Security & Compliance
CloudGuard is built to help organizations improve cloud security posture with minimal operational disruption and clear control boundaries. It supports different deployment models to meet data residency and compliance requirements while preserving the same core analysis capability.
Non-intrusive detection
- No host agents required for core detection and analysis capabilities
- No attack-traffic probing that disrupts production or breaks isolation assumptions
- Designed to avoid resource contention and performance impact on workloads
Least-privilege access and boundary clarity
CloudGuard access requirements are scoped to the minimum necessary and vary by deployment model. Integrations are typically read-focused for discovery and analysis. Customers remain in control of remediation and enforcement actions unless explicitly configured otherwise in their own environment.
Data handling & residency
CloudGuard primarily operates on cloud security metadata (such as configuration state, identity and permission relationships, resource attributes, and network reachability context). The data boundary is designed to support security analysis without requiring intrusive workload instrumentation.
- SaaS — CloudGuard runs in a managed cloud environment. Data residency and retention are governed by the SaaS deployment configuration and customer requirements.
- On-Premises / Self-hosted — CloudGuard runs in customer-controlled infrastructure, enabling stricter control of data residency, network isolation, and operational policies.
- Isolated environments — the Security Check Toolbox supports rapid on-site enablement for restricted networks while preserving CloudGuard’s risk modeling logic.
Closed-loop governance
- Prioritize fixes using context, dynamic risk graph modeling, and AI attack-path prediction
- Track remediation tasks and verify outcomes to confirm risk reduction
- Support continuous governance for dynamic assets and frequently changing cloud environments
Auditability and operational controls
CloudGuard is designed to support operational audit needs through clear access boundaries and traceable workflows. In self-hosted deployments, customers can align logging, retention, and access control with their internal policies.
Not a managed security service
CloudGuard is a product platform for detection, assessment, prioritization, and response workflows. It does not provide SOC operations or managed monitoring as a service through this public site.