# Best Cloud Security Posture Management (CSPM) Software - Page 2

  *By [Lauren Worth](https://research.g2.com/insights/author/lauren-worth)*

   Cloud security posture management (CSPM) is an emerging market of vulnerability management and security compliance technologies designed to ensure protection for complex, modern hybrid computing environments. CSPM tools monitor cloud applications, services, containers, and infrastructure to detect and remediate misconfigurations, or incorrectly enforced policies. Cloud security posture management vendors create solutions that will typically remediate issues automatically when triggered by an anomaly or other misconfiguration based on rules set by the administrator.

Companies use these tools because it is very difficult to map out and consistently visualize all the components of a complex cloud computing environment. New tools have been developed to enable AI-based, automated management of identities, networks, infrastructure, etc. However, only CSPM software has emerged to provide continuous monitoring and visibility of a company’s security posture, and pair it with automated detection and remediation for issues as they emerge across disparate computing environments.

These tools are part of the emerging secure access service edge (SASE) technology market that also includes [software defined perimeter (SDP) software](https://www.g2.com/categories/software-defined-perimeter-sdp), [cloud access security brokers (CASB) software](https://www.g2.com/categories/cloud-access-security-broker-casb), [secure web gateways](https://www.g2.com/categories/secure-web-gateways), and [zero trust networking software](https://www.g2.com/categories/zero-trust-networking). Together, these tools are delivered virtually through [SD-WAN software](https://www.g2.com/categories/sd-wan) to provide an all-encompassing security solution for all components in any cloud environment.

To qualify for inclusion in the Cloud Security Posture Management (CSPM) category, a product must:

- Facilitate the automated detection and remediation of cloud misconfigurations
- Monitor security policies and configurations across infrastructure, applications, and other cloud environments
- Visualize cloud infrastructure in a single-pane-of-glass view
- Monitor for other issues relating to cloud compliance, infrastructure as code, and other potential security gaps


## Category Overview

**Total Products under this Category:** 101


## Trust & Credibility Stats

**Why You Can Trust G2's Software Rankings:**

- 30 Analysts and Data Experts
- 6,000+ Authentic Reviews
- 101+ Products
- Unbiased Rankings

G2's software rankings are built on verified user reviews, rigorous moderation, and a consistent research methodology maintained by a team of analysts and data experts. Each product is measured using the same transparent criteria, with no paid placement or vendor influence. While reviews reflect real user experiences, which can be subjective, they offer valuable insight into how software performs in the hands of professionals. Together, these inputs power the G2 Score, a standardized way to compare tools within every category.


## Best Cloud Security Posture Management (CSPM) Software At A Glance

- **Leader:** [Wiz](https://www.g2.com/products/wiz-wiz/reviews)
- **Highest Performer:** [SafeBase](https://www.g2.com/products/safebase/reviews)
- **Easiest to Use:** [Scrut Automation](https://www.g2.com/products/scrut-automation/reviews)
- **Top Trending:** [Aikido Security](https://www.g2.com/products/aikido-security/reviews)
- **Best Free Software:** [Wiz](https://www.g2.com/products/wiz-wiz/reviews)


---

**Sponsored**

### Upwind

Upwind is the runtime-first cloud security platform that secures your deployments, configurations, and applications by providing real-time visibility from the inside out. We’ve built a unified fabric that maps your environment as it runs - revealing what’s truly at risk, what’s actively happening, and how to respond quickly and effectively. With Upwind, security, dev, and ops teams move faster, stay focused, and fix risks that matter most.


[Visit website](https://www.g2.com/external_clickthroughs/record?secure%5Bad_program%5D=ppc&amp;secure%5Bad_slot%5D=category_product_list&amp;secure%5Bcategory_id%5D=2647&amp;secure%5Bdisplayable_resource_id%5D=2647&amp;secure%5Bdisplayable_resource_type%5D=Category&amp;secure%5Bmedium%5D=sponsored&amp;secure%5Bplacement_reason%5D=page_category&amp;secure%5Bplacement_resource_ids%5D%5B%5D=2647&amp;secure%5Bprioritized%5D=false&amp;secure%5Bproduct_id%5D=1333227&amp;secure%5Bresource_id%5D=2647&amp;secure%5Bresource_type%5D=Category&amp;secure%5Bsource_type%5D=category_page&amp;secure%5Bsource_url%5D=https%3A%2F%2Fwww.g2.com%2Fcategories%2Fcloud-security-posture-management-cspm&amp;secure%5Btoken%5D=d770d127798b455edee5b0b7191fc5abcb4d94475d9a7420ae683f8e3934e7eb&amp;secure%5Burl%5D=https%3A%2F%2Fwww.upwind.io&amp;secure%5Burl_type%5D=custom_url)

---

## Top-Rated Products (Ranked by G2 Score)
### 1. [ARMO Platform](https://www.g2.com/products/armo-platform/reviews)
  ARMO Platform is the only runtime-driven, open-source first, cloud security platform. It is the only security platform that continuously minimizes cloud attack surface based on runtime insights, while actively detecting and responding to cyberattacks with real risk context. Using an eBPF-based runtime sensor to record application behavior and related activities, ARMO Platform enables DevOps, security, and platform teams to eliminate the security noise and go from thousands of irrelevant alerts to focus on the most important and exploitable threats. This allows those teams to shift from managing hypothetical security issues to mitigating actual risks and providing them with the means to remediate them. ARMO is an open-source-driven company and the creator of Kubescape, a leading open-source Kubernetes security project, now an official CNCF project. To learn more about ARMO Platform please visit: https://www.armosec.io/


  **Average Rating:** 4.5/5.0
  **Total Reviews:** 44

**User Satisfaction Scores:**

- **Has the product been a good partner in doing business?:** 9.2/10 (Category avg: 9.4/10)
- **Configuration Monitoring:** 8.9/10 (Category avg: 8.8/10)
- **Vulnerability Scanning:** 9.7/10 (Category avg: 8.7/10)
- **Threat Hunting:** 8.5/10 (Category avg: 8.6/10)


**Seller Details:**

- **Seller:** [ARMO](https://www.g2.com/sellers/armo)
- **Year Founded:** 2019
- **HQ Location:** Tel Aviv, IL
- **Twitter:** @armosec (3,094 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/armosec/ (88 employees on LinkedIn®)

**Reviewer Demographics:**
  - **Top Industries:** Computer Software, Information Technology and Services
  - **Company Size:** 59% Small-Business, 36% Mid-Market


#### Pros & Cons

**Pros:**

- Ease of Use (20 reviews)
- Security (19 reviews)
- Features (16 reviews)
- Vulnerability Detection (12 reviews)
- Comprehensive Security (11 reviews)

**Cons:**

- Learning Curve (10 reviews)
- Integration Issues (9 reviews)
- Difficult Learning (7 reviews)
- Limited Integrations (6 reviews)
- Missing Features (6 reviews)

### 2. [F5 Distributed Cloud App Infrastructure Protection (AIP)](https://www.g2.com/products/f5-distributed-cloud-app-infrastructure-protection-aip/reviews)
  Distributed Cloud AIP, formerly known as Threat Stack, is the leader in cloud security and compliance for application infrastructures, helping companies securely leverage the business benefits of the cloud with proactive risk identification and high-efficacy threat detection across cloud workloads. Distributed Cloud AIP’s application infrastructure protection helps organizations improve operational efficiency by delivering full stack security observability across the cloud management console, host, container, orchestration, managed containers, and serverless layers. Distributed Cloud AIP helps organizations efficiently detect known risks at scale and quickly uncover anomalies throughout the environment. Distributed Cloud AIP helps organizations stay secure through comprehensive security monitoring with a combination of industry-leading telemetry collection, a robust ruleset for known threats, and ThreatML for vulnerability and anomaly detection. Security Services Customers also have the option of leveraging our human expertise with Distributed Cloud AIP Insights and Managed Security Services, our in-house Security Operations Center (SOC) that provides 24/7/365 monitoring of your cloud environment. Through both options, Distributed Cloud AIP aims to deliver visibility and response capabilities across the full stack, allowing organizations to leverage the benefits of modern computing environments, securely. Coupled with other F5 Distributed Cloud Services, customers get application and infrastructure protection. Because applications and APIs are only as secure as the infrastructure they run on. To learn more, visit https://www.f5.com/cloud/products/app-infrastructure-protection


  **Average Rating:** 4.4/5.0
  **Total Reviews:** 44

**User Satisfaction Scores:**

- **Has the product been a good partner in doing business?:** 9.4/10 (Category avg: 9.4/10)


**Seller Details:**

- **Seller:** [F5](https://www.g2.com/sellers/f5-f6451ada-8c47-43f5-b017-58663a045bc5)
- **HQ Location:** Seattle, Washington
- **Twitter:** @F5Networks (1,384 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/4841/ (6,133 employees on LinkedIn®)

**Reviewer Demographics:**
  - **Top Industries:** Computer Software, Information Technology and Services
  - **Company Size:** 70% Mid-Market, 20% Small-Business


### 3. [nOps](https://www.g2.com/products/nops/reviews)
  With nOps, ensure every dollar you spend on the cloud delivers maximum value. nOps provides automated cloud cost optimization that delivers industry-leading cloud savings and visibility without operational overhead or long-term commitment risk. nOps platform includes: Commitment Management: autonomous rate optimization for AWS, Azure and GCP to maximize savings and flexibility Cloud Cost Visibility: comprehensive cost and usage reporting and analysis, enabling 100% cost allocation across your unified Multicloud, SaaS, Kubernetes &amp; AI spend FinOps Agent: AI trained on your cost data to answer questions &amp; automate FinOps tasks like forecasting, anomaly detection, waste reduction, budgets, reports, etc. The time to value is 30 minutes to get started and receive a free Savings Analysis.


  **Average Rating:** 4.8/5.0
  **Total Reviews:** 129

**User Satisfaction Scores:**

- **Has the product been a good partner in doing business?:** 9.3/10 (Category avg: 9.4/10)
- **Configuration Monitoring:** 8.9/10 (Category avg: 8.8/10)
- **Vulnerability Scanning:** 9.2/10 (Category avg: 8.7/10)
- **Threat Hunting:** 8.3/10 (Category avg: 8.6/10)


**Seller Details:**

- **Seller:** [nOps](https://www.g2.com/sellers/nops)
- **Company Website:** https://www.nops.io/
- **Year Founded:** 2017
- **HQ Location:** San Francisco, California
- **Twitter:** @nopsio (1,528 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/7602157 (177 employees on LinkedIn®)

**Reviewer Demographics:**
  - **Who Uses This:** CTO
  - **Top Industries:** Computer Software, Information Technology and Services
  - **Company Size:** 52% Small-Business, 41% Mid-Market


#### Pros & Cons

**Pros:**

- Savings (6 reviews)
- Cost Saving (5 reviews)
- Cost Management (4 reviews)
- Ease of Use (4 reviews)
- Time-saving (4 reviews)

**Cons:**

- Complexity (1 reviews)
- Dashboard Issues (1 reviews)
- Difficult Navigation (1 reviews)
- Inadequate Reporting (1 reviews)
- Insufficient Documentation (1 reviews)

### 4. [Runecast](https://www.g2.com/products/runecast/reviews)
  Runecast is an enterprise CNAPP platform which saves your Security and Operations teams time and resources by enabling a proactive approach to ITOM, CSPM, and compliance. It helps you proactively remediate vulnerabilities for continuous compliance, whether on-prem, cloud or containers. By proactively using our agentless scanning in real-time admins discover potential risks and remediation solutions before any issues can develop into a major outage. Runecast’s AI-RAIKA, leverages advanced natural language processing (NLP) capabilities to interpret a vast amount of information to provide automated audits for security compliance standards, vulnerabilities (such as KEVs, CVEs or VMSAs) and technology vendor best practices. The platform has been recognized with Frost &amp; Sullivan&#39;s 2023 European New Product Innovation Award in the CNAPP industry for its strong overall performance and commitment to user experience. NAVIGATING YOUR COMPLEXITY Runecast helps teams with a simpler transition to cloud, enabling admins to fully understand their hybrid environments and Cloud Security Posture Management (CSPM) and Kubernetes Security Posture Management (KSPM). Running securely on-premises, it provides insights into what is happening both in the cloud and on-site. IMMEDIATE VALUE FOR TEAMS As Runecast helps teams to stabilize availability and ensure security compliance, it contributes also to greater ROI for both existing and future investments with AWS, Azure, Kubernetes and VMware. FULLY ON-PREM SECURE Operates fully on-prem to analyze your hybrid-cloud environment, so that your data remains safely on-site. To provide additional security, Runecast features a customizable, transparent rules engine. RUNECAST FOR SECURITY AND COMPLIANCE Vulnerability Management Regular automated scanning, recommendations, remediation, and the ability to set up vulnerability management policies are just some of the requirements many enterprises have. The Runecast platform is constantly updated to detect the latest vulnerabilities for all of the supported technologies. Container Security Runecast scans container images for known vulnerabilities and misconfigurations, and can also detect runtime issues such as exposed ports and running processes. It also provides a public API which can be used in your CI/CD platform to analyze the container images and whether they are vulnerable or not to known vulnerabilities, before deploying them in production. Compliance with Security Standards Runecast offers automated audits against security hardening guidelines and common industry standards like CIS Benchmarks, NIST 800-53, PCI DSS, HIPAA, DISA STIG 6, GDPR, KVKK (Turkey), ISO 27001, BSI IT-Grundschutz, Essential 8 and Cyber Essentials Security Standard. RUNECAST FOR IT OPERATIONS TEAMS Vendor Best Practices for Security Hardening Runecast continuously monitors your complex environment, reporting violations and providing recommendations against Vendor Best Practices. It maintains a database with Best Practices of the latest AWS, Azure, Kubernetes, GCP, VMware and Windows and Linux OS. It analyzes your environment to detect any configuration issues against Vendor Best Practices. This delivers valuable insights to improve the stability and security of your infrastructure. Configuration Vault Tracks your configuration to help you prevent drift. Reports your entire configuration and provides the ability to compare your configurations over time. Hardware Compatibility and Upgrade Stimulations Runecast has automated the process of validating the hardware compliance of hosts and clusters against a selected ESXi version, ensuring compliance with the VMware Compatibility Guide (VCG) and vSAN Hardware Compatibility List (vSAN HCL). The AI-powered platform runs a quick and automated analysis using the latest HCL for your servers, I/O devices, and vSAN controllers. For upgrade planning, admins can see the results of multiple HCL upgrade simulation scenarios within seconds, and the findings are presented in a comprehensive way with details about any non-compatibility and how to resolve it. Validates your hardware, drivers, and firmware against current and upstream releases of ESXi for faster upgrade planning. Remediation Scripts A growing number of findings in Runecast offer remediation actions – allowing you to download the customized script to perform the reconfiguration. Some rules offer more than one remediation option, for example PowerCLI and Ansible. SUPPORTED SERVICES SUPPORTED SYSTEMS: AWS, Azure GCP, Kubernetes (1.20 and above), VMware (VMware vSphere, NSX-V, NSX-T, VMware Horizon, VMware Cloud Director, AP HANA for VMware, VMware on Nutanix, Pure Storage), Windows (Microsoft Windows) and Linux OS (RHEL 8, CentOS 7). SECURITY STANDARDS: CIS Benchmarks, NIST 800-53, PCI DSS, HIPAA, DISA STIG 6, GDPR, KVKK (Turkey), ISO 27001, BSI IT-Grundschutz, Essential 8 and Cyber Essentials Security Standard. INTEGRATIONS: Jira, ServiceNow, vSphere Client Plugin, OpenID Connect, REST API, HPE Ezmeral. REMEDIATION TOOLS: Ansible (VMware), PowerCLI (VMware), AWS CLI (AWS), AWS Tools for PowerShell (AWS), GCP CLI


  **Average Rating:** 4.8/5.0
  **Total Reviews:** 21

**User Satisfaction Scores:**

- **Has the product been a good partner in doing business?:** 9.6/10 (Category avg: 9.4/10)


**Seller Details:**

- **Seller:** [Runecast Solutions](https://www.g2.com/sellers/runecast-solutions)
- **Year Founded:** 2014
- **HQ Location:** London, London
- **Twitter:** @Runecast (1,101 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/5226278 (14 employees on LinkedIn®)

**Reviewer Demographics:**
  - **Company Size:** 48% Enterprise, 24% Mid-Market


### 5. [Kloudle](https://www.g2.com/products/kloudle/reviews)
  Find &amp; Fix 350+ security issues in you AWS, Google Cloud, DigitalOcean, Kubernetes clouds. Kloudle scans your cloud like a security expert so that you don&#39;t need to. With automated scans, detailed steps to fix, use Kloudle to secure your cloud effortlessly. Results within 5-25 minutes. One Simple Dashboard for security issues &amp; scans. Clear Steps to secure all identified security issues.


  **Average Rating:** 4.8/5.0
  **Total Reviews:** 13

**User Satisfaction Scores:**

- **Has the product been a good partner in doing business?:** 10.0/10 (Category avg: 9.4/10)
- **Configuration Monitoring:** 9.2/10 (Category avg: 8.8/10)
- **Vulnerability Scanning:** 9.2/10 (Category avg: 8.7/10)


**Seller Details:**

- **Seller:** [Kloulde](https://www.g2.com/sellers/kloulde)
- **Year Founded:** 2020
- **HQ Location:** Wilmington, US
- **Twitter:** @Kloudleinc (662 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/kloudle/ (6 employees on LinkedIn®)

**Reviewer Demographics:**
  - **Top Industries:** Computer Software
  - **Company Size:** 69% Small-Business, 8% Enterprise


### 6. [Continuity Software](https://www.g2.com/products/continuity-software/reviews)
  New ransomware groups are targeting storage and backup systems (e.g., Conti, Hive and REvil). However, storage &amp; backup are currently the only infrastructure layers NOT COVERED by traditional vulnerability management solutions. This is a glaring blind spot, since the working assumption should be that some attacks will succeed. When that happens, storage and backups are your last line of defense. Continuity&#39;s StorageGuard is the industry’s ONLY security posture management solution for storage &amp; backup systems, helping you protect your most valuable data, and ensuring data recoverability in case of a breach. For the first time, get complete visibility of security risks across your storage &amp; backup systems, automatically prioritized in order of business impact, and with clear remediation guidelines. Now’s the time to get the peace of mind that your storage &amp; backup systems can withstand a ransomware attack.


  **Average Rating:** 4.4/5.0
  **Total Reviews:** 18

**User Satisfaction Scores:**

- **Has the product been a good partner in doing business?:** 10.0/10 (Category avg: 9.4/10)
- **Configuration Monitoring:** 9.3/10 (Category avg: 8.8/10)
- **Vulnerability Scanning:** 9.0/10 (Category avg: 8.7/10)
- **Threat Hunting:** 9.3/10 (Category avg: 8.6/10)


**Seller Details:**

- **Seller:** [Continuity Software](https://www.g2.com/sellers/continuity-software)
- **Year Founded:** 2005
- **HQ Location:** New York, US
- **LinkedIn® Page:** https://www.linkedin.com/company/continuity-software/ (59 employees on LinkedIn®)

**Reviewer Demographics:**
  - **Top Industries:** Information Technology and Services, Computer Software
  - **Company Size:** 53% Enterprise, 26% Small-Business


### 7. [Sonrai Security](https://www.g2.com/products/sonrai-security/reviews)
  Sonrai Security is a leading cloud privileged access management solutions provider. With a mission to empower enterprises of all sizes to innovate securely and confidently, Sonrai Security delivers identity, access, and privilege security for companies running on AWS, Azure, and Google Cloud platforms. The company is renowned for pioneering the Cloud Permissions Firewall, enabling one-click least privilege while supporting developer access needs without disruption. Trusted by Cloud Operations, Development, and Security Teams at leading companies across various industries, Sonrai Security is committed to driving innovation and excellence in cloud security. Sonrai’s Cloud Permissions Firewall, the leading cloud PAM solution, gets cloud access under control, slashes the privileged attack surface, and automates least privilege all without impeding DevOps. The Cloud Permissions Firewall uses privileged permission intelligence and usage monitoring to determine who needs what permissions in your cloud. Then, with one-click, it eliminates all unused sensitive privileges across your entire multi-cloud estate. Just-in-time access and exceptions are granted to roles on the fly as new needs come up so development goes uninterrupted. SecOps teams spend 97% less time achieving least privilege and slash the attack surface by 92%.


  **Average Rating:** 4.5/5.0
  **Total Reviews:** 26

**User Satisfaction Scores:**

- **Has the product been a good partner in doing business?:** 9.3/10 (Category avg: 9.4/10)
- **Configuration Monitoring:** 9.6/10 (Category avg: 8.8/10)
- **Vulnerability Scanning:** 8.6/10 (Category avg: 8.7/10)
- **Threat Hunting:** 8.3/10 (Category avg: 8.6/10)


**Seller Details:**

- **Seller:** [Sonrai Security](https://www.g2.com/sellers/sonrai-security)
- **Year Founded:** 2017
- **HQ Location:** New York, US
- **LinkedIn® Page:** https://www.linkedin.com/company/sonrai-security (64 employees on LinkedIn®)

**Reviewer Demographics:**
  - **Top Industries:** Information Technology and Services
  - **Company Size:** 42% Mid-Market, 38% Enterprise


#### Pros & Cons

**Pros:**

- Cloud Security (12 reviews)
- Security (12 reviews)
- Cloud Management (10 reviews)
- Ease of Use (9 reviews)
- Cloud Technology (8 reviews)

**Cons:**

- Complexity (3 reviews)
- Expensive (3 reviews)
- Feature Limitations (3 reviews)
- Improvement Needed (3 reviews)
- Limited Customization (3 reviews)

### 8. [Turbot](https://www.g2.com/products/turbot/reviews)
  Turbot provides enterprise guardrails for cloud infrastructure. Turbot is designed to allow enterprises to achieve agility, ensure control, and accelerate best practices through continuous adherence of centrally defined policies across a multi-account AWS model.


  **Average Rating:** 4.3/5.0
  **Total Reviews:** 13

**User Satisfaction Scores:**

- **Has the product been a good partner in doing business?:** 8.3/10 (Category avg: 9.4/10)
- **Configuration Monitoring:** 10.0/10 (Category avg: 8.8/10)
- **Vulnerability Scanning:** 10.0/10 (Category avg: 8.7/10)
- **Threat Hunting:** 8.3/10 (Category avg: 8.6/10)


**Seller Details:**

- **Seller:** [Turbot](https://www.g2.com/sellers/turbot)
- **Year Founded:** 2014
- **HQ Location:** New York, NY
- **Twitter:** @turbothq (420 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/7599466/ (44 employees on LinkedIn®)

**Reviewer Demographics:**
  - **Top Industries:** Information Technology and Services
  - **Company Size:** 62% Enterprise, 31% Mid-Market


### 9. [Cloudanix](https://www.g2.com/products/cloudanix/reviews)
  Cloudanix is a Ycombinator-backed security platform for your code, cloud, identities, and workloads. Cloudanix provides solutions for your multi-environments which may include multi-clouds, multi-accounts, multi-regions, multi-runtimes, etc. Cloudanix enables organizations across industries and geographies from startups to enterprises to not just identify and mitigate, but also remediate risks and threats. Onboarding takes less than 30 minutes and just 1 click.


  **Average Rating:** 4.9/5.0
  **Total Reviews:** 11

**User Satisfaction Scores:**

- **Has the product been a good partner in doing business?:** 9.8/10 (Category avg: 9.4/10)
- **Configuration Monitoring:** 10.0/10 (Category avg: 8.8/10)
- **Vulnerability Scanning:** 10.0/10 (Category avg: 8.7/10)
- **Threat Hunting:** 10.0/10 (Category avg: 8.6/10)


**Seller Details:**

- **Seller:** [Cloudanix](https://www.g2.com/sellers/cloudanix)
- **Year Founded:** 2020
- **HQ Location:** Sunnyvale, CA
- **Twitter:** @cloudanix (102 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/cloudanix/ (16 employees on LinkedIn®)

**Reviewer Demographics:**
  - **Company Size:** 64% Mid-Market, 36% Small-Business


#### Pros & Cons

**Pros:**

- Cloud Integration (5 reviews)
- Ease of Use (5 reviews)
- Features (5 reviews)
- Cloud Technology (4 reviews)
- Customer Support (4 reviews)

**Cons:**

- Inadequate Remediation (1 reviews)
- Lack of Customization (1 reviews)
- Lack of Remediation (1 reviews)
- Limited Customization (1 reviews)
- Poor Remediation (1 reviews)

### 10. [Sophos Cloud Optix](https://www.g2.com/products/sophos-cloud-optix/reviews)
  Sophos Cloud Optix is an AI-powered security and compliance platform designed to provide comprehensive visibility and control over public cloud environments. It offers real-time inventory management of cloud assets, including servers, storage, and network components, enabling organizations to monitor security, manage resources, and ensure compliance with industry standards through a unified interface. Key Features and Functionality: - Multi-Cloud Visibility: Supports monitoring across AWS, Azure, Google Cloud, and Kubernetes, offering detailed inventories and visualizations to detect security risks, over-privileged access, and spending anomalies. - Security Monitoring: Conducts scheduled, daily, and on-demand scans to identify vulnerabilities and compliance issues, providing contextual alerts with remediation steps. - Compliance Management: Automates assessments and generates audit-ready reports for standards such as CIS, ISO 27001, GDPR, HIPAA, and PCI DSS, streamlining compliance processes. - DevSecOps Integration: Integrates security checks into the development pipeline, scanning container images and Infrastructure-as-Code templates to prevent vulnerabilities before deployment. - Cost Optimization: Monitors cloud service expenditures, provides recommendations to reduce costs, and identifies indicators of compromise to prevent financial losses. Primary Value and Problem Solved: Sophos Cloud Optix addresses the challenges of managing complex, multi-cloud environments by offering a centralized platform for security monitoring, compliance management, and cost optimization. It reduces the complexity and cost associated with governance, risk, and compliance by providing continuous assessments and collaboration tools that integrate seamlessly into existing processes. By automating security and compliance tasks, it enables organizations to proactively detect and remediate vulnerabilities, ensuring robust protection of cloud assets and adherence to regulatory requirements.


  **Average Rating:** 4.4/5.0
  **Total Reviews:** 20

**User Satisfaction Scores:**

- **Has the product been a good partner in doing business?:** 8.8/10 (Category avg: 9.4/10)
- **Configuration Monitoring:** 10.0/10 (Category avg: 8.8/10)
- **Vulnerability Scanning:** 10.0/10 (Category avg: 8.7/10)
- **Threat Hunting:** 9.2/10 (Category avg: 8.6/10)


**Seller Details:**

- **Seller:** [Sophos](https://www.g2.com/sellers/sophos)
- **Year Founded:** 1985
- **HQ Location:** Oxfordshire
- **Twitter:** @Sophos (36,757 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/5053/ (5,561 employees on LinkedIn®)
- **Ownership:** LSE:SOPH

**Reviewer Demographics:**
  - **Top Industries:** Information Technology and Services, Computer &amp; Network Security
  - **Company Size:** 50% Mid-Market, 32% Enterprise


### 11. [Caveonix Cloud](https://www.g2.com/products/caveonix-cloud/reviews)
  Caveonix is a truly innovative digital risk-management platform designed to govern an enterprise&#39;s assets within hybrid and multi-cloud environments. We&#39;re powering enterprises to automate and secure their operations, giving teams application-aware visibility, and empowering senior leaders to make the necessary decisions from a reliable data source. With an easy-to-use compliance and audit management solution and continuous security and protection, Caveonix is your single source of truth that helps you govern your digital transformation.


  **Average Rating:** 3.9/5.0
  **Total Reviews:** 10

**User Satisfaction Scores:**

- **Has the product been a good partner in doing business?:** 10.0/10 (Category avg: 9.4/10)
- **Configuration Monitoring:** 10.0/10 (Category avg: 8.8/10)
- **Vulnerability Scanning:** 10.0/10 (Category avg: 8.7/10)
- **Threat Hunting:** 9.2/10 (Category avg: 8.6/10)


**Seller Details:**

- **Seller:** [Caveonix](https://www.g2.com/sellers/caveonix)
- **Year Founded:** 2017
- **HQ Location:** Falls Church, Virginia
- **Twitter:** @caveonix (69 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/caveonix/ (70 employees on LinkedIn®)

**Reviewer Demographics:**
  - **Company Size:** 40% Mid-Market, 40% Small-Business


### 12. [Truzta](https://www.g2.com/products/truzta/reviews)
  Truzta is an AI-powered Compliance Automation &amp; Security Platform that simplifies regulatory compliance and strengthens cybersecurity with proactive risk management. It automates SOC 2, ISO 27001, HIPAA, GDPR,NCA, SAMA,DPTM, PCI DSS, and more, while providing continuous monitoring, risk assessments, and automated evidence collection. With 200+ integrations, Truzta streamlines workflows, reduces audit timelines, and enables real-time threat detection for enhanced security. By unifying compliance and security, Truzta minimizes costs and ensures end-to-end protection—making audit readiness faster and hassle-free!


  **Average Rating:** 4.9/5.0
  **Total Reviews:** 54

**User Satisfaction Scores:**

- **Has the product been a good partner in doing business?:** 9.2/10 (Category avg: 9.4/10)
- **Configuration Monitoring:** 9.6/10 (Category avg: 8.8/10)
- **Vulnerability Scanning:** 9.6/10 (Category avg: 8.7/10)
- **Threat Hunting:** 8.8/10 (Category avg: 8.6/10)


**Seller Details:**

- **Seller:** [Cyberheals](https://www.g2.com/sellers/cyberheals)
- **Company Website:** https://truzta.com/
- **Year Founded:** 2021
- **HQ Location:** London, GB
- **LinkedIn® Page:** https://www.linkedin.com/company/cyber-heals (29 employees on LinkedIn®)

**Reviewer Demographics:**
  - **Top Industries:** Information Technology and Services, Computer &amp; Network Security
  - **Company Size:** 44% Mid-Market, 37% Small-Business


#### Pros & Cons

**Pros:**

- Compliance Management (36 reviews)
- Compliance (25 reviews)
- Customer Support (25 reviews)
- Ease of Use (21 reviews)
- Automation (17 reviews)

**Cons:**

- Integration Issues (7 reviews)
- Improvement Needed (5 reviews)
- Limited Scope (4 reviews)
- Cloud Dependency (3 reviews)
- Lack of Integration (3 reviews)

### 13. [rezilion](https://www.g2.com/products/rezilion/reviews)
  Rezilion&#39;s software attack surface management platform automatically secures the software you deliver to customers, giving teams time back to build. Rezilion works across your stack, helping you to know what software is in your environment, what is vulnerable, and what is actually exploitable, so you can focus on what matters and remediate automatically. KEY FEATURES: - Dynamic SBOM Create an instant inventory of all the software components in your environment - Vulnerability Validation Know which of your software vulnerabilities are exploitable, and which are not, through runtime analysis - Vulnerability Remediation Cluster vulnerabilities to eliminate multiple problems at once and automatically execute remediation work to save teams time. WITH REZILION, ACHIEVE: - 85% reduction in patching work after filtering out unexplainable vulnerabilities - 24/7 Continuous monitoring of your software attack surface -600% Faster time to remediate when you focus on what matters and patch automatically - 360-degree visibility across your entire DevSecOps stack -- not just in silos


  **Average Rating:** 4.4/5.0
  **Total Reviews:** 11

**User Satisfaction Scores:**

- **Has the product been a good partner in doing business?:** 8.3/10 (Category avg: 9.4/10)
- **Configuration Monitoring:** 8.3/10 (Category avg: 8.8/10)
- **Vulnerability Scanning:** 8.8/10 (Category avg: 8.7/10)
- **Threat Hunting:** 8.8/10 (Category avg: 8.6/10)


**Seller Details:**

- **Seller:** [rezilion](https://www.g2.com/sellers/rezilion)
- **Year Founded:** 2018
- **HQ Location:** Be&#39;er Sheva, Israel
- **Twitter:** @rezilion_ (200 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/18716043 (5 employees on LinkedIn®)

**Reviewer Demographics:**
  - **Company Size:** 45% Mid-Market, 36% Enterprise


### 14. [Stacklet Platform](https://www.g2.com/products/stacklet-platform/reviews)
  Stacklet Platform is a Governance as Code solution that accelerates cloud adoption with intelligent guardrails and actionable insights for security, compliance, cost, and operations. The Stacklet platform empowers cloud and security engineering teams to codify, automate, visualize, and collaborate on policies in a standard, easy-to-use, declarative language. Stacklet Platform extends Cloud Custodian open source project with intelligent management capabilities, including governance insights, real-time asset inventory, out-of-the-box policy packs, and advanced communications to help businesses innovate securely and efficiently in the cloud at scale.


  **Average Rating:** 4.5/5.0
  **Total Reviews:** 11

**User Satisfaction Scores:**

- **Has the product been a good partner in doing business?:** 9.4/10 (Category avg: 9.4/10)
- **Configuration Monitoring:** 10.0/10 (Category avg: 8.8/10)
- **Vulnerability Scanning:** 6.7/10 (Category avg: 8.7/10)
- **Threat Hunting:** 6.7/10 (Category avg: 8.6/10)


**Seller Details:**

- **Seller:** [Stacklet](https://www.g2.com/sellers/stacklet)
- **Company Website:** https://stacklet.io
- **HQ Location:** Everywhere, OO
- **Twitter:** @stackletio (347 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/stacklet/ (38 employees on LinkedIn®)

**Reviewer Demographics:**
  - **Company Size:** 55% Enterprise, 36% Mid-Market


#### Pros & Cons

**Pros:**

- Centralized Management (1 reviews)
- Cloud Services (1 reviews)
- Dashboard Usability (1 reviews)
- Data Centralization (1 reviews)
- Ease of Use (1 reviews)

**Cons:**

- Insufficient Information (1 reviews)
- Missing Features (1 reviews)

### 15. [BMC Helix Cloud Security](https://www.g2.com/products/bmc-helix-cloud-security/reviews)
  BMC Helix Cloud Security automates cloud configuration security checks and remediation - no coding required! - so that the IaaS and PaaS services your stakeholders use are configured securely, consistently, and with an audit trail. Automated, ready-to-use remediation removes manpower bottlenecks to close security gaps quickly. Closed-loop integration to incident and change management keeps everything running smoothly, while enabling scrum teams to easily manage their security posture within governance guardrails. Enable agility, don&#39;t hinder it. With extensive content, you can begin securing your cloud footprint in as little as 5 minutes.


  **Average Rating:** 4.5/5.0
  **Total Reviews:** 9

**User Satisfaction Scores:**

- **Has the product been a good partner in doing business?:** 7.5/10 (Category avg: 9.4/10)
- **Configuration Monitoring:** 7.5/10 (Category avg: 8.8/10)
- **Vulnerability Scanning:** 8.3/10 (Category avg: 8.7/10)
- **Threat Hunting:** 7.5/10 (Category avg: 8.6/10)


**Seller Details:**

- **Seller:** [BMC Helix](https://www.g2.com/sellers/bmc-helix)
- **Year Founded:** 2025
- **HQ Location:** N/A
- **LinkedIn® Page:** https://www.linkedin.com/company/bmchelix/ (1,083 employees on LinkedIn®)

**Reviewer Demographics:**
  - **Company Size:** 50% Small-Business, 40% Mid-Market


### 16. [Cloudaware](https://www.g2.com/products/cloudaware/reviews)
  Cloudaware is a cloud management platform with such modules as CMDB, Change Management, Cost Management, Compliance Engine, Vulnerability Scanning, Intrusion Detection, Patching, Log Management, Monitoring, BI Analytics and Backup. Cloudaware is designed for enterprises that deploy workloads across multiple cloud providers and on-premises. The platform integrates with ServiceNow, New Relic, JIRA, Chef, Puppet, Ansible, and 50+ other products. Customers deploy Cloudaware to streamline their cloud-agnostic IT management processes, spending, compliance and security.


  **Average Rating:** 3.9/5.0
  **Total Reviews:** 12

**User Satisfaction Scores:**

- **Has the product been a good partner in doing business?:** 9.2/10 (Category avg: 9.4/10)
- **Configuration Monitoring:** 8.3/10 (Category avg: 8.8/10)
- **Vulnerability Scanning:** 8.3/10 (Category avg: 8.7/10)
- **Threat Hunting:** 8.3/10 (Category avg: 8.6/10)


**Seller Details:**

- **Seller:** [CloudAware](https://www.g2.com/sellers/cloudaware)
- **Year Founded:** 2007
- **HQ Location:** New York, NY
- **Twitter:** @socialcloudops (501 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/cloudaware/ (50 employees on LinkedIn®)

**Reviewer Demographics:**
  - **Company Size:** 42% Small-Business, 33% Enterprise


### 17. [CloudWize](https://www.g2.com/products/cloudwize-cloudwize/reviews)
  CloudWize is a no-code Cloud Security Center of Excellence that gives you maximum cloud compliance &amp; security. Get 360° Protection from Architecture Design to Runtime. CludWize enforces cloud regulations with over 1K rules running continuously, scans your cloud vulnerabilities, and remediates them automatically. With our unique investigation graph engine, you can detect and fix cloud issues in minutes instead of days and weeks. This holistic solution offers a blackbox web app penetration test, evolved IAM (identity access management), IaC (infrastructure as code) risk scanning, Data Security Posture Management, and more. Why deal with many tools when you can have everything in one place? CNAPP + WAAP + KSPM – CSPM + CWPP + CIEM + CASB + DSPM + CNSP = CloudWize (CSCoE)


  **Average Rating:** 4.7/5.0
  **Total Reviews:** 11

**User Satisfaction Scores:**

- **Has the product been a good partner in doing business?:** 10.0/10 (Category avg: 9.4/10)


**Seller Details:**

- **Seller:** [CloudWize](https://www.g2.com/sellers/cloudwize)
- **Year Founded:** 2019
- **HQ Location:** Netanya, IL
- **Twitter:** @cloud_wize (94 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/cloudwize-io/about (5 employees on LinkedIn®)

**Reviewer Demographics:**
  - **Company Size:** 50% Small-Business, 33% Mid-Market


#### Pros & Cons

**Pros:**

- Security (7 reviews)
- Ease of Use (6 reviews)
- Cloud Integration (5 reviews)
- Cloud Management (5 reviews)
- Cloud Services (5 reviews)

**Cons:**

- Complex Implementation (1 reviews)
- Complex Setup (1 reviews)
- Customization Difficulty (1 reviews)
- Difficult Navigation (1 reviews)
- Excessive Customization (1 reviews)

### 18. [Cyscale Cloud Platform](https://www.g2.com/products/cyscale-cloud-platform/reviews)
  Cyscale offers a unified cloud security platform (CNAPP) that constantly monitors your cloud for risks and compliance issues. It includes CSPM, KSPM, CWPP, vulnerability management, CIEM, DSPM, and Container security. Designed to prioritize remediations, it is a valuable tool for Security Teams, CISOs, and CTOs looking to strengthen their security posture. Customers rely on Cyscale to bring products to market faster and more securely, consolidating 4 or 5 point security solutions into a single platform. Headquartered in London, Cyscale was founded by a team of visionary security experts and researchers. The founders have worked to protect companies like Rolls Royce, ABB, and Lloyd’s Register. Visit https://cyscale.com to learn more.


  **Average Rating:** 4.8/5.0
  **Total Reviews:** 6

**User Satisfaction Scores:**

- **Has the product been a good partner in doing business?:** 10.0/10 (Category avg: 9.4/10)
- **Configuration Monitoring:** 9.4/10 (Category avg: 8.8/10)
- **Vulnerability Scanning:** 9.4/10 (Category avg: 8.7/10)
- **Threat Hunting:** 8.3/10 (Category avg: 8.6/10)


**Seller Details:**

- **Seller:** [Cyscale](https://www.g2.com/sellers/cyscale)
- **Year Founded:** 2019
- **HQ Location:** London, GB
- **Twitter:** @cyscale (52 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/cyscale/ (6 employees on LinkedIn®)

**Reviewer Demographics:**
  - **Company Size:** 50% Mid-Market, 50% Small-Business


#### Pros & Cons

**Pros:**

- Cloud Integration (3 reviews)
- Customer Support (3 reviews)
- Ease of Use (3 reviews)
- Cloud Security (2 reviews)
- Cloud Technology (2 reviews)

**Cons:**

- Limited Features (3 reviews)
- Missing Features (2 reviews)
- Compliance Issues (1 reviews)
- Difficulty (1 reviews)
- Immaturity (1 reviews)

### 19. [ImmuniWeb Discovery](https://www.g2.com/products/immuniweb-discovery/reviews)
  Attack surface management and Dark Web Monitoring. ImmuniWeb® Discovery leverages OSINT and our award-winning AI technology to illuminate attack surface and Dark Web exposure of a company. The non-intrusive and production-safe discovery is a perfect fit both for continuous self-assessment and vendor risk scoring to prevent supply chain attacks.


  **Average Rating:** 4.9/5.0
  **Total Reviews:** 5

**User Satisfaction Scores:**

- **Has the product been a good partner in doing business?:** 10.0/10 (Category avg: 9.4/10)
- **Configuration Monitoring:** 10.0/10 (Category avg: 8.8/10)
- **Vulnerability Scanning:** 0/10 (Category avg: 8.7/10)


**Seller Details:**

- **Seller:** [ImmuniWeb](https://www.g2.com/sellers/immuniweb-8be8a6d5-dde6-41c6-b289-3ad6257f0258)
- **Year Founded:** 2019
- **HQ Location:** Geneva, CH
- **Twitter:** @immuniweb (8,487 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/immuniweb/ (33 employees on LinkedIn®)

**Reviewer Demographics:**
  - **Company Size:** 83% Mid-Market, 17% Small-Business


#### Pros & Cons

**Pros:**

- Monitoring (2 reviews)
- Monitoring Efficiency (2 reviews)
- Alert Notifications (1 reviews)
- Customer Support (1 reviews)
- Dark Web Monitoring (1 reviews)

**Cons:**

- Integration Issues (1 reviews)
- Lack of Integration (1 reviews)
- Limited Features (1 reviews)
- Limited Flexibility (1 reviews)
- Limited Reporting (1 reviews)

### 20. [Upwind](https://www.g2.com/products/upwind/reviews)
  Upwind is the runtime-first cloud security platform that secures your deployments, configurations, and applications by providing real-time visibility from the inside out. We’ve built a unified fabric that maps your environment as it runs - revealing what’s truly at risk, what’s actively happening, and how to respond quickly and effectively. With Upwind, security, dev, and ops teams move faster, stay focused, and fix risks that matter most.


  **Average Rating:** 4.9/5.0
  **Total Reviews:** 8

**User Satisfaction Scores:**

- **Has the product been a good partner in doing business?:** 10.0/10 (Category avg: 9.4/10)
- **Configuration Monitoring:** 10.0/10 (Category avg: 8.8/10)
- **Vulnerability Scanning:** 10.0/10 (Category avg: 8.7/10)
- **Threat Hunting:** 10.0/10 (Category avg: 8.6/10)


**Seller Details:**

- **Seller:** [Upwind](https://www.g2.com/sellers/upwind)
- **Company Website:** https://www.upwind.io
- **Year Founded:** 2022
- **HQ Location:** San Francisco, California, United States
- **LinkedIn® Page:** https://www.linkedin.com/company/upwindsecurity/ (217 employees on LinkedIn®)

**Reviewer Demographics:**
  - **Company Size:** 75% Mid-Market, 25% Enterprise


#### Pros & Cons

**Pros:**

- Ease of Use (3 reviews)
- Visibility (3 reviews)
- Customer Support (2 reviews)
- Detection Efficiency (2 reviews)
- Implementation Ease (2 reviews)

**Cons:**

- Alert Overload (1 reviews)
- Compliance Issues (1 reviews)
- Data Management (1 reviews)
- Data Overload (1 reviews)
- False Positives (1 reviews)

### 21. [C3M Cloud Control](https://www.g2.com/products/c3m-cloud-control/reviews)
  C3M Cloud Control is a Cloud Security platform with Cloud Security Posture Management (CSPM) and Cloud Workload Protection Platform (CWPP) helping enterprises gain complete cloud visibility, prevent misconfigurations, avoid over-provisioned privileges, and enforce security best practices for the cloud while being compliant with security standards and regulations such as HIPAA, PCI DSS, GDPR, GLBA, ISO 27001, NIST, CIS Benchmarks.


  **Average Rating:** 4.5/5.0
  **Total Reviews:** 3

**User Satisfaction Scores:**

- **Configuration Monitoring:** 8.3/10 (Category avg: 8.8/10)
- **Vulnerability Scanning:** 10.0/10 (Category avg: 8.7/10)
- **Threat Hunting:** 8.3/10 (Category avg: 8.6/10)


**Seller Details:**

- **Seller:** [C3M](https://www.g2.com/sellers/c3m)
- **Year Founded:** 2018
- **HQ Location:** N/A
- **LinkedIn® Page:** https://www.linkedin.com/company/c3mllc/ (2 employees on LinkedIn®)

**Reviewer Demographics:**
  - **Company Size:** 67% Mid-Market, 33% Enterprise


### 22. [CloudCheckr CMx](https://www.g2.com/products/cloudcheckr-cmx/reviews)
  The CloudCheckr Cloud Management Platform (CMP) offers a single pane of glass view to help modern enterprises manage and optimize their public cloud. DevOps, SecOps, and FinOps teams from hundreds of global enterprises and service providers rely on CloudCheckr to manage their Azure, AWS, and Google Cloud investments so they can quickly optimize spend, eliminate waste, and improve security and compliance throughout their cloud journey. CloudCheckr enables users to save money, time, and effort to increase operational efficiencies with automated actions for your cloud. Manage your expenses with cost allocation, spend optimization, invoicing and chargebacks. Use custom reports and alerts ensure governance and accountability as your environments scale. The CloudCheckr CMP provides total visibility across your cloud infrastructure and enables protection for state and activity monitoring, turning insight to action while meeting compliance demands. Manage your assets with cross-account dashboards that provide sophisticated reporting for enterprise-wide inventory based on tags, geography, function and more to proactively optimize workloads. Review summary and detailed usage statistics for resources across AWS, Azure, and Google Cloud, offering actionable intelligence to right-size and scale services efficiently.


  **Average Rating:** 4.0/5.0
  **Total Reviews:** 12

**User Satisfaction Scores:**

- **Has the product been a good partner in doing business?:** 6.7/10 (Category avg: 9.4/10)


**Seller Details:**

- **Seller:** [CloudCheckr](https://www.g2.com/sellers/cloudcheckr)
- **Year Founded:** 2011
- **HQ Location:** Rochester, NY
- **Twitter:** @cloudcheckr (2,121 Twitter followers)
- **LinkedIn® Page:** https://www.linkedin.com/company/cloudcheckr/ (33 employees on LinkedIn®)

**Reviewer Demographics:**
  - **Top Industries:** Information Technology and Services
  - **Company Size:** 50% Small-Business, 42% Mid-Market


#### Pros & Cons

**Pros:**

- Comprehensive Solutions (1 reviews)
- Customer Success (1 reviews)
- Customer Support (1 reviews)
- Documentation (1 reviews)
- Ease of Use (1 reviews)

**Cons:**

- Cost Management (1 reviews)
- Expensive (1 reviews)
- Improvement Needed (1 reviews)
- Limited Options (1 reviews)
- Missing Features (1 reviews)

### 23. [Cyber Chief](https://www.g2.com/products/cyber-chief/reviews)
  Cyber Chief is a vulnerability scanner &amp; issue management tool that helps you ship software with zero known security vulnerabilities. It gives your software team the power to find and fix thousands of vulnerabilities in your web applications and cloud infrastructure. With its one-click vulnerability scanning and smart vulnerability management features, Cyber Chief will help your software team secure their applications abs infrastructure, even if there is zero application security qualifications or experience on the team. Cyber Chief is cloud-based and has military-grade security controls so that your security secrets are kept safe.


  **Average Rating:** 4.5/5.0
  **Total Reviews:** 7

**User Satisfaction Scores:**

- **Has the product been a good partner in doing business?:** 7.8/10 (Category avg: 9.4/10)
- **Configuration Monitoring:** 8.3/10 (Category avg: 8.8/10)
- **Vulnerability Scanning:** 8.3/10 (Category avg: 8.7/10)
- **Threat Hunting:** 8.3/10 (Category avg: 8.6/10)


**Seller Details:**

- **Seller:** [Audacix](https://www.g2.com/sellers/audacix)
- **Year Founded:** 2015
- **HQ Location:** Melbourne, Victoria
- **LinkedIn® Page:** https://www.linkedin.com/company/audacix/ (14 employees on LinkedIn®)

**Reviewer Demographics:**
  - **Company Size:** 43% Mid-Market, 43% Small-Business


#### Pros & Cons

**Pros:**

- Automated Scanning (2 reviews)
- Customer Support (2 reviews)
- Cybersecurity (2 reviews)
- Vulnerability Detection (2 reviews)
- Vulnerability Identification (2 reviews)


### 24. [ResilientX Security Platform](https://www.g2.com/products/resilientx-security-platform/reviews)
  ResilientX Unified Exposure Management Platform is the leading platform that unifies Attack Surface Management, Web Application Security Testing, Network Security Testing, Cloud Security Posture Management, and Third-Party Risk Management.


  **Average Rating:** 5.0/5.0
  **Total Reviews:** 17

**User Satisfaction Scores:**

- **Has the product been a good partner in doing business?:** 9.8/10 (Category avg: 9.4/10)
- **Configuration Monitoring:** 10.0/10 (Category avg: 8.8/10)
- **Vulnerability Scanning:** 10.0/10 (Category avg: 8.7/10)
- **Threat Hunting:** 10.0/10 (Category avg: 8.6/10)


**Seller Details:**

- **Seller:** [ResilientX](https://www.g2.com/sellers/resilientx)
- **Year Founded:** 2022
- **HQ Location:** London
- **Twitter:** @ResilientXcyber (33 Twitter followers)
- **LinkedIn® Page:** http://www.linkedin.com/company/resilientx (12 employees on LinkedIn®)

**Reviewer Demographics:**
  - **Company Size:** 47% Mid-Market, 35% Small-Business


#### Pros & Cons

**Pros:**

- Security (8 reviews)
- Vulnerability Detection (8 reviews)
- Vulnerability Identification (6 reviews)
- Customer Support (4 reviews)
- Detection (4 reviews)

**Cons:**

- Complex Setup (1 reviews)
- Difficult Customization (1 reviews)
- Difficult Initial Setup (1 reviews)
- Integration Issues (1 reviews)
- Lack of Integration (1 reviews)

### 25. [Solvo](https://www.g2.com/products/solvo/reviews)
  Solvo is a multi-dimensional cloud security platform that breaks down application, identity and data silos to proactively detect and mitigate cloud misconfigurations and vulnerabilities. Solvo’s adaptive security approach is based on a continuous cycle of threat discovery, analysis and prioritization, followed by least privilege policy optimization, validation and monitoring. Book a free demo: https://www.solvo.cloud/request-a-demo/ Try Solvo free for 14-days: https://www.solvo.cloud/freetrial/


  **Average Rating:** 4.6/5.0
  **Total Reviews:** 12

**User Satisfaction Scores:**

- **Has the product been a good partner in doing business?:** 9.8/10 (Category avg: 9.4/10)
- **Configuration Monitoring:** 8.9/10 (Category avg: 8.8/10)
- **Vulnerability Scanning:** 10.0/10 (Category avg: 8.7/10)
- **Threat Hunting:** 10.0/10 (Category avg: 8.6/10)


**Seller Details:**

- **Seller:** [Solvo](https://www.g2.com/sellers/solvo-078692e8-87f0-42d2-b0a2-d360318c886a)
- **HQ Location:** , 
- **LinkedIn® Page:** https://www.linkedin.com/company/solvo-cloud (19 employees on LinkedIn®)

**Reviewer Demographics:**
  - **Company Size:** 58% Small-Business, 25% Enterprise


#### Pros & Cons

**Pros:**

- Features (3 reviews)
- Ease of Use (2 reviews)
- Efficiency Improvement (2 reviews)
- Solutions (2 reviews)
- Automation (1 reviews)

**Cons:**

- Complexity (2 reviews)
- Expensive (2 reviews)
- Learning Curve (2 reviews)
- Cloud Integration (1 reviews)
- Compatibility Issues (1 reviews)


## Parent Category

[Cloud Security Software](https://www.g2.com/categories/cloud-security)


## Related Categories

- [Vulnerability Scanner Software](https://www.g2.com/categories/vulnerability-scanner)
- [Cloud Workload Protection Platforms](https://www.g2.com/categories/cloud-workload-protection-platforms)
- [Container Security Tools](https://www.g2.com/categories/container-security-tools)
- [Cloud Compliance Software](https://www.g2.com/categories/cloud-compliance)
- [Cloud Security Monitoring and Analytics Software](https://www.g2.com/categories/cloud-security-monitoring-and-analytics)
- [Cloud-Native Application Protection Platform (CNAPP)](https://www.g2.com/categories/cloud-native-application-protection-platform-cnapp)
- [Cloud Detection and Response (CDR) Software](https://www.g2.com/categories/cloud-detection-and-response-cdr)


---
## Frequently Asked Questions

### How can CSPM improve compliance with industry regulations?

CSPM enhances compliance with industry regulations by automating security assessments and providing continuous monitoring of cloud environments. Users report that features like automated compliance checks and real-time alerts help identify and remediate compliance gaps efficiently. Additionally, CSPM tools facilitate adherence to standards such as GDPR and HIPAA by ensuring that security policies are consistently applied across cloud resources. Products like Prisma Cloud, CloudHealth, and Check Point CloudGuard are noted for their robust compliance reporting capabilities, which streamline audits and reduce the risk of non-compliance.


### How do CSPM solutions address security vulnerabilities in real-time?

CSPM solutions address security vulnerabilities in real-time by continuously monitoring cloud environments for misconfigurations and compliance violations. They provide automated alerts and remediation suggestions, enabling organizations to respond swiftly to potential threats. Products like Prisma Cloud, CloudHealth, and Sumo Logic are noted for their real-time monitoring capabilities, with users highlighting features such as automated compliance checks and integration with CI/CD pipelines, which enhance proactive security management and reduce the window of exposure to vulnerabilities.


### How do CSPM solutions handle multi-cloud environments?

CSPM solutions effectively manage multi-cloud environments by providing centralized visibility and compliance across various cloud platforms. Users frequently highlight features such as automated risk assessments, policy enforcement, and integration capabilities with major cloud providers like AWS, Azure, and Google Cloud. For instance, products like Prisma Cloud and CloudHealth are noted for their robust multi-cloud support, enabling users to monitor configurations and security postures seamlessly across different environments. Additionally, many solutions offer customizable dashboards and reporting tools that enhance visibility and streamline compliance management across diverse cloud infrastructures.


### How do CSPM tools differ in terms of user experience?

CSPM tools differ significantly in user experience, with some platforms like Prisma Cloud and CloudHealth receiving high marks for intuitive interfaces and ease of navigation, while others, such as Dome9 and Sumo Logic, are noted for their robust feature sets but can be more complex to use. User feedback highlights that Prisma Cloud excels in providing a streamlined onboarding process, whereas Dome9 is often praised for its comprehensive security features despite a steeper learning curve. Overall, user satisfaction ratings reflect these differences, with Prisma Cloud achieving a higher ease-of-use score compared to its competitors.


### How do CSPM tools integrate with existing cloud services?

CSPM tools integrate with existing cloud services by utilizing APIs to monitor configurations and compliance across various platforms. Users report that tools like Prisma Cloud and CloudHealth provide seamless integration with AWS, Azure, and Google Cloud, enabling real-time visibility and automated remediation. Additionally, solutions such as Check Point CloudGuard and Sumo Logic are noted for their ability to enhance security posture through continuous monitoring and alerts, ensuring compliance with industry standards. Overall, effective integration is a key feature that enhances the functionality of CSPM tools.


### How do I evaluate the scalability of a CSPM solution?

To evaluate the scalability of a CSPM solution, consider user feedback on performance under increased workloads, integration capabilities with existing systems, and the ability to manage multiple cloud environments. Products like Prisma Cloud and Check Point CloudGuard are noted for their robust scalability features, with users highlighting seamless scaling during peak usage. Additionally, solutions such as Sumo Logic and CloudHealth are recognized for their adaptability to growing infrastructures, ensuring effective management as organizations expand their cloud resources.


### What are common use cases for implementing CSPM?

Common use cases for implementing Cloud Security Posture Management (CSPM) include continuous compliance monitoring, risk assessment, and threat detection across cloud environments. Users frequently highlight the importance of automating security checks to ensure adherence to regulatory standards and best practices. Additionally, CSPM tools are utilized for identifying misconfigurations and vulnerabilities in cloud resources, enhancing overall security posture. Organizations also leverage CSPM for incident response planning and improving visibility into their cloud security landscape.


### What are the key features to look for in a CSPM solution?

Key features to look for in a Cloud Security Posture Management (CSPM) solution include automated compliance checks, real-time threat detection, risk assessment capabilities, integration with existing security tools, and comprehensive reporting features. Users emphasize the importance of user-friendly dashboards for visibility and ease of use, as well as support for multi-cloud environments to ensure consistent security across platforms. Additionally, effective remediation guidance and continuous monitoring are critical for maintaining security posture.


### What are the most important metrics to measure CSPM effectiveness?

Key metrics to measure CSPM effectiveness include the number of security incidents detected, compliance score against industry standards, time to remediate vulnerabilities, and the percentage of misconfigurations resolved. User feedback highlights that effective CSPM tools significantly reduce the time to detect and respond to threats, with many users noting improvements in compliance adherence and overall cloud security posture. Additionally, tracking the reduction in false positives can indicate the accuracy of the CSPM solution.


### What are the typical deployment timelines for CSPM solutions?

Deployment timelines for Cloud Security Posture Management (CSPM) solutions typically range from a few weeks to several months, depending on the complexity of the environment and the specific solution. For instance, users report that solutions like Prisma Cloud and CloudHealth can be deployed within 1-3 months, while others like Sumo Logic may take longer due to integration requirements. Overall, most users indicate that initial setup and configuration are manageable within this timeframe, allowing for quicker realization of security benefits.


### What is the average pricing model for CSPM solutions?

The average pricing model for Cloud Security Posture Management (CSPM) solutions typically ranges from $1,000 to $5,000 per month, depending on the features and scale of deployment. Most vendors offer tiered pricing based on the number of cloud accounts monitored, with some solutions providing custom pricing for larger enterprises. For example, products like Prisma Cloud, CloudHealth, and Check Point CloudGuard are known to follow this pricing structure, reflecting the competitive landscape in the CSPM market.


### What level of support is typically offered by CSPM vendors?

CSPM vendors typically offer a range of support options, including 24/7 customer support, dedicated account managers, and extensive documentation. For instance, vendors like Palo Alto Networks and Check Point Software Technologies are noted for their responsive support teams and comprehensive onboarding processes. Additionally, many users highlight the availability of community forums and knowledge bases, which enhance user experience and troubleshooting. Overall, the level of support can vary, but many vendors prioritize customer assistance to ensure effective use of their solutions.