Wiz is a highly efficient solution for data security posture management (DSPM), with a 100% API-based approach that provides quick connectivity and comprehensive scans of platform configurations and workloads. The solution allows companies to automatically correlate sensitive data with relevant cloud context, such as public exposure, user identities, entitlements, and vulnerabilities.This integration enables them to understand data accessibility, configuration, usage, and movement within their internal environments.
The pricing is fair. Some of the more advanced features and functionalities and how the tiers are split can be somewhat confusing.
I wish the pricing was more transparent.
The pricing is fair. Some of the more advanced features and functionalities and how the tiers are split can be somewhat confusing.
I wish the pricing was more transparent.
Prisma Cloud by Palo Alto Networks is a cloud security solution used for cloud security posture management, cloud workload protection, container security, and code security. It provides visibility, monitoring, and alerting for security issues in multi-cloud environments.
The purchasing process was easy and quick. It is a very economical solution.
Our licensing fees are $18,000 USD per year.
The purchasing process was easy and quick. It is a very economical solution.
Our licensing fees are $18,000 USD per year.
Microsoft Defender for Cloud is a comprehensive security solution that provides advanced threat protection for cloud workloads. It offers real-time visibility into the security posture of cloud environments, enabling organizations to quickly identify and respond to potential threats. With its advanced machine learning capabilities, Microsoft Defender for Cloud can detect and block sophisticated attacks, including zero-day exploits and fileless malware.
I'm not privy to that information, but I know it's probably close to a million dollars a year.
We are using the free version of the Azure Security Center.
I'm not privy to that information, but I know it's probably close to a million dollars a year.
We are using the free version of the Azure Security Center.
Snyk is a user-friendly security solution that enables users to safely develop and use open source code. Users can create automatic scans that allow them to keep a close eye on their code and prevent bad actors from exploiting vulnerabilities. This enables users to find and remove vulnerabilities soon after they appear.
We do have some missing licenses issues, especially with non-SPDX compliant one, but we expect this to be fixed soon
You can get a good deal with Snyk for pricing. It's a little expensive, but it is worth it.
We do have some missing licenses issues, especially with non-SPDX compliant one, but we expect this to be fixed soon
You can get a good deal with Snyk for pricing. It's a little expensive, but it is worth it.
Vulnerability Management, Detection, and Response (VMDR) is a cornerstone product of the Qualys TruRisk Platform and a global leader in the enterprise-grade vulnerability management (VM) vendor space. With VMDR, enterprises are empowered with visibility and insight into cyber risk exposure - making it easy to prioritize vulnerabilities, assets, or groups of assets based on business risk. Security teams can take action to mitigate risk, helping the business measure their actual risk exposure over time.
Usually every implementation is different and the quote is in function of number of assets.
When you want to cover yourself for scalability, you will be charged for the number you place on the scan itself.
Usually every implementation is different and the quote is in function of number of assets.
When you want to cover yourself for scalability, you will be charged for the number you place on the scan itself.
AWS Security Hub is a comprehensive security service that provides a centralized view of security alerts and compliance status across an AWS environment. It collects data from various AWS services, partner solutions, and AWS Marketplace products to provide a holistic view of security posture. With Security Hub, users can quickly identify and prioritize security issues, automate compliance checks, and streamline remediation efforts.
The price of the solution is not very competitive but it is reasonable.
The price of AWS Security Hub is average compared to other solutions.
The price of the solution is not very competitive but it is reasonable.
The price of AWS Security Hub is average compared to other solutions.
Amazon Guard Duty is a continuous cloud security monitoring service that consistently monitors and administers several data sources. These include AWS CloudTrail data events for EKS (Elastic Kubernetes Service) audit logs, VPC (Virtual Private Cloud) flow logs, DNS (Domain Name System) logs, S3 (Simple Cloud Storage), and AWS CloudTrail event logs.
Amazon GuardDuty intuitively uses threat intelligence data - such as lists of malicious domains and IP addresses - and ML (machine learning) to quickly discover suspicious and problematic activity in a user's AWS ecosystem. Activities may include concerns such as interactions with malicious IP addresses or domains, exposed credentials usage, or changes and/or escalation of privileges.
GuardDuty is able to easily determine problematic AWS EC2 (Elastic Compute Cloud) instances delivering malware or mining bitcoin. It is also able to trace AWS account access history for evidence of destabilization. such as suspicious API calls resulting in changing password policies to minimize password strength or anomalous infrastructure deployments in new or different never-used regions.
We use a pay-as-you-use license, which is competitively priced in the market.
I don't have all the details in terms of licensing for Amazon GuardDuty, but my organization does have a license set up for it.
We use a pay-as-you-use license, which is competitively priced in the market.
I don't have all the details in terms of licensing for Amazon GuardDuty, but my organization does have a license set up for it.
At Orca Security, we’re on a mission to make it fast, easy, and cost effective for organizations to address critical cloud security issues so they can operate in the cloud with confidence.
The most expensive solution is Palo Alto. They claim to be very robust. The next most expensive is Wiz, followed by Orca and all the rest.
Overall, the pricing is reasonable and the discounts have been acceptable.
The most expensive solution is Palo Alto. They claim to be very robust. The next most expensive is Wiz, followed by Orca and all the rest.
Overall, the pricing is reasonable and the discounts have been acceptable.
VMware Aria Automation is a cloud management tool that allows companies to simplify their cloud experience through a modern automation platform. The solution is designed to deliver self-service clouds, multi-cloud automation with governance, and DevOps-based security and infrastructure management. It helps organizations improve IT agility, efficiency, and productivity through its various features.
The solution has helped to increase infrastructure, agility, speed, and provisioning in the time to market.
From the customer perspective, the value was worth it.
The solution has helped to increase infrastructure, agility, speed, and provisioning in the time to market.
From the customer perspective, the value was worth it.
Aqua Security stops cloud native attacks, preventing them before they happen and stopping them when they happen. Dedicated cloud native threat research and the most loved cloud native security open source community in the world put innovation at your fingertips so you can transform your business. Born cloud native, The Aqua Platform is the most integrated Cloud Native Application Protection Platform (CNAPP), securing from day one and protecting in real-time. Aqua has been stopping real cloud native attacks on hundreds of thousands of production nodes across the world since 2015.
Aqua Security is not cheap, and it's not very expensive, such as Splunk, they are in the middle.
The pricing of this solution could be improved.
Aqua Security is not cheap, and it's not very expensive, such as Splunk, they are in the middle.
The pricing of this solution could be improved.
Illumio Zero Trust Segmentation is a cloud and data center security solution that helps stop breaches from spreading across hybrid and multi cloud IT environments. The solution is designed to stop ransomware, contain cyber attacks, and reduce risk. With Illumio Zero Trust Segmentation, users can understand relationships and communications to map exposure risk of systems and data, identify the right security posture and secure applications through least-privilege policies, and ensure a Zero Trust security posture.
There is a subscription needed to use Illumio Adaptive Security Platform and we pay every three years. Overall the solution is expensive.
The product's pricing is around 10,000-15,000 USD. The pricing is on a yearly basis.
There is a subscription needed to use Illumio Adaptive Security Platform and we pay every three years. Overall the solution is expensive.
The product's pricing is around 10,000-15,000 USD. The pricing is on a yearly basis.
Akamai Guardicore Segmentation is a software-based microsegmentation solution that provides the simplest, fastest, and most intuitive way to enforce Zero Trust principles. It enables you to prevent malicious lateral movement in your network through precise segmentation policies, visuals of activity within your IT environment, and network security alerts. Akamai Guardicore Segmentation works across your data centers, multicloud environments, and endpoints. It is faster to deploy than infrastructure segmentation approaches and provides you with unparalleled visibility and control of your network.
Compared to the pricing we were seeing from both Illumio and Edgewise, Guardicore was very competitive.
Guardicore Centra provides better value for money than NSX, was the other solution that we looked at, which was too expensive for what it does.
Compared to the pricing we were seeing from both Illumio and Edgewise, Guardicore was very competitive.
Guardicore Centra provides better value for money than NSX, was the other solution that we looked at, which was too expensive for what it does.
JFrog is on a mission to enable continuous updates through Liquid Software, empowering developers to code high-quality applications that securely flow to end-users with zero downtime. The world’s top brands such as Amazon, Facebook, Google, Netflix, Uber, VMware, and Spotify are among the 4500 companies that already depend on JFrog to manage binaries for their mission-critical applications. JFrog is a privately-held, global company, and is a proud sponsor of the Cloud Native Computing Foundation [CNCF].
Skyhigh Security protects organizations with cloud-based Zero Trust security solutions that are both data-aware and simple to use. Skyhigh’s Security Service Edge portfolio goes beyond data access and focuses on data use, allowing organizations to collaborate from any device and from anywhere without sacrificing security, while providing the visibility and control required to monitor and mitigate security risks.
Skyhigh provided a FedRAMP solution, tokenization, a better shadow IT capability, and lower cost.
The biggest thing to watch for is the difference in price per monitored user for the different API integrations.
Skyhigh provided a FedRAMP solution, tokenization, a better shadow IT capability, and lower cost.
The biggest thing to watch for is the difference in price per monitored user for the different API integrations.
Appgate SDP is a network access control tool for local and remote access, multifactor authentication, and micro-segmentation. It is a flexible, robust, and configurable tool with good documentation, interface improvements, and ease of deployment.
It is a pretty expensive tool. It is maybe about $20,000 per year for a hundred users or so.
We pay $100 per user per month. One license for the site is around $17.
It is a pretty expensive tool. It is maybe about $20,000 per year for a hundred users or so.
We pay $100 per user per month. One license for the site is around $17.
Lacework is a cloud security platform whose Polygraph Data Platform automates cloud security at scale so customers can innovate with speed and safety. Lacework is the only security platform that can collect, analyze, and accurately correlate data across an organization’s AWS, Azure, GCP, and Kubernetes environments, and narrow it down to the handful of security events that matter. As a breach detection and investigation tool, Lacework provides information on when and how a breach happened, including the users, machines, and applications involved in the breach. By using machine learning and behavioral analytics, the solution can automatically learn what's normal for your environment and reveal any abnormal behavior. In addition, Lacework gives you continuous visibility to find vulnerabilities, misconfigurations, and malicious activity across your cloud environment.
The licensing fee was approximately $80,000 USD, per year.
My smaller deployments cost around 200,000 a year, which is probably not as expensive as Wiz.
The licensing fee was approximately $80,000 USD, per year.
My smaller deployments cost around 200,000 a year, which is probably not as expensive as Wiz.
Check Point CloudGuard CNAPP is a robust cloud security solution, offering comprehensive protection for cloud workloads and applications against cyberattacks. This platform encompasses cloud security posture management, threat prevention, and efficient incident response, providing organizations with a unified defense against threats. Key features include continuous visibility and remediation of misconfigurations, threat prevention through various techniques like intrusion prevention and malware detection, and rapid, cost-effective incident response. With CloudGuard CNAPP, you can safeguard cloud-native applications, cloud infrastructure, and sensitive data, enhancing your overall cloud security posture. This solution is a powerful asset for organizations seeking to fortify their cloud environments against a range of cyber threats.
It is a very straightforward licensing model that is based on the number of assets you are discovering and managing with the solution.
Licensing and costs are straightforward, as they have a baseline of 100 workloads within one license and no additional charges.
It is a very straightforward licensing model that is based on the number of assets you are discovering and managing with the solution.
Licensing and costs are straightforward, as they have a baseline of 100 workloads within one license and no additional charges.
Cisco Secure Workload is a cloud and data security solution that offers a zero-trust policy of keeping an organization’s application workloads safe and secure throughout the entire on-premise and cloud data center ecosystems.
The pricing is a bit higher than we anticipated.
The price is outrageous. If you have money to throw at the product, then do it.
The pricing is a bit higher than we anticipated.
The price is outrageous. If you have money to throw at the product, then do it.
NGINX App Protect application security solution combines the efficacy of advanced F5 web application firewall (WAF) technology with the agility and performance of NGINX Plus. The solution runs natively on NGINX Plus and addresses some of the most difficult challenges facing modern DevOps environments:
The licensing fees for this solution are pretty expensive for what it does, but there is no alternative.
Our licensing costs are about $40,000 a year.
The licensing fees for this solution are pretty expensive for what it does, but there is no alternative.
Our licensing costs are about $40,000 a year.
SUSE NeuVector is a full lifecycle container security solution that helps your organization secure its container infrastructures, manage Kubernetes security risks, and block threats. The NeuVector continuous container security and compliance platform simplifies data protection from pipeline to production, enforces compliance, and provides complete visibility and automated controls for protection against known and unknown threats. In addition, NeuVector is the only Kubernetes-native container security solution that offers a comprehensive risk profile of known vulnerabilities and also delivers immediate protection from all vulnerabilities.
Licensing fees are paid yearly.
The solution's pricing could be better. The cost of a subscription is calculated on the basis of work.
Licensing fees are paid yearly.
The solution's pricing could be better. The cost of a subscription is calculated on the basis of work.
Red Hat Advanced Cluster Security for Kubernetes is a Kubernetes-native container security solution that enables your organization to more securely build, deploy, and run cloud-native applications from anywhere. With its built-in security across the entire software development life cycle, you can lower your operational costs, reduce operational risk, and increase developer productivity while improving your security posture immediately. In addition, Red Hat Advanced Cluster Security integrates with security tools and DevOps in an effort to help you mitigate threats and enforce security policies that minimize operational risk to your applications. It also enables you to provide developers with actionable, context-rich guidelines integrated into existing workflows, along with tooling to support developer productivity. The solution is suitable for small, medium, and large-sized companies.
The pricing model is moderate, meaning it is not very expensive.
Red Hat offers two pricing options for their solution: a separate price, and a bundled price under the OpenShift Platform Plus.
The pricing model is moderate, meaning it is not very expensive.
Red Hat offers two pricing options for their solution: a separate price, and a bundled price under the OpenShift Platform Plus.
In the cloud, every second counts. Attacks move at warp speed, and security teams must protect the business without slowing it down. Sysdig stops cloud attacks in real time, instantly detecting changes in risk with runtime insights, a unique AI architecture, and open source Falco. Sysdig delivers live visibility by correlating signals across cloud workloads, identities, and services to uncover hidden attack paths. By knowing what is running, teams can prioritize the vulnerabilities, misconfigurations, permissions, and threats that matter most. From prevention to defense, Sysdig helps enterprises move faster and focus on what matters: innovation.
The solution's pricing depends on the agents...In short, the price depends on the environment of its user.
It is quite costly compared to other tools.
The solution's pricing depends on the agents...In short, the price depends on the environment of its user.
It is quite costly compared to other tools.
XM Cyber is a leading hybrid cloud security company that’s changing the way innovative organizations approach cyber risk. Our attack path management platform continuously uncovers hidden attack paths to your critical assets across cloud and on-prem environments, so you can cut them off at key junctures and eradicate risk with a fraction of the effort. This overcomes the big disconnect that security teams experience when they’re presented with endless alerts, yet can’t see which exposures impact risk the most, how they come together to be exploited by an attacker, or how to efficiently eliminate them. This approach is a complete game-changer, which is why some of the world’s largest, most complex organizations choose XM Cyber to help eradicate risk. Founded by top executives from the Israeli cyber intelligence community, XM Cyber has offices in North America, Europe, and Israel.
We have to pay standard licensing fees.
We have to pay standard licensing fees.
Take control of your cloud security program with Tenable Cloud Security (formerly Tenable.cs) low-impact cloud agentless scanning, automated threat detection and risk prioritization. Developed by the leader in vulnerability management, Tenable Cloud Security enables security teams to continuously assess the security posture of cloud environments, offering full visibility across multi-cloud environments and helping you prioritize efforts based on business risk.
The tool's pricing is fair.
The tool's pricing is fair.
Azure Kubernetes Service (AKS) is a fully managed container orchestration service provided by Microsoft Azure. It simplifies the deployment, management, and scaling of containerized applications using Kubernetes. With AKS, developers can focus on building applications while Azure takes care of the underlying infrastructure. It offers features like automatic scaling, monitoring, and security, ensuring high availability and reliability. AKS integrates seamlessly with other Azure services, enabling easy integration with existing workflows. It also provides a flexible and open-source environment, allowing developers to use their preferred tools and frameworks. With AKS, organizations can accelerate their application development and deployment processes, while reducing operational overheads.
As you scale your operations, AKS becomes more cost-effective.
We could spend as little as $25 or $30 a month on Kubernetes Services, compared to the typical $100 a month expenditure for a virtual machine.
As you scale your operations, AKS becomes more cost-effective.
We could spend as little as $25 or $30 a month on Kubernetes Services, compared to the typical $100 a month expenditure for a virtual machine.
Threat Stack Cloud Security Platform is a CWPP (Cloud Workload Protection Platform) that provides your organization with comprehensive security for modern applications and APIs. It is designed specifically for monitoring cloud environments, vulnerabilities, covering workloads, infrastructure, and compliance. The solution offers application infrastructure protection for all layers of your infrastructure stack and delivers the necessary observability for proactive and targeted remediation action. In addition, it is platform-independent and easily adapts to various environments. Threat Stack Cloud Security Platform works best for companies who want real-time protection against active external threats and need to reduce alert investigation time. It is ideal for small, medium, or large-sized organizations.
It is a cost-effective choice versus other solutions on the market.
Pricing seems to be in line with the market structure. It's fine.
It is a cost-effective choice versus other solutions on the market.
Pricing seems to be in line with the market structure. It's fine.
The solution is reasonably priced.
The cost is on par with other providers.
The solution is reasonably priced.
The cost is on par with other providers.
Trivy is the most popular open source security scanner, reliable, fast, and easy to use. Use Trivy to find vulnerabilities & IaC misconfigurations, SBOM discovery, Cloud scanning, Kubernetes security risks,and more.
Trivy is an open-source product.
Trivy is an open-source product.
Sysdig Falco is a powerful open-source behavioral activity monitoring tool designed for containerized environments. Its primary use case is to enhance security and threat detection in cloud-native infrastructures.
Zscaler CSPM automates security and compliance in the cloud, delivering continuous visibility and enforcing adherence to the most comprehensive set of security policies and compliance frameworks. Offered as a multi-tenant SaaS, the product enables seamless integration with customer cloud infrastructure, quick data collection, comprehensive dashboards and reports. Zscaler CSPM supports integrations with CI/CD pipelines and ticketing systems, enables auto-remediation, and supports private benchmarks. Customers can easily enforce their corporate information security standards across AWS, Azure, and Office365 environments to prevent misconfiguration-related data breaches.
When comparing it to other security solutions, it offers effective protection at a lower cost.
In the long run, cloud services are not inherently costly.
When comparing it to other security solutions, it offers effective protection at a lower cost.
In the long run, cloud services are not inherently costly.
Sysdig Monitor allows you to maximize the performance and availability of your cloud infrastructure, services, and applications. Built on open source, it provides immediate, deep visibility into rapidly changing container environments. You can resolve issues faster by using granular data derived from actual system calls enriched with cloud and Kubernetes context along with Prometheus metrics. Remove silos by unifying data across teams for hybrid and multi-cloud monitoring.
Sysdig Monitor is not expensive.
Sysdig Monitor is not expensive.
Virsec Security Platform (VSP) is an enterprise cybersecurity solution that continuously protects application, web and host workloads against advanced cyber threats and neutralizes zero-day exploits with zero dwell time (milliseconds). The Virsec Security Platform (VSP) aligns with Zero Trust Architectural approaches and presents a portfolio of compensating security controls that automate the enforcement of runtime execution of authorized processes, scripts, libraries and dependencies that harden Windows and Linux Host OS (Operating System) server, application, and web workloads at runtime.
I would rate the solution's pricing an eight out of ten.
I would rate the solution's pricing an eight out of ten.
Chainguard Images is a collection of container images designed for security and minimalism. These images are distroless, meaning they only contain an application and its runtime dependencies. This makes them smaller and more secure than traditional container images. Chainguard Images are built with Wolfi, a Linux undistro designed from the ground up to produce container images that meet the requirements of a secure software supply chain. Chainguard Images are available from the Chainguard Registry and can be pulled from cgr.dev.
Security Command Center - built-in security and risk management solution for Google Cloud.
Initially, it used to be relatively expensive, starting at around four or five hundred dollars.
Initially, it used to be relatively expensive, starting at around four or five hundred dollars.
CrowdSec Security Engine defends against intrusions by analyzing logs to identify and block offending IPs. Flagged IPs are then sent to the community blocklist to protect the Crowd.
