Cloud Security Tools
Cloud security tools and solutions for securing cloud infrastructure, containers, serverless applications, and multi-cloud environments.
Browse 497 cloud security tools
FEATURED
USE CASES
An archived community-driven collection of open source cloud security tools that provided monitoring and compliance capabilities for cloud infrastructure.
Falco is a CNCF graduated runtime security tool that monitors Linux kernel events and syscalls to detect abnormal behavior and security threats in cloud native environments.
Dagda is a Docker security tool that performs static vulnerability analysis of container images and monitors running containers for malicious threats and anomalous activities.
CloudMapper is an AWS security analysis tool that audits configurations, identifies misconfigurations, analyzes IAM policies, finds unused resources, and provides network visualization capabilities.
Sysdig is a universal system visibility tool that provides deep monitoring and analysis capabilities for traditional systems and containerized environments through system call tracing and network activity monitoring.
A multi-account AWS security tool that identifies misconfigurations, provides real-time reporting, and performs automated remediation to establish secure cloud guardrails.
An open-source script that performs automated security assessments of Docker containers and hosts against CIS Docker Benchmark standards.
Docker's Actuary is an automated security assessment tool that checks Docker container deployments against configurable best-practice checklists to ensure production readiness.
YaraHunter scans container images, running Docker containers, and filesystems using YARA rules to detect malware indicators and signs of compromise.
SecretScanner is a standalone tool that scans container images and filesystems to detect approximately 140 types of unprotected secrets and sensitive credentials.
MKIT is a Docker-based security assessment tool that identifies common misconfigurations in managed Kubernetes clusters across AKS, EKS, and GKE platforms.
SkyWrapper analyzes temporary token behaviors in AWS accounts to detect suspicious activities and generates Excel reports with findings summaries.
A deprecated Kubernetes workload policy enforcement tool that helped secure multi-tenant clusters through various security policies and configurations.
A Docker security analysis tool that scans containers and networks to identify vulnerabilities and security weaknesses in Docker environments.
Clair is an open source static analysis tool that scans application containers for known vulnerabilities through API-based image indexing and matching.
Buildah is a command-line tool for building and managing container images in OCI and Docker formats without requiring a running daemon.
A setuid implementation of user namespaces that enables running unprivileged containers without root privileges as a secure alternative to traditional container runtimes.
Atomic Reactor is a Python library and CLI tool for building Docker images with advanced features including Git integration, registry operations, and build system integration.
Cloudmarker is a configurable cloud monitoring tool and framework that audits Azure and GCP environments by retrieving, analyzing, and alerting on cloud security data.
HAWK is a multi-cloud antivirus scanning API that uses CLAMAV and YARA engines to detect malware in AWS S3, Azure Blob Storage, and GCP Cloud Storage objects.
Red October is a TLS-based encryption server that implements two-man rule authorization, requiring multiple users to collaborate for cryptographic operations.
Cloud Sniper is a centralized cloud security operations platform that provides incident response, threat correlation, and automated security actions for cloud infrastructure protection.
A Docker security vulnerability where disabling inter-container communication (ICC) fails to block raw ethernet frames, allowing unexpected data transfer between containers via raw sockets.
TerraGoat is a deliberately vulnerable Terraform repository that demonstrates common cloud infrastructure misconfigurations for training and testing security tools.
Cloud Security Specializations
497 tools across 9 specializations · 135 free, 362 commercial
Cloud Access Security Broker
Cloud Access Security Broker (CASB) solutions that provide visibility, compliance, data security, and threat protection for cloud services and applications.
Cloud Application Detection and Response
Cloud Application Detection and Response (CADR) platforms for real-time threat detection, incident response, and security monitoring in cloud application environments.
Cloud Investigation and Response Automation
Cloud Investigation and Response Automation (CIRA) tools for automated incident investigation, threat hunting, and security response orchestration in cloud infrastructures.
Articles About Cloud Security
Tool roundups, buying guides, and strategic analysis from the CybersecTools resource library.
Best Cloud Web Application and API Protection Tools in 2026
Compare the best cloud WAF and WAAP tools in 2026: Cloudflare, Akamai, F5, Fortinet, Check Point, Cisco, and Radware reviewed for real deployments.
Best Cloud Security Tools in 2026
The best cloud security tools in 2026: CNAPP, CSPM, SSPM, WAF, and CASB platforms reviewed for real-world deployment. Find the right fit for your stack.
Best Container Security Tools in 2026
The best container security tools in 2026: runtime detection, image scanning, Kubernetes policy, and supply chain security compared for real-world deployments.
Cloud Security Tools FAQ
Common questions about Cloud Security tools, selection guides, pricing, and comparisons.
CSPM (Cloud Security Posture Management) monitors cloud configurations for misconfigurations and compliance violations. CWPP (Cloud Workload Protection Platform) secures the workloads running in the cloud (VMs, containers, serverless). CNAPP (Cloud-Native Application Protection Platform) unifies CSPM, CWPP, and often CIEM into a single platform, providing security from code to cloud in one solution.
For organizations with simple cloud environments (single provider, few workloads), separate best-of-breed tools for CSPM, container security, and IAM may suffice. For multi-cloud environments with containers, serverless, and IaC, a CNAPP consolidates these capabilities, reduces alert fatigue from tool sprawl, and provides unified risk prioritization across the full cloud stack.
The most exploited cloud misconfigurations include: publicly accessible S3 buckets or storage blobs, overly permissive IAM roles, unrestricted security groups allowing 0.0.0.0/0 access, unencrypted databases and storage, disabled logging and monitoring, and default credentials on cloud services. CSPM tools continuously scan for these issues across AWS, Azure, and GCP.
Container security requires a multi-layered approach: scan container images for vulnerabilities before deployment, enforce admission controls in Kubernetes, use network policies to segment pod communication, implement runtime protection to detect anomalous container behavior, manage secrets securely (never in environment variables), and continuously monitor for drift from known-good configurations.
