Oneleet Reviews & Product Details

At our company we deal with sensitive healthcare data, so it really wasn't an option to go down the box-ticking route. We really needed to level up our security. We looked at all the usual platforms and spoke to friends and colleagues from our network to line up our options. Given our requirements it seemed that we had no choice but combine using one of the classic compliance platforms together with a vCISO, which would have cost us an arm and a leg.

Then we discovered Oneleet. They basically brought together that vCISO and manual consultant part together with a platform that automates the tedious parts of compliance.

The vCISO that was assigned to us did an amazing job and got on calls with us all the time, even in the weekend a few times when we were dealing with security emergencies.

The platform was good as well, but the main thing that sold it for us was their holistic and comprehensive approach. Review collected by and hosted on G2.com.

One of their integrations completely broke down due to the very specific (and to be fair irregular) way we use AWS, which was quite frustrating because we thought it would mean we'd have to delay our audit. It took them about three weeks to make adjustments, but it didn't end up delaying our audit at all luckily. Review collected by and hosted on G2.com.

We really enjoyed using Oneleet, as they did a few things very differently from other companies that I previously used.

1. Hands-on. These guys were way more involved than I expected. They were hopping on calls with us all the time to explain expectations to us, as well as provide guidance.

2. Audit management. In the past I absolutely hated dealing with auditors. They are a use pain in the b*tt and often ask a ton of irrelevant and stupid questions. Oneleet worked with some of the same auditors we used in the past, but they managed it all on our behalf. This was a huge timesaver, as we didn't have to slam our head into the walls out of frustration all the time. And Oneleet was very agressive in managing them. They would push back all the time and make sure we weren't exposed to any of the stupidity.

3. One place. One of the worst parts of compliance is getting all parts together and making them play nicely together. Because everything was bundled together in Oneleet we didn't need to worry about this.

4. Security wizards. These guys know what they're doing, and they won't apologize for it. They were telling us how dangerous some of the things we were doing were. They were adament that we changed thoes things. They tell you from the start they can be as opinionated as you'd like them to be. I like radical directness, so that was incredibly useful.

5. Responsiveness. It was really easy communicating with them over Slack. Response times were FAST and the answers always articulate and well-reasoned through.

10/10 Review collected by and hosted on G2.com.

A few integrations were missing that are nice to haves. They didn't have support for Xero and Hubspot, which we use heavily in our company. Not a huge deal, but could have made a good experience even better.

Another thing I wish is that they would have rolled their pro MDM out, which we're still waiting for. Review collected by and hosted on G2.com.

As a consultante to many startups I have helped a large number of them through compliance. Here are some of teh reason why I like Oneleet best:

1. Support. This company provides more than just a product. They have many consultants in house that help with everything difficult about compliance. Their response times are great and their answers thorough.

2. Platform. It works well. They have everything you need and more.

3. Auditor support. Dealing with auditors is a huge pain, and it drove me crazy in the past having to explain things and being asked irrelevant questions. Oneleet works with the same auditors I used in the past, but they fully manage them. This made the process a lot faster and most importantly, it no longer required my constant attention.

4. Speed. We were able to become SOC 2 compliant within a single month, which included a pentest and retesting. Fastest I've ever seen.

5. Foundign team. They were involved from day one, and made me feel they really cared about us. Review collected by and hosted on G2.com.

A few things I disliked about the Oneleet experience:

1. They include things I didn't need. I wish they allowed me to pay less and exclude them.

2. They are missing a few integrations that would have been nice, like Hubspot.

3. Pricing. They were slightly more expensive compared to other companies. Not really a problem as I thnik it is worth the money, but still a hit to the company's wallet. Review collected by and hosted on G2.com.

Been using OneLeet for about 6 months now for our security and compliance stuff. They do our pentesting and help with SOC 2. What I really like is that our vCISO Samuel actually knows his stuff, who was able to tell us over multiple calls what we should and shouldn't be ivnesting more time in. They're pretty hands-on with everything, like when we were setting up our AWS security groups and got stuck, they actually helped us configure them properly instead of just telling us what to do. The continuous monitoring has caught a few config mistakes we made before they became issues. Review collected by and hosted on G2.com.

There are a few integrations they haven't rolled out yet, but those haven't been a blocker. 90% was there for us. Review collected by and hosted on G2.com.

* Oneleet had all tools in one place. We didn't have to spend time talking to vendors to get solutions.

* They manage the third party auditor for you, so you don't have to spend time dealing with them.

* Their vCISO and securty team are great to work with. Whenever you get stuck you can hop on a call wit htheir team and they wil lexplain everything to you to get unblocked.

* The way they allow you to show off your progress. Their trust portal, badges and letter of engagement wre important to us to land deals. Review collected by and hosted on G2.com.

A few nice to have intgrations were not ready yet when we onboarded. Review collected by and hosted on G2.com.

The onboarding flow using Oneleet was really nice. The product works well and the onboarding team is stellar. They basically tell you exactly what is expected of you, and do a lot of handholding.

The employee onboarding experience is really smooth and simple, and the Oneleet agent was super smooth. All we had to do was deploy it on multiple devices and press 'autofix' whenever security settings weren't in place. Review collected by and hosted on G2.com.

I wish the code security scanner wouldn't require me to go into the Oneleet platform all the time, which I need to do at least once or twice a week. It would be great if this was integrated so that new findings are displayed on Github. Review collected by and hosted on G2.com.

Honestly, the best part about OneLeet is that they don’t just dump a checklist on you and leave you hanging. We’re a small startup, and their team actually sat down with us multiple times to walk us through setting up security controls. Our vCISO was super patient and explained everything in a way we could udnerstand without feeling overwhelmed. Also, their code security scanner caught a few bugs early, which was really nice. Review collected by and hosted on G2.com.

I wish the dashboards had more customisation options for reports. Review collected by and hosted on G2.com.

They helped us become compliant without the usual unnecessary controls you see on some platforms, which cut down time to compliance by a lot. They were available for calls at a moment's notice to discuss our questions, which made it feel very smooth and reduced our anxiety around becoming compliant. Review collected by and hosted on G2.com.

They were more expensive than the other options out there. Review collected by and hosted on G2.com.

Oneleet had everything included that is needed to become compliant AND secure. Not only did they have a really good platform with a ton of automations to make compliance easy, but they also provide a ton of additional security tools that will continuously monitor your attack surface and security posture. Review collected by and hosted on G2.com.

They need to do a better job on notifications. Review collected by and hosted on G2.com.

As an employee, Policy signing, laptop agent and security training were all great.

As an engineer I was provided access to the platform to manage vulnerabilities, which was very easy and straightforward as well. Review collected by and hosted on G2.com.

Report versioning in the pentest platform didn't make it entirely clear that report generation wasn't immediate, so I was a bit confused. Review collected by and hosted on G2.com.