly reduced the amount of manual effort the whole team spends collecting evidence and answering questions. The UI is easy to navigate and find the specific test or control you're looking for. There were more integrations available than any other auditing tool that we use.
What do you dislike about the product?
We are a company with many acquisitions and product lines and each one needs to be audited/assessed individually. We spend too much time excluding assets from scope when we have other indicators (tags, groups, etc) of which product line an asset belongs to.
What problems is the product solving and how is that benefiting you?
Huge reduction in manual evidence collection. Teams now have to answer 1 or 2 questions or collect evidence for a couple of tests, rather than 100s. And we now have team members interacting directly with Vanta to close out and complete tasks.
Vanta Centralizes GRC with Strong Continuous Monitoring, Integrations, and Responsive Support
What do you like best about the product?
Vanta is great for continuous monitoring. Internal audits are not enough, you need to assess the company's security controls on real time, and Vanta is great at doing it. It also includes vendor management, risk management, access management, policies management and so on. So you can have your full GRC program centralized in only one place, and everything is connected, which makes it easier to find gaps.
The UI is nice but sometimes they add to many things and you may be kinda lost.
It has several integrations and also a developer console where you can set up your own APIs.
Performance has been great for now, only a few outages.
Pricing is ok for the options in the market.
Onboarding is smooth.
Support: they are really responsive, have a bot but also a support team. And we also have an AM.
AI is embedded in the tool and offers different capabilities, we use it a lot for vendor management and to ask generic questionsa bout the frameworks or sec program.
The UI is nice but sometimes they add to many things and you may be kinda lost.
It has several integrations and also a developer console where you can set up your own APIs.
Performance has been great for now, only a few outages.
Pricing is ok for the options in the market.
Onboarding is smooth.
Support: they are really responsive, have a bot but also a support team. And we also have an AM.
AI is embedded in the tool and offers different capabilities, we use it a lot for vendor management and to ask generic questionsa bout the frameworks or sec program.
What do you dislike about the product?
Sometimes they add new things that are not custom and you just need to adapt. They also change the workflows so you need to be constantly adapting to their features and functionality. Sometimes there are not that helpful.
What problems is the product solving and how is that benefiting you?
Security program, policies change management, risk register, vendor reviews, access management, access reviews, security gaps in general.
AI-Powered InfoSec Management Made Easy
What do you like best about the product?
I like that Vanta allows me to manage my InfoSec program and be audit-ready. The AI assistance in Vanta is impressive, and it's like having a 'CISO in a box'. Vanta successfully replaces my Tugboat system, which is a big plus for me.
What do you dislike about the product?
Nothing
What problems is the product solving and how is that benefiting you?
I use Vanta to manage my InfoSec program and stay audit-ready. The AI assistance feels like having a 'CISO in a box'.
Vanta’s Automated Continuous Monitoring Keeps Compliance Effortless
What do you like best about the product?
Vanta's automated continuous monitoring is the biggest win — it constantly pulls evidence from JumpCloud, Google Workspace, AWS, and our other integrated tools, so we always know our compliance posture without manual audits. The access review workflows save us significant time each quarter, and the integration ecosystem is broad enough to cover most of our stack out of the box.
What do you dislike about the product?
The user access review workflow is tedious — exporting CSVs from each tool, uploading them, and manually matching users is time-consuming, especially for tools without a direct integration. Some integration coverage feels shallow (data syncs but doesn't always pick up the right evidence), and the UI can be slow to load when navigating between sections. Pricing also scales steeply as you add frameworks.
What problems is the product solving and how is that benefiting you?
Vanta solves the problem of continuous compliance monitoring without requiring a dedicated GRC team. Before Vanta, evidence collection for SOC 2 and other frameworks meant chasing screenshots, manually pulling reports from each SaaS tool, and rebuilding the same artifacts at every audit cycle. Vanta automates that by pulling evidence directly from our integrated systems (JumpCloud, Google Workspace, AWS, etc.) and surfacing failing controls in real time, so we can fix issues as they occur instead of discovering them during an audit. The benefit is significant time savings, lower audit prep stress, and a clearer ongoing view of our security posture.
Streamlined Audit Prep, Some Setup Hiccups
What do you like best about the product?
I like Vanta's pretty easy-to-use interface and the UI for audit tracking. The interface offers easy visual cues and a quick snapshot to ensure that I'm on track with my audit, letting me know what's missing in terms of evidence or tests.
What do you dislike about the product?
The functionality around utilizing tags in the questionnaires is frustrating because we were initially told it would be included, but it seems like it's locked behind a higher subscription tier. We aren't able to use tags when responding to questionnaires, which is restrictive. The initial setup was a little challenging and could have been smoother. There were some miscommunications and maybe some incorrect expectations set initially, which led to a bit of friction.
What problems is the product solving and how is that benefiting you?
I use Vanta to organize access to our trust center and set up controls for our SOC 2 audit, making it easy for customers to request documents and track audit evidence.
Effortless Security Management and Certification Support
What do you like best about the product?
I really like Vanta's ease of use; it's super intuitive even without a security background. The features around certification support and building documentation and policies are helpful, especially when starting from scratch. I also found it easy to create an external-facing page with all security resources, which is very helpful for companies under security scrutiny in the AI space. Additionally, Vanta integrates well with all of our software, which is great for managing permissions and administration.
What do you dislike about the product?
Nothing
What problems is the product solving and how is that benefiting you?
We use Vanta to streamline security processes, making building policies and documentation easier. Its trust center simplifies creating an external page with security resources. The platform supports certification applications effortlessly, even for users without a security background.
Easy to Use with Exceptional Customer Support
What do you like best about the product?
Easy to understand and user-friendly. Vanta’s customer support is exceptional.
What do you dislike about the product?
It’s difficult to run an MDM command when the laptop was previously assigned to someone else and the MDM was already running earlier.
What problems is the product solving and how is that benefiting you?
It helps me track device health and keep an eye on which devices are assigned to each employee.
Centralized Security Monitoring and Smart Task Assignment in Vanta
What do you like best about the product?
"The most valuable aspect of Vanta is the ability to centralize security monitoring across our entire infrastructure. Instead of manually gathering statistics from dozens of disconnected services, I have a single pane of glass for all our security metrics.
As a manager, I particularly appreciate the task assignment functionality. It allows me to delegate specific tests and remediation tasks to employees within their respective domains. This distributed approach not only ensures that the right experts are handling the right issues but also helps in balancing the workload across the team, making our compliance process much more efficient."
As a manager, I particularly appreciate the task assignment functionality. It allows me to delegate specific tests and remediation tasks to employees within their respective domains. This distributed approach not only ensures that the right experts are handling the right issues but also helps in balancing the workload across the team, making our compliance process much more efficient."
What do you dislike about the product?
In my experience, the UI is currently Vanta's most significant drawback. The primary issue is the lack of seamless navigation between related data points, which forces constant switching between different modules. For instance, you cannot directly open a linked computer's details from the employee list, which is a major friction point in a manager's workflow. These small but frequent inconveniences and the absence of intuitive cross-linking make it difficult to access information quickly, often leading to a fragmented and less efficient user experience.
What problems is the product solving and how is that benefiting you?
Vanta addresses the critical challenge of maintaining a continuous security posture in an increasingly complex digital landscape. The primary problem it solves for us is the fragmentation of security compliance; it serves as a master dashboard that provides real-time visibility into our audit readiness.
This benefits me significantly by automating the oversight of security metrics and internal guidelines. Instead of relying on manual check-ins, the platform proactively monitors our environment, ensuring that no requirement falls through the cracks. For the management team, having a centralized source of truth for audit progress simplifies high-level reporting and allows us to address potential vulnerabilities long before an official audit begins. It essentially shifts our compliance strategy from a reactive 'sprint' to a proactive, manageable, and continuous process.
This benefits me significantly by automating the oversight of security metrics and internal guidelines. Instead of relying on manual check-ins, the platform proactively monitors our environment, ensuring that no requirement falls through the cracks. For the management team, having a centralized source of truth for audit progress simplifies high-level reporting and allows us to address potential vulnerabilities long before an official audit begins. It essentially shifts our compliance strategy from a reactive 'sprint' to a proactive, manageable, and continuous process.
Simplifies Compliance, Needs Better Customization
What do you like best about the product?
I like Vanta's autonomous and simple interface, which helps reduce manual compliance work. The platform makes managing security compliance processes and preparing for audits much easier by automating compliance tracking and reducing manual work during evidence collection and policy management. I find the initial setup to be fairly straightforward, with most integrations being easy to configure. Vanta is a reliable and user-friendly platform that simplifies compliance management and audit preparation.
What do you dislike about the product?
Some integrations and customization options could be more flexible for specific infrastructure requirements. Initial setup and policy mapping can also take some time for new users.
What problems is the product solving and how is that benefiting you?
Vanta helps us manage security compliance processes, automate compliance tracking, and reduce manual work during evidence collection and policy management.
Automatic Vendor Data Collection That Just Works
What do you like best about the product?
It automatically collects data from integrated vendors.
What do you dislike about the product?
The GitHub integration feels insufficient.
What problems is the product solving and how is that benefiting you?
Vanta helped me prepare for a security audit, such as SOC 2.
showing 1 - 10