Architecture
CloudGuard is designed as a modular, cloud-native security analysis platform with clear architectural boundaries between data collection, analysis, and response. The same core architecture supports deployment across public cloud, hybrid environments, and isolated private networks.
Architectural layers
- Integration layer — agentless connectors leveraging cloud-native APIs to collect configuration state, identity relationships, metadata, and security-relevant signals without impacting workloads.
- Correlation & normalization layer — unifies assets, identities, permissions, network reachability, and detected issues into a consistent, multi-cloud representation.
- Risk graph & analysis layer — constructs a dynamic risk graph that captures relationships between resources and security conditions, forming the foundation for contextual analysis.
- Risk engine — applies detection logic and AI-powered attack-path prediction on top of the risk graph to identify exploitable exposure paths and prioritize risk based on real-world impact.
- Response & verification layer — translates prioritized risks into remediation guidance, tracks execution, and continuously verifies risk reduction.
Unified core, flexible deployment
All deployment models share the same core analysis engine, risk graph, and AI attack-path prediction capabilities. Deployment choice affects operational ownership and data residency, not analytical depth.
Deployment options
- CloudGuard SaaS — a fully managed deployment operated by Quantus Bridge, optimized for public cloud and hybrid cloud environments that require fast onboarding and minimal operational overhead.
- Self-hosted management center — deployable via VM image or ISO in customer-controlled private cloud or data center environments, providing full control over infrastructure and data residency.
- Security Check Toolbox — a lightweight, deployable subset of the CloudGuard platform designed for isolated or restricted networks, enabling rapid on-site security assessment and analysis while preserving the same risk modeling logic.
This architectural flexibility allows organizations to adopt CloudGuard in stages or operate multiple deployment models in parallel, depending on regulatory and operational constraints.