Logo Cloudhawk.io

A Complete View of Your AWS Cloud Security Posture

CloudHawk continuously monitors your AWS Cloud to identify security risks, misconfigurations, compliance issues and unprecedented infrastructure visibility

How CloudHawk Works

CloudHawk does not require any changes in your infrastructure and is completely agentless. We leverage Read Only AWS APIs to monitor your Cloud infrastructure and provide you with remediations whenever possible.

Easy Onboarding

Onboarding has never been simpler thanks to our wizard. It requires only 5 simple steps that can be completed in just a few minutes.

Continuous Security Monitoring

Your Security posture is not static and changes with your infrastructure. With DevOpS and rapidily changing environments, continous monitoring is the only way to address security in this paradigm.

Complete Resource Inventory

No more region switching or asset management. CloudHawk automatically discovers all of your AWS assets and provides you with a single console for your inventory.

Event Analysis and Anomaly Detection

We help you focus on the relevant security events happening within your cloud. If we see something unusual we also let you know so you can take approriate actions.

Cost Saving with Instance Scheduling

No more money wasted on dev instances or sandboxes that you do not need on all the time. We give you the means to create and enforce a schedule for your instances.

Continuous Topology Map Extraction

Cloud is subject to rapid changes and your initial architecture diagram does not necessarely reflect what you have running now. CloudHawk automatically builds a topology of your cloud deployment and overlays it with our security monitoring findings.

Dashboard Single Security Report Summary Security Report Service Summary Security Report Service Affected Items

Continuous Security Monitoring

Your Security posture is not static and changes with your infrastructure, we help you keep up with it!

Select your desired frequency and we monitor your infrastructure for any misconfigurations that could leave you exposed. We cover the most critial services from IAM to S3 and more. You can customize the security risk for each findings to match your organization's risk tolerance.

Continuous CIS AWS Foundations Benchmark Report

Compliance in the Cloud is challenging. We monitor your infrastructure and help you stay compliant.

We have implemented the CIS Amazon Web Services Foundations Benchmark 1.1 to audit your services and notify you of resources that affects your compliance.

CIS Benchmark Reports CIS Benchmark Report CIS Benchmark Level 2 Report
Events Report Events Details Generic Events Details

Daily Event Analysis Report

Every interaction with your infrastructure leads to the creation of an event, you could have millions per day! We help you focus on the security relevant events.

Tell us what make sense for you - daily, weekly or monthly - and we will provide you with a security event digest for the selected period.

Daily Anomaly Detection

Whether you have been compromised or you have some automation gone wrong, we detect abnormal behavior.

Define a period of time over which everything ran smoothly and we will use the events of that period as baseline. When we observe something that we have not seen before or very different that usual we notify you.

Generate Anomalies Baseline
Topology Report

Continuous Topology Map Extraction

Just like your security posture, your cloud topology is not static and changes over time.

It is hard to keep up with such a dynamic environment. A picture is worth a thousand words and so is your cloud topology. We build a map of all your resources and how they are interconnected and reacheable from the internet. We also overlay all our security findings, enabling you to naviguate this map and look at relevant security issues in a single pane of glass.

Complete Resource Inventory

With multiple regions, availability zones across multiple accounts make it hard to keep track of your resources.

We build this inventory, provide statistics by region and resource types. We also provide you with a tool to compare your inventory at different points of time to analyze how your infrastructure is changing.

Inventory IAM Inventory EC2 Summary Inventory S3 Buckets Details Inventory
Custom Schedule Instances Applying Schedule To Instances

Cost Saving with Instance Scheduling

Your Cloud costs are an important part of your business. Keeping them under control is challenging.

Unused instances and non-production servers running outside business hours are one of the main reason your Cloud bill is unnecessarely high. CloudHawk lets you build a schedule that reflect the usage of your instances (EC2, RDS) and enforces this schedule to keep your costs under control, leading to over 25% of cost saving on average.

Slack and Email Notifications

We understand that when a critical security issue is discovered the speed of remediation is a concern.

We provide instant Slack and Email notifications for all the security reporting. You also have the ability to customize what report notifcation you receive. Other integrations are possible: SQS, PagerDuty ... Contact us with your specific needs.

Email Settings Slack Settings

Frequently Asked Questions

CloudHawk gathers the state of your AWS service security posture from each AWS account via the Amazon APIs. This data is then analyzed and presented into detailed report highlighting the security risks, misconfigurations and potential suspicious events it detects.
CloudHawk currently supports CloudFormation, Cloudtrail, CloudWatch, DirectConnect, EC2, EFS, ElasticCache, ELB, ELBV2, EMR, IAM, Lambda, RDS, RedShift, Route53, S3, SES, SNS, SQS, VPC and more coming soon.
Yes. Amazon manages security of the AWS cloud infrastructure, while security in the cloud is your responsibility. In the shared responsability model you are responsible for ensuring the security and configuration of the services running in AWS in addition to the applications and OS's you depend on. CloudHawk helps you do your part of the security in the cloud.
No. CloudHawk is completely agentless, and does not modify or actively change any of your AWS Cloud deployment settings unless you are using the Cost Saving modules which grants CloudHawk permissions to turn-on and turn-off instances based on your defined schedule.

Plans and Pricing

Contact us