Security scanning for
every layer of your stack
CloudGuard scans your cloud accounts, Kubernetes clusters, Linux hosts, and web URLs for misconfigurations, vulnerabilities, and compliance gaps — then delivers professional PDF reports straight to your inbox.
One tool. Every layer of your infrastructure.
From cloud accounts and Kubernetes clusters to Linux servers and public-facing web properties — CloudGuard gives you unified security visibility across your entire environment.
- EC2, VPC & Security Groups
- S3 Bucket Policies & ACLs
- IAM Users, Roles & Policies
- RDS, DynamoDB, ElastiCache
- Lambda, ECS, EKS
- CloudTrail, Config, GuardDuty
- KMS & Secrets Manager
- ELB, CloudFront, Route 53
- SNS, SQS, SSM, CodeDeploy
- CloudFormation & more
- Virtual Machines & VMSS
- Azure Blob Storage
- Azure Active Directory
- Azure SQL & CosmosDB
- AKS, App Service, Functions
- Azure Monitor & Defender
- Key Vault
- Load Balancer, CDN, DNS
- Service Bus & Event Hub
- Azure Policy & more
- Compute Engine, GKE
- Cloud Storage Buckets
- IAM & Service Accounts
- Cloud SQL, Spanner, Bigtable
- Cloud Run & App Engine
- Cloud Audit Logs & SCC
- Cloud KMS & Secret Manager
- Cloud CDN & Load Balancing
- Pub/Sub & Cloud Functions
- VPC, Firewall Rules & more
- Pod Security Standards & PSP
- RBAC Roles & ClusterRoles
- Network Policies
- Secrets & ConfigMap exposure
- Privileged & root containers
- Image vulnerability scanning
- Service Account permissions
- Ingress TLS configuration
- Resource limits & requests
- Namespace isolation & more
- CIS Linux Benchmark checks
- SSH hardening & key audit
- User accounts & sudo rules
- File & directory permissions
- Running services & open ports
- iptables / firewalld rules
- Kernel & sysctl parameters
- Password & PAM policies
- Cron jobs & scheduled tasks
- Package & patch audit
- SSL / TLS certificate checks
- HTTP security headers (HSTS, CSP…)
- X-Frame-Options & clickjacking
- Cookie security flags
- Open redirect detection
- Exposed admin & debug paths
- DNS & SPF / DMARC records
- Mixed content warnings
- Subdomain takeover checks
- CORS misconfiguration & more
Everything you need to stay secure
From cloud accounts and Kubernetes clusters to Linux servers and websites — CloudGuard covers the full stack with continuous scanning, rich reports, and instant remediation guidance.
Continuous Security Scanning
Automated scans across cloud accounts, Kubernetes clusters, Linux hosts, and web URLs on your schedule. No manual effort required.
Kubernetes Deep Inspection
Scan EKS, AKS, GKE, OpenShift, or self-managed clusters for RBAC misconfigurations, privileged containers, exposed secrets, missing network policies, and more.
Linux Host Hardening
Connect to any Linux server via SSH and audit it against CIS benchmarks — SSH config, file permissions, user accounts, services, kernel parameters, and patch levels.
Web URL Security Scan
Enter any URL and CloudGuard checks SSL certificates, HTTP security headers, cookie flags, DNS records, CORS policies, exposed paths, and subdomain takeover risks.
Professional PDF Reports
Download or receive beautifully formatted, executive-ready PDF reports with severity breakdowns, affected resources, and step-by-step remediation guidance.
Email Delivery
Reports delivered directly to any email address. Use our built-in mail service or connect your own SMTP server for full control.
Resource-Level Rescans
Remediated a finding? Rescan a single resource, server, or URL instantly without re-running the full audit.
Severity Prioritization
Every finding — cloud, K8s, Linux, or web — is ranked Critical → High → Medium → Low → Info so your team knows where to act first.
Compliance Benchmarks
Map findings to CIS Benchmarks for AWS, Azure, GCP, Kubernetes, and Linux — plus NIST, SOC 2, and PCI-DSS control mappings.
Up and running in minutes
No complex agents. Lightweight read-only access. Just point CloudGuard at your target and get results.
Connect your target
Add AWS / Azure / GCP credentials, a Kubernetes kubeconfig, SSH access to a Linux host, or simply enter a web URL. Read-only access only — CloudGuard never modifies anything.
Choose scope & schedule
Select regions, services, namespaces, or specific paths to audit. Run on-demand or schedule recurring scans. Mix any combination of targets in a single report.
Receive your report
A professional PDF lands in your inbox with every finding, its severity, affected resources or URLs, and step-by-step remediation guidance.
Any Kubernetes cluster
EKS, AKS, GKE, OpenShift, or self-managed — CloudGuard checks CIS Kubernetes Benchmark, RBAC, network policies, privileged workloads, and secret exposure.
Any Linux distribution
Connect via SSH to any Ubuntu, Debian, RHEL, CentOS, Amazon Linux, or Alpine host. CloudGuard audits it against CIS benchmarks without installing any agent.
Any public web URL
Just enter a URL — no installation needed. CloudGuard checks your SSL certificate, security headers, DNS records, cookie flags, CORS policies, and exposed sensitive paths.
Simple, transparent pricing
Start for free. Scale as you grow. No hidden fees.
For individuals getting started with security scanning.
- ✓ 1 target (cloud, K8s, Linux or Web)
- ✓ 5 services / checks
- ✓ 3 reports / month
- ✓ PDF download
- ✗ Linux & Web scanning
- ✗ Email delivery
- ✗ Scheduled scans
Full multi-platform scanning for teams.
- ✓ 5 cloud accounts
- ✓ AWS + Azure + GCP
- ✓ Kubernetes clusters
- ✓ Linux hosts (SSH)
- ✓ Web URL scanning
- ✓ Unlimited reports + email
- ✓ Scheduled & on-demand scans
- ✓ Resource-level rescans
For organisations with advanced compliance requirements.
- ✓ Unlimited targets across all platforms
- ✓ CIS / NIST / SOC 2 / PCI mappings
- ✓ SSO / SAML integration
- ✓ Custom scan profiles
- ✓ Dedicated support & SLA
- ✓ On-premise deployment
- ✓ API access
Secure your entire infrastructure today
Cloud · Kubernetes · Linux · Web — all in one platform. No credit card required.
Get Started Free