Cloud services provide the tools for security.
CloudSploit helps you use them correctly.

Developer

Free Your Developers

Auditing best practices across IaaS and SaaS providers can consume hours of developer time each week. CloudSploit automates the detection of risks on a continuous basis.
legal compliance

Make Compliance a Priority

The scan reports generated by CloudSploit can be used to quickly assess risk, plan for remediation, and audit changes over time. Legal's happy. You're happy.
users

Protect Your Customers

Misconfigurations put your customers' data and your business at risk. CloudSploit detects these risks before they are exploited and ensures your environments stay secure.

Automate Adherence to Security Best Practices

Cloud providers like AWS and Azure have hundreds of services with thousands of configuration options. CloudSploit audits these services to find the weak points in your infrastructure.

  • Servers exposed publicly to the internet
  • Unencrypted data storage
  • Lack of least-privilege policies
  • Poor password policies or missing MFA
  • Misconfigured backup and restore settings
  • Data exposure and privilege escalation
Start Automating
Fix Issues

Fix Issues and Re-Evaluate

Fix Issues

A security tool isn't much good if it doesn't help fix the problems it finds. Every CloudSploit scan report includes in-depth remediation steps. Don't just detect risks; fix them and continually reassess.

Start Fixing

Empower Developers and CISOs Alike

Developer Friendly

CloudSploit is built by cloud security professionals, with capabilities for all levels of the business: from developers to CISOs.

Start Reporting
Developer Friendly
video

How It Works

  • 1
    Provide secure access to your account
    CloudSploit uses secure, cross-account access to query cloud provider APIs on your behalf.
  • 2
    Give CloudSploit read-only permissions
    CloudSploit never requires write access to your account and always uses the least-privileged permissions available.
  • 3
    Connect your account to CloudSploit
    It takes less than a minute to connect a new cloud account through the CloudSploit dashboard.
  • 4
    Begin scanning
    You can initiate on-demand scans immediately or enable continuous, background scanning.

Why Use CloudSploit?

Hacker Puts Hosting Service Code Spaces Out of Business ThreatPost
"We finally managed to get our panel access back, but not before he had removed all EBS snapshots, S3 buckets, all AMI’s, some EBS instances and several machine instances," Code Spaces said. “In summary, most of our data, backups, machine configurations and offsite backups were either partially or completely deleted."
AWS S3 Buckets Exposed Millions of Facebook Records SecurityWeek
"Storing user data in S3 buckets is commonplace... they can inadvertently be accessible, and without visibility and context... security teams simply won’t know when there’s a potential vulnerability. At issue is not the S3 bucket, but how it’s configured, and the awareness around configuration changes, some of which could end up being disastrous"
My AWS Account was Hacked and I Have a $50,000 Bill Quora
"For years, my bill was never above $350/month on my single AWS instance. Then over the weekend someone got hold of my private key and launched hundreds of instances and racked up a $50,000 bill before I found out about it on Tuesday."



Tesla Hackers Hijacked Amazon Cloud Account to Mine Cryptocurrency Fortune
"An unidentified hacker or hackers broke into a Tesla-owned Amazon cloud account and used it to mine cryptocurrency, security researchers said. The breach also exposed proprietary data for the electric carmaker."


Password Manager Exposes 2.4M Users on Misconfigured AWS Cloud Instance SiliconAngle
"Abine Inc., the company behind the Blue password manager and DeleteMe privacy-protection service, has admitted that it accidentally exposed data relating to 2.4 million users on a misconfigured Amazon Web Services Inc. instance."


Features

For more details and to see a complete comparison chart, click here.

timer icon
2-Minute Setup
It takes less than 2 minutes to securely connect CloudSploit to your accounts.
Browser
Fully-Managed
No infrastructure to manage. CloudSploit is a fully-hosted SaaS solution.
Email Summaries
Simple Signup
All you need is an email address; no complex company forms asking for phone numbers.
Hotmaps
Multi Cloud and Region
CloudSploit is globally available across all regions of multiple cloud providers.
Users
Users and Groups
Create teams of account users with custom account RBAC.
Downloadable Reports
Export formatted reports as CSV for safe-keeping, auditing, and sharing.
Custom Sign
Custom Signatures
Extend CloudSploit's core security checks with your own custom plugins.
supressions
Suppressions
Easily suppress false positives, unused resources, specific checks, or entire regions.
Results Search
Real-Time Event Analysis
Monitor and audit API calls to your AWS account in real-time.
Result Recap
Archived Results
Scan results can be stored for up to fourteen months for historical analysis and auditing.
Alerts
Alerts and Integrations
Slack, PagerDuty, OpsGenie, MS Teams, Email, and SNS support for specific tests and results.
Auditing Tools
API Driven
All of CloudSploit's functionality is available via both our UI and API.
Get Started

A Secure and Reliable Platform

Our modern, open source scanning engine is fully auditable and open for community contributions.

Safe & Secure

CloudSploit scans require read-only permissions to your account with secure cross-account roles.

Current

The CloudSploit plugin database is continually updated with the latest cloud services.



Intelligent

CloudSploit scans make the fewest API calls necessary to make an accurate prediction of security.

Common Questions

Our support team can answer any other questions that our help page can't.
What is CloudSploit?

CloudSploit is a cloud security auditing and monitoring tool. It audits the configuration state of services in your IaaS accounts (AWS, Azure, etc) for potential misconfigurations that lead to security breaches and monitors activity in your accounts in real-time for suspicious behavior and insider threats.

Does CloudSploit make changes to my accounts?

No. CloudSploit is a read-only service that only has access to the metadata surrounding your cloud resources. We do not (and do not have the access to) make changes to your accounts. Our scan reports suggest changes to improve security, but they must be made by an authorized user.

What clouds and services does CloudSploit support?

CloudSploit supports the AWS, Azure, GCP, and Oracle public clouds. Nearly all AWS and Azure services are supported, while our GCP and Oracle beta platforms are under active development.

Is CloudSploit open source?

CloudSploit's core scanning engine - the software that obtains cloud account metadata and audits it for security risks - is 100% open source. Our hosted SaaS platform provides additional tools and capabilities on top of the scanning engine.