# Best Cloud Infrastructure Entitlement Management (CIEM) Software *By [Lauren Worth](https://research.g2.com/insights/author/lauren-worth)* Cloud infrastructure entitlement management (CIEM) software, also sometimes referred to as cloud permissions management software, is a security solution that manages user privileges or "entitlements" in cloud environments. The software controls access to applications, infrastructure, and resources in the cloud environment using the principle of least privileges (POLP). The least privilege policy is an integral part of the zero trust policy that limits the attack surface of security threats by restricting access in the cloud landscape. CIEM software manages user accounts, defines user roles, and provides access control to ensure only the right users have access to resources, which reduces unauthorized access. Companies with complex cloud landscapes, as well as numerous teams and users, can use CIEM software to secure their cloud environments and ensure compliance. Security and IT operations teams use this tool to control access privileges and monitor the cloud environment for unauthorized access. CIEM solutions have some features that overlap with [identity and access management (IAM) software](https://www.g2.com/categories/identity-and-access-management-iam) as both provide authentication and access control. However, they have distinct purposes. IAM focuses on user authentication, authorization, and access control across an organization's IT systems, both on-premises and in the cloud. CIEM extends its scope to include cloud infrastructure and endpoint management, addressing the broader challenges of managing cloud resources, securing endpoints, and ensuring cloud security and compliance. To qualify for inclusion in the Cloud Infrastructure Entitlement Management (CIEM) category, a product must: - Provide visibility into all cloud assets and access privileges - Remove any unused privileges - Continuously monitor the environments, detect any violations, and perform automatic remediation ## Category Overview **Total Products under this Category:** 22 ## Trust & Credibility Stats **Why You Can Trust G2's Software Rankings:** - 30 Analysts and Data Experts - 2,000+ Authentic Reviews - 22+ Products - Unbiased Rankings G2's software rankings are built on verified user reviews, rigorous moderation, and a consistent research methodology maintained by a team of analysts and data experts. Each product is measured using the same transparent criteria, with no paid placement or vendor influence. While reviews reflect real user experiences, which can be subjective, they offer valuable insight into how software performs in the hands of professionals. Together, these inputs power the G2 Score, a standardized way to compare tools within every category. ## Best Cloud Infrastructure Entitlement Management (CIEM) Software At A Glance - **Leader:** [Wiz](https://www.g2.com/products/wiz-wiz/reviews) - **Highest Performer:** [Sonrai Security](https://www.g2.com/products/sonrai-security/reviews) - **Easiest to Use:** [Sysdig Secure](https://www.g2.com/products/sysdig-sysdig-secure/reviews) - **Top Trending:** [Wiz](https://www.g2.com/products/wiz-wiz/reviews) - **Best Free Software:** [Wiz](https://www.g2.com/products/wiz-wiz/reviews) --- **Sponsored** ### Intruder Intruder is an exposure management platform for scaling to mid-market businesses. Over 3000 companies - across all industries - use Intruder to find critical exposures, respond faster and prevent breaches. Unifying Attack Surface Management, Vulnerability Management and Cloud security into one powerful, easy to use platform, Intruder simplifies the complex task of securing an ever-expanding attack surface. Recognizing no two business are alike, Intruder provides real-time, accurate scanning combined with intelligent risk prioritization, ensuring businesses focus on the exposures that are most relevant to them. And our proactive approach limits the window of risk, continuously monitoring for new threats while eliminating the noise that slows teams down. Whether you're an IT Manager, in DevOps or a CISO, Intruder's easy setup and context-driven approach will free you up to focus on exposures that cause real breaches, not just technical vulnerabilities. Keeping you one step ahead of attackers. [Try for Free](https://www.g2.com/external_clickthroughs/record?secure%5Bad_program%5D=ppc&secure%5Bad_slot%5D=category_product_list&secure%5Bcategory_id%5D=1006814&secure%5Bdisplayable_resource_id%5D=1423&secure%5Bdisplayable_resource_type%5D=Category&secure%5Bmedium%5D=sponsored&secure%5Bplacement_reason%5D=neighbor_category&secure%5Bplacement_resource_ids%5D%5B%5D=2647&secure%5Bprioritized%5D=false&secure%5Bproduct_id%5D=27706&secure%5Bresource_id%5D=1006814&secure%5Bresource_type%5D=Category&secure%5Bsource_type%5D=category_page&secure%5Bsource_url%5D=https%3A%2F%2Fwww.g2.com%2Fcategories%2Fcloud-infrastructure-entitlement-management-ciem&secure%5Btoken%5D=679ce012c65436a55f906d810027fbf7c1a0dc8b8de8901c9c3a8f8b6758e4dd&secure%5Burl%5D=https%3A%2F%2Fwww.intruder.io%2F%3Futm_source%3Dg2%26utm_medium%3Dp_referral%26utm_campaign%3Dglobal%7Cfixed%7Cg2_clicks_2025&secure%5Burl_type%5D=free_trial) --- ## Top-Rated Products (Ranked by G2 Score) ### 1. [Wiz](https://www.g2.com/products/wiz-wiz/reviews) Wiz transforms cloud security for customers – including more than 50% of the Fortune 100 – by enabling a new operating model. With Wiz, organizations can democratize security across the development lifecycle, empowering them to build fast and securely. Its Cloud Native Application Protection Platform (CNAPP) consolidates CSPM, KSPM, CWPP, Vulnerability management, IaC scanning, CIEM, DSPM into a single platform. Wiz drives visibility, risk prioritization, and business agility. Protecting Your Cloud Environments Requires a Unified, Cloud Native Platform. Wiz connects to every cloud environment, scans every layer, and covers every aspect of your cloud security - including elements that normally require installing agents. Its comprehensive approach has all of these cloud security solutions built in. Hundreds of organizations worldwide, including 50 percent of the Fortune 100, to rapidly identify and remove critical risks in cloud environments. Its customers include Salesforce, Slack, Mars, BMW, Avery Dennison, Priceline, Cushman & Wakefield, DocuSign, Plaid, and Agoda, among others. Wiz is backed by Sequoia, Index Ventures, Insight Partners, Salesforce, Blackstone, Advent, Greenoaks, Lightspeed and Aglaé. Visit https://www.wiz.io for more information. **Average Rating:** 4.7/5.0 **Total Reviews:** 771 **Seller Details:** - **Seller:** [Wiz](https://www.g2.com/sellers/wiz-76a0133b-42e5-454e-b5da-860e503471db) - **Company Website:** https://www.wiz.io/ - **Year Founded:** 2020 - **HQ Location:** New York, US - **Twitter:** @wiz_io (22,550 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/wizsecurity/ (3,248 employees on LinkedIn®) **Reviewer Demographics:** - **Who Uses This:** CISO, Security Engineer - **Top Industries:** Financial Services, Information Technology and Services - **Company Size:** 54% Enterprise, 39% Mid-Market #### Pros & Cons **Pros:** - Features (113 reviews) - Security (107 reviews) - Ease of Use (104 reviews) - Visibility (87 reviews) - Easy Setup (68 reviews) **Cons:** - Improvement Needed (35 reviews) - Feature Limitations (34 reviews) - Learning Curve (34 reviews) - Improvements Needed (29 reviews) - Complexity (27 reviews) ### 2. [Cortex Cloud](https://www.g2.com/products/cortex-cloud/reviews) Cortex Cloud by Palo Alto Networks, the next version of Prisma Cloud, understands a unified security approach is essential for effectively addressing AppSec, CloudSec, and SecOps. Connecting cloud security and SOC workflows enables teams to achieve holistic visibility, trace risk across the lifecycle, and correlate real-time threat activity with development and runtime contexts. Cortex Cloud is a unified platform built on three core pillars: data integration, AI-driven intelligence, and automation. Now you can safeguard applications, data, and infrastructure across multicloud and hybrid environments with a unified data model that consolidates telemetry from code, runtime, identity, and endpoints, all into a single data source. Empower teams with precise, AI-powered insights and 2200+ machine learning models to identify and stop zero-day threats with real-time advanced threat detection and response. And automate with 1000+ prebuilt playbooks across your cloud stack to reduce manual workloads, accelerate remediations, and cut response times tenfold. Cortex Cloud delivers more than tools—it transforms how organizations secure their cloud environments. **Average Rating:** 4.1/5.0 **Total Reviews:** 110 **Seller Details:** - **Seller:** [Palo Alto Networks](https://www.g2.com/sellers/palo-alto-networks) - **Company Website:** https://www.paloaltonetworks.com - **Year Founded:** 2005 - **HQ Location:** Santa Clara, CA - **Twitter:** @PaloAltoNtwks (128,686 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/30086/ (21,355 employees on LinkedIn®) **Reviewer Demographics:** - **Top Industries:** Information Technology and Services, Computer & Network Security - **Company Size:** 38% Enterprise, 31% Mid-Market #### Pros & Cons **Pros:** - Ease of Use (49 reviews) - Features (45 reviews) - Security (43 reviews) - Visibility (38 reviews) - Cloud Integration (34 reviews) **Cons:** - Expensive (31 reviews) - Difficult Learning (30 reviews) - Learning Curve (29 reviews) - Pricing Issues (24 reviews) - Complex Setup (21 reviews) ### 3. [Sysdig Secure](https://www.g2.com/products/sysdig-sysdig-secure/reviews) Sysdig Secure is the real-time cloud-native application protection platform (CNAPP) trusted by organizations of all sizes around the world.. Built by the creators of Falco and Wireshark, Sysdig uniquely delivers runtime-powered visibility and agentic AI to stop cloud attacks instantly, not after the damage is done. With Sysdig, you can: - Stop threats in 2 seconds and respond in minutes - Cut vulnerability noise by 95% with runtime prioritization - Detect real risk instantly across workloads, identities, and misconfigurations - Close permissions gaps in under 2 minutes Sysdig Secure consolidates CSPM, CWPP, CIEM, vulnerability management, and threat detection into a single open, real-time platform. Unlike other CNAPPs, Sysdig connects signals across runtime, identity, and posture to eliminate blind spots, reduce tool sprawl, and accelerate innovation without compromise. No guesswork. No black boxes. Just cloud security, the right way. Learn more at https://sysdig.com **Average Rating:** 4.8/5.0 **Total Reviews:** 110 **Seller Details:** - **Seller:** [Sysdig](https://www.g2.com/sellers/sysdig-715eaed9-9743-4f27-bd2b-d3730923ac3e) - **Company Website:** https://www.sysdig.com - **Year Founded:** 2013 - **HQ Location:** San Francisco, California - **Twitter:** @Sysdig (10,256 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/3592486/ (640 employees on LinkedIn®) **Reviewer Demographics:** - **Who Uses This:** Security Engineer - **Top Industries:** Financial Services, Information Technology and Services - **Company Size:** 46% Enterprise, 40% Mid-Market #### Pros & Cons **Pros:** - Security (33 reviews) - Vulnerability Detection (32 reviews) - Threat Detection (31 reviews) - Detection Efficiency (30 reviews) - Features (23 reviews) **Cons:** - Feature Limitations (10 reviews) - Complexity (9 reviews) - Missing Features (8 reviews) - Difficult Learning (7 reviews) - Feature Complexity (7 reviews) ### 4. [Orca Security](https://www.g2.com/products/orca-security/reviews) The Orca Cloud Security Platform identifies, prioritizes, and remediates risks and compliance issues in workloads, configurations, and identities across your cloud estate spanning AWS, Azure, Google Cloud, Kubernetes, Alibaba Cloud, and Oracle Cloud. Orca offers the industry’s most comprehensive cloud security solution in a single platform — eliminating the need to deploy and maintain multiple point solutions. Orca is agentless-first, and connects to your environment in minutes using Orca’s patented SideScanning™ technology that provides deep and wide visibility into your cloud environment, without requiring agents. In addition, Orca can integrate with third-party agents for runtime visibility and protection for critical workloads. Orca is at the forefront of leveraging Generative AI for simplified investigations and accelerated remediation – reducing required skill levels and saving cloud security, DevOps, and development teams time and effort, while significantly improving security outcomes. As a Cloud Native Application Protection Platform (CNAPP), Orca consolidates many point solutions in one platform, including: CSPM, CWPP, CIEM, Vulnerability Management, Container and Kubernetes Security, DSPM, API Security, CDR, Multi-cloud Compliance, Shift Left Security, and AI-SPM. **Average Rating:** 4.6/5.0 **Total Reviews:** 238 **Seller Details:** - **Seller:** [Orca Security](https://www.g2.com/sellers/orca-security) - **Company Website:** https://orca.security - **Year Founded:** 2019 - **HQ Location:** Portland, Oregon - **Twitter:** @orcasec (4,832 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/35573984/ (495 employees on LinkedIn®) **Reviewer Demographics:** - **Who Uses This:** Security Engineer, CISO - **Top Industries:** Information Technology and Services, Computer Software - **Company Size:** 48% Mid-Market, 41% Enterprise #### Pros & Cons **Pros:** - Ease of Use (37 reviews) - Features (33 reviews) - Security (29 reviews) - User Interface (22 reviews) - Visibility (22 reviews) **Cons:** - Improvement Needed (15 reviews) - Feature Limitations (12 reviews) - Limited Features (10 reviews) - Missing Features (10 reviews) - Ineffective Alerts (9 reviews) ### 5. [Microsoft Entra Permissions Management](https://www.g2.com/products/microsoft-entra-permissions-management/reviews) CloudKnox Permissions Management is a cloud infrastructure entitlement management (CIEM) solution that provides comprehensive visibility into permissions assigned to all identities – users and workloads – actions, and resources across cloud infrastructures. It detects, right-sizes, and monitors unused and excessive permissions and enables Zero Trust security through least privilege access in Microsoft Azure, AWS, and GCP. **Average Rating:** 4.3/5.0 **Total Reviews:** 16 **Seller Details:** - **Seller:** [Microsoft](https://www.g2.com/sellers/microsoft) - **Year Founded:** 1975 - **HQ Location:** Redmond, Washington - **Twitter:** @microsoft (13,105,844 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/microsoft/ (227,697 employees on LinkedIn®) - **Ownership:** MSFT **Reviewer Demographics:** - **Company Size:** 50% Small-Business, 25% Enterprise ### 6. [SailPoint](https://www.g2.com/products/sailpoint/reviews) SailPoint is the leader in identity security for the modern enterprise. Harnessing the power of AI and machine learning, SailPoint automates the management and control of access, delivering only the required access to the right identities and technology resources at the right time. Our sophisticated identity platform seamlessly integrates with existing systems and workflows, providing the singular view into all identities and their access. We meet customers where they are with an intelligent identity solution that matches the scale, velocity and environmental needs of the modern enterprise. SailPoint empowers the most complex enterprises worldwide to build a security foundation grounded in identity security. **Average Rating:** 4.5/5.0 **Total Reviews:** 168 **Seller Details:** - **Seller:** [SailPoint](https://www.g2.com/sellers/sailpoint) - **Company Website:** https://www.sailpoint.com - **Year Founded:** 2004 - **HQ Location:** Austin, TX - **Twitter:** @SailPoint (15,045 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/47456/ (3,441 employees on LinkedIn®) **Reviewer Demographics:** - **Who Uses This:** Software Engineer - **Top Industries:** Financial Services, Information Technology and Services - **Company Size:** 76% Enterprise, 18% Mid-Market #### Pros & Cons **Pros:** - Ease of Use (36 reviews) - Features (30 reviews) - Security (24 reviews) - Identity Management (21 reviews) - Integrations (21 reviews) **Cons:** - Improvement Needed (17 reviews) - Poor Customer Support (16 reviews) - Missing Features (14 reviews) - Expensive (12 reviews) - Difficult Learning (11 reviews) ### 7. [Sonrai Security](https://www.g2.com/products/sonrai-security/reviews) Sonrai Security is a leading cloud privileged access management solutions provider. With a mission to empower enterprises of all sizes to innovate securely and confidently, Sonrai Security delivers identity, access, and privilege security for companies running on AWS, Azure, and Google Cloud platforms. The company is renowned for pioneering the Cloud Permissions Firewall, enabling one-click least privilege while supporting developer access needs without disruption. Trusted by Cloud Operations, Development, and Security Teams at leading companies across various industries, Sonrai Security is committed to driving innovation and excellence in cloud security. Sonrai’s Cloud Permissions Firewall, the leading cloud PAM solution, gets cloud access under control, slashes the privileged attack surface, and automates least privilege all without impeding DevOps. The Cloud Permissions Firewall uses privileged permission intelligence and usage monitoring to determine who needs what permissions in your cloud. Then, with one-click, it eliminates all unused sensitive privileges across your entire multi-cloud estate. Just-in-time access and exceptions are granted to roles on the fly as new needs come up so development goes uninterrupted. SecOps teams spend 97% less time achieving least privilege and slash the attack surface by 92%. **Average Rating:** 4.5/5.0 **Total Reviews:** 26 **Seller Details:** - **Seller:** [Sonrai Security](https://www.g2.com/sellers/sonrai-security) - **Year Founded:** 2017 - **HQ Location:** New York, US - **LinkedIn® Page:** https://www.linkedin.com/company/sonrai-security (64 employees on LinkedIn®) **Reviewer Demographics:** - **Top Industries:** Information Technology and Services - **Company Size:** 42% Mid-Market, 38% Enterprise #### Pros & Cons **Pros:** - Cloud Security (12 reviews) - Security (12 reviews) - Cloud Management (10 reviews) - Ease of Use (9 reviews) - Cloud Technology (8 reviews) **Cons:** - Complexity (3 reviews) - Expensive (3 reviews) - Feature Limitations (3 reviews) - Improvement Needed (3 reviews) - Limited Customization (3 reviews) ### 8. [Saviynt](https://www.g2.com/products/saviynt-saviynt/reviews) Saviynt helps organizations transform their organization with identity security. Our AI-first platform enables enterprises to secure every identity — human, non-human, and AI — within any application and in any environment. With Saviynt, organizations strengthen their identity security posture, streamline operations, and ensure that every user has the right access at the right time. The Saviynt Identity Platform unifies identity governance (IGA), application access, cloud security, and privileged account management into a single, end-to-end platform. And, with our AI-powered recommendation engine, application onboarding, and more, users are empowered to make faster, smarter, data-driven decisions. In turn, organizations enjoy lower risk, complete visibility and governance, reduced total cost of ownership, and much more throughout their entire identity security program. **Average Rating:** 4.4/5.0 **Total Reviews:** 77 **Seller Details:** - **Seller:** [Saviynt](https://www.g2.com/sellers/saviynt) - **Company Website:** https://www.saviynt.com - **Year Founded:** 2010 - **HQ Location:** El Segundo, US - **Twitter:** @saviynt (1,233 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/saviynt (1,579 employees on LinkedIn®) **Reviewer Demographics:** - **Top Industries:** Information Technology and Services, Oil & Energy - **Company Size:** 80% Enterprise, 5% Mid-Market #### Pros & Cons **Pros:** - Ease of Use (29 reviews) - Features (23 reviews) - Easy Setup (13 reviews) - Customer Support (11 reviews) - Integrations (11 reviews) **Cons:** - Difficult Learning (9 reviews) - Lack of Features (9 reviews) - Limited Features (9 reviews) - Poor Interface Design (9 reviews) - Complexity (8 reviews) ### 9. [Tenable Cloud Security](https://www.g2.com/products/tenable-tenable-cloud-security/reviews) Tenable Cloud Security is an actionable cloud security platform that exposes and closes priority security gaps caused by misconfigurations, risky entitlements and vulnerabilities. Organizations use its intuitive UI to unify siloed tools to secure the full cloud stack, achieving end-to-end visibility, prioritization and remediation across infrastructure, workloads, identities, data and AI services. Users can access the extensive knowledgebase of Tenable Research, reducing the risk of breaches with advanced prioritization that understands resource, identity and risk relationships. Tenable uses this context to pinpoint toxic combinations of risk most likely to be exploited. Take action, even if you only have 5 minutes, with guided remediations and code snippets that significantly reduce MTTR. With one click, report on compliance with industry benchmarks and regulatory requirements, e.g. SOC 2, GDPR & HIPAA. TCS is part of Tenable’s AI-powered exposure management platform, Tenable One. **Average Rating:** 4.6/5.0 **Total Reviews:** 37 **Seller Details:** - **Seller:** [Tenable](https://www.g2.com/sellers/tenable) - **Company Website:** https://www.tenable.com/ - **HQ Location:** Columbia, MD - **Twitter:** @TenableSecurity (87,651 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/25452/ (2,357 employees on LinkedIn®) - **Ownership:** NASDAQ: TENB **Reviewer Demographics:** - **Top Industries:** Information Technology and Services, Computer Software - **Company Size:** 57% Mid-Market, 38% Enterprise #### Pros & Cons **Pros:** - Compliance (6 reviews) - Detailed Analysis (6 reviews) - Ease of Use (5 reviews) - Features (5 reviews) - Integrations (5 reviews) **Cons:** - Complex Setup (4 reviews) - Expensive (4 reviews) - Feature Limitations (4 reviews) - Difficult Setup (3 reviews) - Implementation Difficulty (3 reviews) ### 10. [FortiCNAPP](https://www.g2.com/products/forticnapp/reviews) FortiCNAPP (formerly Lacework) is an AI-powered Cloud-Native Application Protection Platform that delivers unified security across your multi-cloud and hybrid environments. Built to protect the entire application lifecycle—from development to runtime—it combines posture management, workload protection, identity security, and threat detection into one integrated platform. By leveraging machine learning and behavioral analytics, FortiCNAPP helps security teams detect unknown threats, reduce noise, and accelerate response. Integrated with the Fortinet Security Fabric, it provides full-stack visibility across cloud, network, and endpoint environments—empowering teams to operate with confidence, reduce complexity, and scale securely. **Average Rating:** 4.4/5.0 **Total Reviews:** 383 **Seller Details:** - **Seller:** [Fortinet](https://www.g2.com/sellers/fortinet) - **Company Website:** https://www.fortinet.com - **Year Founded:** 2000 - **HQ Location:** Sunnyvale, CA - **Twitter:** @Fortinet (151,464 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/6460/ (16,112 employees on LinkedIn®) **Reviewer Demographics:** - **Who Uses This:** Security Engineer, Security Analyst - **Top Industries:** Information Technology and Services, Computer Software - **Company Size:** 62% Mid-Market, 26% Enterprise #### Pros & Cons **Pros:** - Security (8 reviews) - Vulnerability Detection (7 reviews) - Alert Management (6 reviews) - Cloud Security (6 reviews) - Ease of Use (6 reviews) **Cons:** - Difficult Setup (5 reviews) - Poor Documentation (5 reviews) - Complex Setup (4 reviews) - Setup Difficulty (4 reviews) - Complex Configuration (3 reviews) ### 11. [CrowdStrike Falcon Cloud Security](https://www.g2.com/products/crowdstrike-falcon-cloud-security/reviews) Crowdstrike Falcon Cloud Security is the only CNAPP to stop breaches in the cloud Built for today’s hybrid and multi-cloud environments, Falcon Cloud Security protects the entire cloud attack surface - from code to runtime - by combining continuous agentless visibility with real-time detection and response. At runtime, Falcon Cloud Security delivers best-in-class cloud workload protection and real-time cloud detection and response (CDR) to stop active threats across hybrid environments. Integrated with the CrowdStrike Falcon platform, it correlates signals across endpoint, identity, and cloud to detect sophisticated cross-domain attacks that point solutions miss—enabling teams to respond faster and stop breaches in progress. To reduce risk before attacks occur, Falcon Cloud Security also delivers agentless-driven posture management that proactively shrinks the cloud attack surface. Unlike typical solutions, Crowdstrike enriches cloud risk detections with adversary intelligence and graph-based context, enabling security teams to prioritize exploitable exposures and prevent breaches before they happen. Customers using Falcon Cloud Security consistently see measurable results: 89% faster cloud detection and response 100x reduction in false positives by prioritizing exploitable, business-critical risk 83% reduction in cloud security licenses due to elimination of redundant tools **Average Rating:** 4.6/5.0 **Total Reviews:** 83 **Seller Details:** - **Seller:** [CrowdStrike](https://www.g2.com/sellers/crowdstrike) - **Company Website:** https://www.crowdstrike.com - **Year Founded:** 2011 - **HQ Location:** Sunnyvale, CA - **Twitter:** @CrowdStrike (110,215 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/2497653/ (11,258 employees on LinkedIn®) **Reviewer Demographics:** - **Top Industries:** Information Technology and Services, Computer & Network Security - **Company Size:** 45% Enterprise, 43% Mid-Market #### Pros & Cons **Pros:** - Security (49 reviews) - Cloud Security (37 reviews) - Detection Efficiency (34 reviews) - Vulnerability Detection (31 reviews) - Ease of Use (29 reviews) **Cons:** - Expensive (17 reviews) - Improvements Needed (14 reviews) - Improvement Needed (13 reviews) - Feature Complexity (8 reviews) - Learning Curve (8 reviews) ### 12. [BeyondTrust Entitle Just-in-Time Access](https://www.g2.com/products/beyondtrust-entitle-just-in-time-access/reviews) Entitle is a seamless way to grant employees granular and just-in-time access within Cloud and SaaS. Specializing in temporary admin escalations, break-glass access, granular access to PII, and access reviews, Entitle offers centralized entitlement visibility, self-serve access, and auto policy enforcement. Entitle serves dozens of public and high-growth companies including Starburst, Bloomreach, Appsflyer, Noname, Lemonade, and Orum. Its customers report x25 faster access to cloud resources, up to 91% reducing in standing permissions and countless man hours saved. Visit entitle.io to learn more. **Average Rating:** 4.3/5.0 **Total Reviews:** 12 **Seller Details:** - **Seller:** [BeyondTrust](https://www.g2.com/sellers/beyondtrust) - **Company Website:** https://www.beyondtrust.com - **Year Founded:** 1985 - **HQ Location:** Johns Creek, GA - **Twitter:** @BeyondTrust (14,354 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/294396/ (1,682 employees on LinkedIn®) **Reviewer Demographics:** - **Company Size:** 75% Mid-Market, 17% Enterprise #### Pros & Cons **Pros:** - Documentation (2 reviews) - Security (2 reviews) - Access Control (1 reviews) - Auditing (1 reviews) - Capabilities (1 reviews) **Cons:** - Complex Queries (2 reviews) - Complex Usability (2 reviews) - Complex Usage (2 reviews) - Difficult Setup (2 reviews) - Admin Management Issues (1 reviews) ### 13. [CyberArk Secure Cloud Access](https://www.g2.com/products/cyberark-secure-cloud-access/reviews) CyberArk Secure Cloud Access provisions Zero Standing Privileges (ZSP) across multi-cloud environments, scoping just enough permissions to adhere to the principle of least privilege access. CyberArk is the only Identity Security Platform to apply ZSP across a sprawl of cloud infrastructure and entitlements. Whether operating in Google Cloud, AWS, or Azure, your team can confidently secure the cloud while delivering a user experience native to developers. **Average Rating:** 4.9/5.0 **Total Reviews:** 6 **Seller Details:** - **Seller:** [CyberArk](https://www.g2.com/sellers/cyberark) - **Year Founded:** 1999 - **HQ Location:** Newton, MA - **Twitter:** @CyberArk (17,740 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/26630/ (5,022 employees on LinkedIn®) - **Ownership:** NASDAQ:CYBR **Reviewer Demographics:** - **Company Size:** 67% Mid-Market, 33% Enterprise #### Pros & Cons **Pros:** - Ease of Use (2 reviews) - User Interface (2 reviews) - Access Management (1 reviews) - Easy Setup (1 reviews) - Features (1 reviews) ### 14. [CheckRed](https://www.g2.com/products/checkred/reviews) CheckRed is a complete cloud security platform (SSPM/CNAPP/CSPM/CIEM/CWPP/Compliance) covering all critical SaaS apps and cloud providers – all in a single, user-friendly, and affordable solution. **Average Rating:** 4.8/5.0 **Total Reviews:** 4 **Seller Details:** - **Seller:** [CheckRed](https://www.g2.com/sellers/checkred) - **HQ Location:** 5220 Spring Valley Rd Suite 604 Dallas,TX 75254 - **LinkedIn® Page:** https://www.linkedin.com/company/checkred/ **Reviewer Demographics:** - **Company Size:** 75% Mid-Market, 25% Small-Business ### 15. [Trustle](https://www.g2.com/products/trustle/reviews) Trustle goes beyond Cloud Infrastructure Entitlement Management (CIEM) to prioritize the most over-privileged users, and easily transition your entire organization to Just-In-Time Access to everything from AWS production environments processing customer transactions to GitHub repos with valuable source code and HR platforms housing your employees' personal information. Trustle takes you from questioning whether a contractor still has access to being confident that the Operations team's access was revoked immediately after the maintenance window. Your team will thank you when they see how easy it is to request and approve access through the Chat tools (Slack, Microsoft Teams) they use every day. **Average Rating:** 4.5/5.0 **Total Reviews:** 1 **Seller Details:** - **Seller:** [Trustle](https://www.g2.com/sellers/trustle) - **Year Founded:** 2019 - **HQ Location:** Boston, MA, USA - **LinkedIn® Page:** https://www.linkedin.com/company/trustlesecurity (15 employees on LinkedIn®) **Reviewer Demographics:** - **Company Size:** 100% Mid-Market #### Pros & Cons **Pros:** - Cloud Services (1 reviews) - Identity Management (1 reviews) - Secure Access (1 reviews) ### 16. [Authomize](https://www.g2.com/products/authomize/reviews) Authomize protects organizations from identity-based cyberattacks with the first Identity Threat Detection and Response (ITDR) Platform. Authomize collects and normalizes data of identities, access privileges, assets, and activities from cloud services, applications, and IAM solutions in order to detect, investigate and respond to identity risks and threats. Customers use Authomize to gain visibility of actual access, achieve least privilege across cloud services and applications, secure their IAM infrastructure, and automate compliance and audit preparations. **Average Rating:** 4.5/5.0 **Total Reviews:** 1 **Seller Details:** - **Seller:** [Authomize](https://www.g2.com/sellers/authomize) - **Year Founded:** 2020 - **HQ Location:** Alpharetta, US - **LinkedIn® Page:** https://www.linkedin.com/company/authomize (6 employees on LinkedIn®) **Reviewer Demographics:** - **Company Size:** 100% Enterprise ### 17. [Darktrace / CLOUD](https://www.g2.com/products/darktrace-cloud/reviews) Darktrace / CLOUD is a Cloud-Native Application Protection Platform (CNAPP) with advanced real-time Cloud Detection and Response (CDR) to protect runtime environments from active threats. It secures modern hybrid and multi-cloud environments by combining posture management, runtime threat detection, cloud-native response, and automated cloud investigations in a single AI-driven platform. As organizations scale across AWS, Azure, Google Cloud, SaaS, containers, and serverless architectures, static posture checks and alert-heavy tools are no longer enough. Darktrace / CLOUD continuously understands how your cloud environment behaves and automatically stops threats as they unfold. 1. Stop Active Cloud Threats in Real Time with AI-Driven CDR Darktrace delivers true Cloud Detection and Response in live production environments. Its Self-Learning AI monitors identity behavior, workload activity, and network connections to detect the most subtle indicators of account compromise, privilege escalation, insider threats, ransomware, and novel attacks. When real threats emerge, it can take precise, proportionate action to contain them immediately, minimizing business disruption. 2. Maintain Continuous Cloud Visibility, Posture Assurance, and Risk Reduction Darktrace combines continuous cloud monitoring with Cloud Security Posture Management (CSPM) capabilities to dynamically map architecture, identities (human and non-human), services, containers, and configurations. It identifies misconfigurations, vulnerabilities, toxic combinations of privileges, and exploitable attack paths, not just static compliance gaps. This ensures organizations maintain real-time visibility and awareness of risk as cloud environments evolve. 3. Accelerate Incident Response with Automated Cloud Investigations at Scale Darktrace integrates with any detection source and your existing security stack to perform automated investigations at cloud speed and scale. When suspicious activity is detected, Darktrace automatically collects and analyzes forensic evidence across logs, configurations, disk, memory, and ephemeral workloads. Full attacker timelines are generated in minutes, enabling rapid root-cause analysis, confident remediation, and audit-ready evidence without manual data gathering. While many CNAPP solutions focus primarily on posture or fragmented point capabilities, Darktrace / CLOUD unifies prevention, real-time detection, response, and automated investigation in one continuous AI-driven workflow, delivering protection that adapts as fast as the cloud itself. AI-Driven Automation from Detection to Investigation Self-Learning AI detects known, unknown, and novel threats while autonomous response and automated investigations dramatically reduce analyst workload and stop threats automatically. Unmatched Cloud Coverage with Breadth and Depth Darktrace unifies CSPM, identity analytics, runtime CDR, and forensic depth across IaaS, PaaS, SaaS, containers, and serverless environments to deliver protection at cloud speed and scale. True Hybrid, Cross-Domain Protection The platform correlates live activity across cloud, SaaS, on-premises, and network environments to uncover and contain lateral, cross-domain attacks. Flexible Deployment for Enterprise Reality With agentless API integrations and optional agent-based telemetry, Darktrace supports SaaS, hosted, and on-prem deployments, delivering rapid time-to-value while meeting regulatory and operational requirements. **Average Rating:** 4.5/5.0 **Total Reviews:** 1 **Seller Details:** - **Seller:** [Darktrace](https://www.g2.com/sellers/darktrace) - **Company Website:** https://www.darktrace.com - **Year Founded:** 2013 - **HQ Location:** Cambridgeshire, England - **Twitter:** @Darktrace (18,180 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/5013440/ (2,548 employees on LinkedIn®) **Reviewer Demographics:** - **Company Size:** 100% Mid-Market ### 18. [IP Fabric](https://www.g2.com/products/ip-fabric/reviews) IP Fabric is the leading automated network assurance platform, offering a continuously validated view of cloud, network and security systems to improve stability, security and spend. Within minutes, the platform creates a unified view of devices, state, configurations and interdependencies, normalizing multi-vendor data and revealing operational truth through automated intent checks. By uncovering risks and providing actionable insights, IP Fabric empowers enterprises to accelerate IT and business transformation while reducing costs. Trusted by industry leaders like Red Hat, Major League Baseball and Air France, IP Fabric delivers the foundation for end-to-end network governance. Learn more at www.ipfabric.io and follow the company on LinkedIn https://www.linkedin.com/company/ip-fabric **Seller Details:** - **Seller:** [IP Fabric](https://www.g2.com/sellers/ip-fabric) - **Year Founded:** 2015 - **HQ Location:** Boston, Massachusetts, United States - **Twitter:** @IPFabric (927 Twitter followers) - **LinkedIn® Page:** http://www.linkedin.com/company/ip-fabric (127 employees on LinkedIn®) ### 19. [NextLabs Application Enforcers](https://www.g2.com/products/nextlabs-application-enforcers/reviews) NextLabs' Application Enforcer is a suite of enforcers that integrate seamlessly with leading enterprise applications, enhancing their native security frameworks without the need for custom coding. By leveraging built-in awareness of application data models and business workflows, Application Enforcer provides an additional layer of control, ensuring that organizations meet stringent security and compliance requirements. It enforces Policy-Based Access Control in real-time, utilizing attributes related to users, data, and environmental factors. This approach externalizes authorization through a zero trust policy engine, strengthening application security and eliminating authorization silos. Key Features and Functionality: - Externalized Authorization: Allows modification of authorization policies without altering the application's code. - Enforce Least Privilege Access: Utilizes Attribute-Based Access Control to ensure that applications and data are accessible only to authorized entities. - Data Classification: Automatically identifies and categorizes sensitive data based on the application's underlying data model. - Access Activity Monitoring: Collects and analyzes access activities across applications to detect and respond to anomalous behavior. - Native Application Integration: Understands the identity systems, object models, and security frameworks of applications for easy deployment and a seamless user experience. Primary Value and Problem Solved: Application Enforcer addresses the challenge of securing critical data across a diverse and evolving application landscape. By externalizing security controls and enforcing zero trust access policies, it automates data security and compliance procedures, enhancing business agility and competitiveness. The solution eliminates the need for costly customizations, reduces time-to-market, and streamlines compliance by automating the auditing of authorization and data access. This ensures that sensitive data is protected, access is granted based on the principle of least privilege, and organizations can adapt swiftly to changing security and compliance demands. **Seller Details:** - **Seller:** [NextLabs](https://www.g2.com/sellers/nextlabs) - **Year Founded:** 2004 - **HQ Location:** San Mateo, US - **Twitter:** @nextlabs (404 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/nextlabs (190 employees on LinkedIn®) ### 20. [Saner Cloud](https://www.g2.com/products/saner-cloud/reviews) Saner Cloud is an AI-fortified Cloud-Native Application Protection Platform (CNAPP) that moves beyond detection. It empowers organizations with intelligent, real-time, and automated attack prevention. Unlike traditional cloud security solutions that overwhelm security teams with alerts but fail to act, Saner Cloud automatically fixes vulnerabilities, misconfigurations, identity risks, and compliance violations across multicloud environments. **Seller Details:** - **Seller:** [SecPod](https://www.g2.com/sellers/secpod-b11d8014-d8ec-46e7-9e81-c0d14919fbfc) - **Company Website:** https://www.secpod.com/ - **Year Founded:** 2008 - **HQ Location:** Redwood City, California - **Twitter:** @secpod (543 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/secpod-technologies/ (171 employees on LinkedIn®) ### 21. [Uptycs](https://www.g2.com/products/uptycs-uptycs/reviews) Uptycs unified CNAPP and XDR platform is a comprehensive security solution designed to protect the full spectrum of modern attack surfaces in your cloud, data centers, user devices, build pipelines, and containers. With a strong focus on DevSecOps, Uptycs offers a powerful combination of CNAPP capabilities, including Cloud Workload Protection Platform (CWPP), Kubernetes Security Posture Management (KSPM), Cloud Security Posture Management (CSPM), Cloud Infrastructure Entitlement Management (CIEM), and Cloud Detection and Response (CDR). With Uptycs you also get industry-leading eXtended Detection and Response (XDR) across macOS, Windows, and Linux endpoints, ensuring comprehensive protection, detection, and investigation. Uptycs delivers real-time threat detection, context-rich alerts, and maps detections to the MITRE ATT&CK framework for improved security insights. Uptycs performs scanning of containers for vulnerabilities throughout the CI/CD pipeline, promoting agile DevOps workflows, and reducing risk in production environments. Uptycs seamlessly integrates with existing tools and processes, streamlining operations and improving overall efficiency. Customers also benefit from the flexibility to choose between agent-based and agentless scanning options tailored to their unique cloud workload needs. Discover how Uptycs can transform your security posture with a comprehensive, flexible, and powerful security solution designed to meet the needs of today's complex and rapidly evolving cloud environments. Shift up with Uptycs. KEY DIFFERENTIATORS: 1. Unified & Comprehensive Platform: Uptycs offers a holistic security solution with CNAPP capabilities (CWPP, KSPM, CSPM, CIEM, and CDR) across data centers, laptops, build pipelines, containers, and cloud environments, reducing tool sprawl. 2. Advanced XDR: Industry-leading eXtended Detection and Response for endpoint protection across macOS, Windows, and Linux systems. 3. DevSecOps Focus: Enhanced security for container-based workloads and Kubernetes, supporting agile DevOps workflows. 4. Real-Time Threat Detection: Context-rich alerts and threat detection mapped to the MITRE ATT&CK framework for improved insights. 5. CI/CD Integration: Efficiently scan containers for vulnerabilities throughout the CI/CD pipeline, reducing risk in production. 6. Both agent-based and agentless scanning. Deploy agentless scanning for rapid, friction-free coverage to keep your data secure, and gain continuous runtime security, real-time investigations, and remediation with agent-based telemetry. 7. Rich API & Compatibility: Seamless integration with existing security tools and platforms, powered by osquery for broad compatibility. 8. Expert Support & Flexibility: Dedicated support from security experts and the best of both worlds with agent-based and agentless scanning options tailored to your needs. **Average Rating:** 4.4/5.0 **Total Reviews:** 13 **Seller Details:** - **Seller:** [Uptycs](https://www.g2.com/sellers/uptycs) - **Year Founded:** 2016 - **HQ Location:** Waltham, US - **Twitter:** @uptycs (1,483 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/uptycs/ (129 employees on LinkedIn®) **Reviewer Demographics:** - **Top Industries:** Financial Services - **Company Size:** 54% Mid-Market, 38% Enterprise #### Pros & Cons **Pros:** - Cloud Computing (1 reviews) - Cloud Security (1 reviews) - Cloud Technology (1 reviews) - Compliance (1 reviews) - Compliance Management (1 reviews) **Cons:** - Expensive (1 reviews) - Pricing Issues (1 reviews) ### 22. [Upwind](https://www.g2.com/products/upwind/reviews) Upwind is the runtime-first cloud security platform that secures your deployments, configurations, and applications by providing real-time visibility from the inside out. We’ve built a unified fabric that maps your environment as it runs - revealing what’s truly at risk, what’s actively happening, and how to respond quickly and effectively. With Upwind, security, dev, and ops teams move faster, stay focused, and fix risks that matter most. **Average Rating:** 4.9/5.0 **Total Reviews:** 8 **Seller Details:** - **Seller:** [Upwind](https://www.g2.com/sellers/upwind) - **Company Website:** https://www.upwind.io - **Year Founded:** 2022 - **HQ Location:** San Francisco, California, United States - **LinkedIn® Page:** https://www.linkedin.com/company/upwindsecurity/ (217 employees on LinkedIn®) **Reviewer Demographics:** - **Company Size:** 75% Mid-Market, 25% Enterprise #### Pros & Cons **Pros:** - Ease of Use (3 reviews) - Visibility (3 reviews) - Customer Support (2 reviews) - Detection Efficiency (2 reviews) - Implementation Ease (2 reviews) **Cons:** - Alert Overload (1 reviews) - Compliance Issues (1 reviews) - Data Management (1 reviews) - Data Overload (1 reviews) - False Positives (1 reviews) ## Parent Category [Cloud Security Software](https://www.g2.com/categories/cloud-security) ## Related Categories - [Cloud Workload Protection Platforms](https://www.g2.com/categories/cloud-workload-protection-platforms) - [Cloud Compliance Software](https://www.g2.com/categories/cloud-compliance) - [Cloud Security Posture Management (CSPM) Software](https://www.g2.com/categories/cloud-security-posture-management-cspm) - [Cloud-Native Application Protection Platform (CNAPP)](https://www.g2.com/categories/cloud-native-application-protection-platform-cnapp)