Sysdig Secure attack path tracking
David Strom
Tenable.cs
Tenable.cs (Cloud Security) secures every layer of the cloud, including infrastructure, workloads, identities, data, and AI resources. It brings together CSPM, CIEM, JIT access, CWPP, DSPM, AI-SPM, IaC scanning, and container security for Kubernetes. It comes with more than 1,400 pre-set policies and loads of default benchmarks. It integrates its Nessus vulnerability scanner, extending it to scan VMs and containers, along with its acquisition of Accurics and Cymptom and integration of its cloud path discovery and protection. It supports the big three IaaS platforms along with Oracle Cloud. It protects cloud, multi-cloud and hybrid environments and integrates with Tenable’s AI-powered exposure management platform for enterprise-wide attack protection. It is available as part of Tenable One or standalone.
Tenable’s dashboard shows a broad view of vulnerabilities, trends and compliance tasks.
David Strom
Tigera Calico Cloud
Tigera Calico Cloud comes from the CWPP perspective and integrates with lots of different Kubernetes platforms, including the big three IaaS vendors along with Red Hat’s OpenShift and SUSE’s Rancher. The container world is its focus and is more network focused than other CNAPP tools.It has a very transparent pricing page and comes in a free open-source collection and a pro version that charges per node hour, which is also available on a subscription basis.
Tigera graph of discovered services and how they are connected.
David Strom
Uptycs
Uptycs delivers comprehensive cloud security through a unified platform that provides deep visibility and protection across cloud-native environments. The solution integrates CDR, DSPM and application posture management capabilities in one platform along with support for the classic CNAPP tools. By leveraging generative AI security agent and machine learning, Uptycs offers real-time risk detection, compliance monitoring, and threat prevention across multi-cloud and hybrid infrastructures. The platform supports major cloud providers like AWS, Azure, and Google Cloud, providing continuous monitoring of misconfigurations, vulnerabilities, and compliance violations. Its agentless and agent-based scanning technologies enable deep security insights, while its correlation engine helps security and DevOps teams prioritize and remediate critical risks efficiently across containers, Kubernetes, cloud services, and host environments. Uptycs has more than 1,100 behavioural rules mapped to the MITRE ATT&CK framework for container and cloud detections. Pricing starts at $5,000 per year for 200 cloud assets.