C3M Cloud Control  OverviewUNIXBusinessApplication

C3M Cloud Control is the #7 ranked solution in top Cloud Security Posture Management (CSPM) tools. PeerSpot users give C3M Cloud Control an average rating of 10.0 out of 10. C3M Cloud Control is most commonly compared to Prisma Cloud by Palo Alto Networks: C3M Cloud Control vs Prisma Cloud by Palo Alto Networks.
Buyer's Guide

Download the Cloud Security Posture Management (CSPM) Buyer's Guide including reviews and more. Updated: November 2022

What is C3M Cloud Control ?

C3M Cloud Control is a 100% API based Cloud Security Posture Management and Compliance Assurance platform that offers an enterprise complete cloud control through actionable cloud security intelligence across your AWS, GCP, and Azure infrastructure.

C3M Cloud Control Video

C3M Cloud Control Reviews

Filter by:
Filter Reviews
Filter Unavailable
Company Size
Filter Unavailable
Job Level
Filter Unavailable
Filter Unavailable
Filter Unavailable
Order by:
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Showingreviews based on the current filters. Reset all filters
Chief Catalyst at a tech services company with 1-10 employees
Real User
Top 20
Simple to implement, with helpful technical support and is easy to use for non-technical personnel
Pros and Cons
  • "We haven't had an issue with stability so far."
  • "From our perspective, at this point, we need something called risk scoring as you get a lot of alerts, and sometimes you don't know which one's really going to cost if you don't take care of it. We need to understand, at a glance, which items are priorities."

What is our primary use case?

We primarily use the solution for cloud security, cloud compliance, and best practices compliance. Essentially, other than that, we'll be looking at a remediation model as well for any kind of cloud incidents and stuff like that. It takes care of that. Now we're starting to use their compliance for infrastructure as code as well.

What is most valuable?

One of the key things we found is it doesn't focus on a single cloud. It gives you a uniform way to essentially tackle a multi-cloud environment - that means we're able to use Azure, AWS, and GCP. You can start to work with it uniformly without having to really get down to the intricacies of each cloud platform. 

It's got a policy engine called CQL, which essentially makes it easier for even non-technical people to start defining policies and controls much easier without having to get down the right technical scripting or technical skills so they can actually use that policy engine which has got a very English like language to describe and build your policy rules. That's a huge help as it essentially helps to take the security conversation wider from just your technical experts to a wide range of people who are really involved and can actually contribute to it effectively.

The initial setup is very simple. 

What needs improvement?

They're working at a breakneck speed. We've seen a lot of good changes come through in the last 12 months. In that sense, they have got a pretty fast release cycle. 

One of the key areas of improvement is that they've just been adding on stuff with the cloud's sphere moving at a very rapid pace. Due to this, everybody's transitioning to the cloud at a pretty high speed. Due to this change, there's going to be some cases where you're focused on one aspect while some other customer needs another aspect. There's a lot of prioritization that has to happen and they need to make sure they balance it correctly.

From our perspective, at this point, we need something called risk scoring as you get a lot of alerts, and sometimes you don't know which one's really going to cost if you don't take care of it. We need to understand, at a glance, which items are priorities. They've introduced risk scores just recently, which helps us sift through alerts better. When you're looking at 500 alerts, without assistance, you might miss a few really important items. We don't have a huge team, which is why we need help. now it has started to do that by providing risk scoring so that we can effectively prioritise our resolution efforts in a focused and more impactful manner.

In terms of our cloud journey, the solution fits well with our needs and it's probably a few steps ahead as well. The Kubernetes environment still needs to be taken care of, however, it's my understanding that there are some elements they're extending into the Kubernetes.

The product does offer regular updates and does provide good roadmap visibility so we can see what they are working on. 

The product is pretty well-rounded at this point. At this point, I don't see something glaringly missing as such. 

For how long have I used the solution?

I've been using the product for a year now.

Buyer's Guide
Cloud Security Posture Management (CSPM)
November 2022
Find out what your peers are saying about CyberArk, Palo Alto Networks, Orca Security and others in Cloud Security Posture Management (CSPM). Updated: November 2022.
658,157 professionals have used our research since 2012.

What do I think about the stability of the solution?

We haven't had an issue with stability so far. They've got very large customers. In contrast, we were one of the smaller customers. Their big customers are running thousands of workloads and thousands of accounts on the cloud. If they can handle that effectively, ours, which is much smaller, will not even face an issue. The platform's got good performance and stability.

What do I think about the scalability of the solution?

In terms of the scale, it's not the people it's how many workloads. There's quite a lot. Most of our stuff is on the cloud anyway as the cloud is like a global data center for us now. The best part is, once it's configured, it's constantly monitoring. Before we put something on it as well, it has got preventative checks to ensure that nothing's being pushed under the cloud, which is wrong in the first place. Due to this, we've now got a good process model of ensuring that our teams actually follow the best practices. 

What they put into the cloud is immediately tested for compliance. Before anything comes into production as well, we are ensuring that what our developers what we are building is absolutely compliant from an initial development perspective. They're getting early feedback. We're well-rounded in that sense. 

The solution is very easy to scale. We're using it across two clouds now, and it is very easy to do that. The best part is security. Everybody's aware of whether the is secure or not. The visibility is actually helping improve our teams as well. Everyone is ensuring they are secure and compliant. Everything's on the cloud, which makes everything easier. 

How are customer service and support?

Technical support is excellent. We haven't faced many issues, of course. The best part is the platform is pretty easy to use. It makes life pretty simple. We've not faced any issues and whenever we have needed any technical support, it's been very, very professional.

How was the initial setup?

The implementation process is very simple. It's SaaS and once they share the platform you just settle on all your cloud accounts onto it and that's it. It's ready to go. We could upload all our accounts using standard cloud formats. You can bulk upload accounts as well. It makes onboarding easy.  

To get our instance up and running was essentially about a day. Once it was up and running, by the next day, we had a few accounts already up as an initial set. Within a week everything was up and running completely.

What about the implementation team?

We did spend some time with C3M and got some support from them during implementation. That said, our team was able to handle the bulk of the setup.

What's my experience with pricing, setup cost, and licensing?

The absolute value you get from the product is great. The value from the security side ensures you don't have to compromise the functionality over cost.

It's account-based pricing. We found that to be very sound. We are very happy with it.

Everything was included for us. There were no extra costs. They've got some optional components. For example, if you're mature enough to go for auto-remediation stuff, you can have that deployed within your cloud environment. That's an optional component if you it. We may get into auto-remediation sooner or later, maybe early next year, however, we don't need it now and therefore don't need to pay for it. 

What other advice do I have?

We are a customer and an end-user.

As a SaaS platform, it's always updated and we are always on the latest version. 

It's a huge value add, especially for people. With the availability on the cloud, you can scale it as you need to. Plus, even for people who are starting off, it's pretty easy to use and builds in security and compliance. 

It's important to get that early feedback and build your foundations to your cloud which is very secure and compliant. Doing it from the beginning allows your team to get better as well.

It's important to know how good your cloud security posture is. You need to do that on a continuous basis. It's not like a one-off check-in. You need to know it on a continuous basis so that these solutions actually help ensure that you're continuously on the right path.

I'd rate the solution at a nine out of ten.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Buyer's Guide
Download our free Cloud Security Posture Management (CSPM) Report and find out what your peers are saying about CyberArk, Palo Alto Networks, Orca Security, and more!
Updated: November 2022
Buyer's Guide
Download our free Cloud Security Posture Management (CSPM) Report and find out what your peers are saying about CyberArk, Palo Alto Networks, Orca Security, and more!