Subscribe to the Blog

Get articles sent directly to your inbox.

Indeni Cloudrail

Automate security reviews of infrastructure-as-code, so you can build your cloud fast and securely with 3x less noise than comparable tools.

Try Cloudrail for Free

What is Cloudrail?

Cloudrail, a compliance automation tool for infrastructure-as-code, uses a context-engine to analyze your IaC for security issues, highlighting only those that are a true risk to your cloud environment.

  • Gain visibility into security issues immediately, with zero friction.
  • Predict exposures that would occur before the infrastructure-as-code is deployed.
  • Provide developers with guardrails, without the annoyances of noise and false positives.
  • Enforce only the requirements that truly matter to your organization.

 

cloudrail 1
cloudrail 2

How does Cloudrail work?

Cloudrail is a container that is easily integrated into CI pipelines. It takes your Terraform plan and a snapshot of your cloud environment, understands how your cloud will look like if the plan is applied, runs a powerful context engine and finds only issues which can actually be exploited by a bad actor.

The pipeline is only stopped for security issues that truly matter, ensuring your release flow is not interrupted unnecessarily.

Expand All Collapse All

Why do we need a security analysis tool for our cloud environment?

Managing security evaluations of infrastructure-as-code (IaC) files becomes increasingly difficult as a company grows. Many organizations only have a few engineers with cloud security expertise, and they could have tens of thousands of objects running in production at one time. There may be multiple projects happening at the same time, using the same set of Terraform files, or using separate sets of files targeting the same cloud environment and influencing each other. Reviewing all these files manually is time-consuming and can slow down delivery times. And if something is missed, the consequences can be costly. Research commissioned by IBM revealed the average cost of a data breach in 2020 was nearly $4 million.

What is context and how is Cloudrail different from other infrastructure-as-code security solutions?

While there are other solutions that work in conjunction with your infrastructure automation tools to identify security issues early in the development cycle, they are mostly reactive and limited in scope. They only analyze files in the “build state” and are unable to see how issues will affect existing cloud environments. This allows many security issues to go undetected. These solutions also lack an understanding of the relationships between resources, which leads to many false positives. Cloudrail analyzes infrastructure-as-code files together with the cloud environments they are targeting. Because it is capable of executing complicated rules and understanding the relationships between resources (their “context”), it proactively identifies the most critical issues without excess “noise.” 

How does Cloudrail maintain context?

Cloudrail maintains a graph database that tracks resource relations within the context of the network, compute, storage and IAM space. This allows it to see how one cloud resource has access to another. It can answer simple, yet convoluted questions, such as determining what makes any resource exposed to the public before the customer deploys a project in a particular configuration. 

Indeni’s team of cloud security experts regularly update the context engine to analyze additional risk patterns.

How is Cloudrail different from Application Security Testing (AST)?

Application security testing (AST) is the process of making applications more resistant to security threats, by identifying security weaknesses and vulnerabilities in application source code. AST is security testing for application code, think of Cloudrail as security testing for infrastructure-as-code. IaC security testing is the process of making your infrastructure secure by identifying security violations before the infrastructure is deployed.

How much does Cloudrail cost?

Under our Flex plan, each evaluation is $4 after your first 30. Our Standard plan includes 6,000 evaluations per year, starting at $19,800 for 12 months ($3.3 per evaluation) . Our Enterprise plan includes 12,000 evaluations per year, starting at $60,000 for 12 months ($5 per evaluation). Once you have exceeded the maximum number of evaluations for your plan, you will be billed per evaluation. 

An SRE team of a mid-market organization (revenue between $50-100M) supports multiple projects. The average # of evaluations is 325 per month. Under the Flex plan, that’s $1300 per month.

How do I get started with Cloudrail?

There are several ways to try Cloudrail. First, you can see how Cloudrail works before you apply it to your own files. Simply go to https://web.cloudrail.app/signup to see it in action. 

When you’re ready to try it for yourself, go to the AWS Marketplace and try it for free with no obligation under the Flex plan. This gives you 30 free evaluations with no minimum commitment. 

How does Cloudrail benefit my application security process?

Cloudrail provides guardrails to your developers early in the development cycle so they can stay agile without inadvertently compromising security. Cloudrail can detect a misconfiguration or policy violation in an automated fashion. It can be integrated into your CI/CD pipeline to prevent security issues from making into your cloud environment or alert your developer to the issue that needs remediation actions before it is too late. The security shift left approach is good for reducing not only cyber risk but also cost.

Get started by signing up for Cloudrail

See how Cloudrail works without spending a dime.

Try Cloudrail for Free

Let us show you

Meet with a member of the Indeni team for a demo of Cloudrail.

Schedule a Demo

How Cloudrail Helps You

Achieve agility while staying secure.

Unlike other tools, you can safely integrate policy enforcement into your pipeline, without getting in the way of developers. With Cloudrail’s context-aware rules, false positives are no longer an issue.

Improve effectiveness of your security teams.

Cloudrail automates security policy enforcement and eliminates manual security reviews. You can now spend time on more strategic tasks.

Reduce the costs of ensuring a secure cloud infrastructure.

Security issues are found early in the development cycle to prevent an insecure environment from being deployed.

Cloudrail for Every Team

Organizations looking for automatic security policy enforcement can start for free. Upgrade to meet your needs as you grow. Public projects on GitHub get Standard for free.

Flex

Get started for free 30 evaluations per month included Pay as you go. Billed monthly.

$4/evaluation

Standard

As you grow, convert to Standard to take advantage of the volume discount. Billed annually.

$3.3/evaluation with commitment

Enterprise

Upgrade to Enterprise to use the full features set. Billed annually.

$5/evaluation with commitment

Compare Offerings

  • Pricing Details
  • Base cost of contract
  • $0 Get started for free
  • Starting at $19,800/year
  • Starting at $60,000/year
  • Evaluations included
  • 30 per month
  • 6,000 per year
  • 12,000 per year
  • Cost per additional evaluation
  • $4
  • $3.30
  • $5
  • Billing cycle
  • Monthly
  • Annual
  • Annual
  • Number of users
  • Unlimited
  • Unlimited
  • Unlimited
  • Capabilities
  • Data Retention
  • 3 months
  • 3 months
  • 1 year
  • Pre-built context-aware, low noise, security rules
  • Unlimited
  • Unlimited
  • Unlimited
  • Stiching of TF plans with cloud accounts
  • Unlimited cloud accounts
  • Unlimited cloud accounts
  • Unlimited cloud accounts
  • Billing cycle
  • Monthly
  • Annual
  • Annual
  • Number of users
  • Unlimited
  • Unlimited
  • Unlimited
  • Support for TF modules and variables
  • Unlimited custom policies
  • CI/CD integrations (Jenkins, CircleCI, etc.)
  • Dashboarding / Reporting
  • Single Sign-On
  • Corporate (SAML), Google and Github
  • Corporate (SAML), Google and Github
  • Corporate (SAML), Google and Github
  • Custom-developed context-aware rules
  • Custom dashboard /reports
  • Pre-built Integrations (JIRA, Slack, etc.)
  • RBAC
  • Support
  • Chat & email support
  • Enterprise support
  • Includes Account Manager and 8x5 Zoom-based Support

Pricing Details

Base cost of contract

  • $0 Get started for free
  • Starting at $19,800/year
  • Starting at $60,000/year

Evaluations included

  • 30 per month
  • 6,000 per year
  • 12,000 per year

Cost per additional evaluation

  • $4
  • $3.30
  • $5

Billing cycle

  • Monthly
  • Annual
  • Annual

Number of users

  • Unlimited
  • Unlimited
  • Unlimited

Capabilities

Data Retention

  • 3 months
  • 3 months
  • 1 year

Pre-built context-aware, low noise, security rules

  • Unlimited
  • Unlimited
  • Unlimited

Stiching of TF plans with cloud accounts

  • Unlimited cloud accounts
  • Unlimited cloud accounts
  • Unlimited cloud accounts

Billing cycle

  • Monthly
  • Annual
  • Annual

Number of users

  • Unlimited
  • Unlimited
  • Unlimited

Support for TF modules and variables

Unlimited custom policies

CI/CD integrations (Jenkins, CircleCI, etc.)

Dashboarding / Reporting

Single Sign-On

  • Corporate (SAML), Google and Github
  • Corporate (SAML), Google and Github
  • Corporate (SAML), Google and Github

Custom-developed context-aware rules

Custom dashboard /reports

Pre-built Integrations (JIRA, Slack, etc.)

RBAC

Support

Chat & email support

Enterprise support

  • Includes Account Manager and 8x5 Zoom-based Support