Listed CSPM pricing highly varies based on several factors, including:
- Features: Enterprise-level capabilities such as compliance reporting, and DevOps security features.
- Number of assets: The scale of monitored resources (e.g. instances, storage, and other cloud workloads).
- Number of users: Users requiring access to the CSPM platform and its features.
| Vendor | Starting price (1-year plan) | Pricing details | Free trial |
|---|---|---|---|
| Wiz | $24,000 | For 100 cloud workloads | ✅ – 14 days |
| Microsoft Defender for Cloud | $4,500 | For 500 cloud workloads | ✅ – 30 days |
| CloudGuard CSPM | ~$100,000 | Custom pricing | ✅ |
| SentinelOne Singularity Cloud Security | ~$120,000 | Custom pricing ($69.99 for 1 endpoint) | ✅ – 30 days |
| Lacework | $23,200 – $43,000 | For companies with up to 200 employees | ✅ – 14 days |
| Orca Security | $84,000 | For monthly concurrent workload usage | ✅ – 30 days |
| Prisma Cloud | $9,000 | For 100 Prisma Cloud Credits* | ✅ – 30 days |
| Aqua Security | $10,000 – $50,000 | N/A | ✅ |
The starting price represents monthly payments for annual plans. Data is obtained from vendor websites, AWS Marketplace1 , and vendr2 .
*Prisma Cloud is licensed using “Prisma Cloud Credits,” which can be purchased in increments of 100. The license model defines cloud resources and capacity costs in Prisma Cloud Credits.
How to choose the right CSPM plan?
A solution that works well for a small startup may not be appropriate for a large organization with complex threat detection, and multi-cloud protection needs. Addressing how the solution fits your specific organizational structure and the problems is critical. For example:
- Simple use case: If you only need insight into your cloud assets and security posture across a few virtual machines, a basic CSPM solution (e.g. SentinelOne Singularity Cloud Security (core plan)) that focuses on providing endpoint protection can be sufficient.
- Complex use case: If you need to address more complicated challenges such as real-time threat detection, and multi-cloud protection, you should consider solutions such as Microsoft Defender for Cloud with DevOps security features and enterprise-level capabilities.
For more see our data-driven research about CSPM:
Microsoft Defender for Cloud
Microsoft Defender for Cloud is free for the first 30 days. After 30 days you will be charged according to the pricing plans outlined below:
Foundational CSPM (free version) offers security recommendations, asset inventory, and workflow automation.
Microsoft Defender for Cloud CSPM is priced at $5.11/Billable resource/month and offers additional security posture features such as:
- agentless vulnerability detection,
- attack path analysis,
- risk prioritization,
- and risk hunting with Security Explorer.
These features are available through two pricing options:
1. The Pay-as-You-Go plans:
| Resource type | Resource | Price |
|---|---|---|
| Servers | Microsoft Defender for Servers Plan 1* | $4.906/server/month |
| Servers | Microsoft Defender for Servers Plan 2 | $14.60/server/month |
| Containers | Microsoft Defender for Containers | $6.8693/vCore/month |
| Databases | Microsoft Defender for SQL | $15/Instance/month |
| Databases | Microsoft Defender for SQL outside Azure | $10.95/Instance/vCore/month |
| Storage | Microsoft Defender for Storage | $10 per storage account/month |
| APIs | Microsoft Defender for APIs Plan 1 | $200.02 per subscription/month up to 1 million API calls |
| APIs | Microsoft Defender for APIs Plan 2 | $700.00 per subscription/month up to 5 million API calls |
| APIs | Microsoft Defender for APIs Plan 3 | $4,999.99 per subscription/month up to 50 million API calls |
| APIs | Microsoft Defender for APIs Plan 4 | $6,999.97 per subscription/month up to 100 million API calls |
| APIs | Microsoft Defender for APIs Plan 5 | $50,000.04 per subscription/month up to 1 billion API calls |
| Service Layer | Microsoft Defender for App Service | $14.60/Instance/month |
| Service Layer | Microsoft Defender for Key Vault | $0.25/Vault/month |
| Service Layer | Microsoft Defender for Resource Manager | $5.04/Subscription/month |
- *Defender for Servers Plan 1 is the entry-level plan, focusing on endpoint detection and response (EDR) capabilities.
- Defender for Servers Plan 2 offers the features of Plan 1 and more, including:
- Agentless scanning
- Compliance assessment
- File integrity monitoring
- Assessing operating system updates
2. The 1-Year Pre-Purchase plan:
When you pre-purchase Microsoft Defender, you receive Cloud Commit Units, which can be used in various ways.
For example, if you purchase 5,000 Commit Units for a year you will pay $4,500. You can utilize these units with Defender for Servers Plan 2 to leverage agentless scanning and compliance assessment features.
Similarly, you can use it as a part of Microsoft Defender for Cloud CSPM’s one-year plan for 20 virtual machines (Azure VMs), which requires 4800 Commit Units.
The first 5 purchasing tiers for pre-purchase plan Commit Units are listed below:
| Tier | MDC Commit Units | Price |
|---|---|---|
| 1 | 5,000 | $4,500 |
| 2 | 10,000 | $8,800 |
| 3 | 25,000 | $21,500 |
| 4 | 50,000 | $42,000 |
| 5 | 75,000 | $62,250 |
Pricing varies according to cloud capacity based on server, storage account, and database counts.
Note that, the solution also includes DevOps security features (e.g. compliance enforcement), which allow security teams to embed security practices into CI/CD pipelines, identifying vulnerabilities early in development.
SentinelOne Singularity Cloud Security
SentinelOne offers 5 subscription-based pricing models tailored to the number of endpoints you expect to protect (for 5-100 workstations). See features included in SentinelOne Singularity Cloud Security’s pricing plans:
| Feature | Singularity Core | Singularity Control | Singularity Complete | Singularity Commercial | Singularity Enterprise |
|---|---|---|---|---|---|
| Role-based access control | ✅ | ✅ | ✅ | ✅ | ✅ |
| Multi-client administration | ✅ | ✅ | ✅ | ✅ | ✅ |
| Autonomous detection and response | ❌ | ❌ | ✅ | ✅ | ✅ |
| Extended detection and response (XDR) | ❌ | ❌ | ❌ | ✅ | ✅ |
| Managed threat hunting | ❌ | ❌ | ❌ | ✅ | ✅ |
| Managed detection and response | ❌ | ❌ | ❌ | ➕ | ➕ |
| Network discovery | ❌ | ❌ | ❌ | ❌ | ✅ |
| Forensic data collection | ❌ | ❌ | ❌ | ❌ | ✅ |
Below is a breakdown of the three examples of pricing tiers:
Singularity Core: The starting price is $69.99 per endpoint per year. This tier is focused on foundational security for small to medium-sized businesses or minimalistic security needs. Features include:
- Base-level endpoint protection Platform (EPP) capabilities (e.g. blocking file-based and fileless malware).
- Next-generation antivirus (NGAV) with behavioral detection, and machine learning algorithms to prevent ransomware, trojans, and exploits.
- 1-click remediation for threat elimination and system recovery.
Singularity Control: The starting price is $79.99 per endpoint per year. This tier is ideal for small to mid-size organizations needing extra control and visibility over their endpoint environment. Features include:
- All Core-tier capabilities.
- Customized firewall settings.
- Device control for USB and Bluetooth devices with granular policy settings.
Singularity Complete plan is ideal for enterprises that need automated detection, and response capabilities across their cloud environments. Pricing starts at $159.99 per endpoint annually. Features include:
- Includes all Core and Control functionalities.
- Endpoint detection and response (EDR) and extended detection and response (XDR).
- Real-time threat hunting and context visibility.
- 14 days of EDR data retention.
Singularity Commercial is ideal for commercial businesses needing complex identity security and IAM integrations. Its starting price is $209.99 per endpoint annually. Features include:
- All functionalities of the Complete tier.
- Identity threat detection and response (ITDR) for Active Directory (on-premises or Azure AD).
- Vulnerability detection with RangerADtool and credential theft prevention.
- Data retention of 30 days.
Additional costs: Note that SentinelOne offers additional managed services that can be purchased to complement the platform, such as:
- Custom monitoring services scan workstations, servers, and networks to optimize cloud security coverage.
- Expert support for deployment and ongoing management.
Prisma Cloud
Prisma Cloud offers a flexible pricing model based on Prisma Cloud Credits, which are allocated to the features you utilize (credit usage is measured hourly.).
The annual pricing for credits is as follows:
- Business Edition Credits: $9,000 for 100 credits per year.
- Enterprise Edition Credits: $18,000 for 100 credits per year.
Prisma Cloud is offered as a one-, two-, or three-year subscription in the following plans:
Prisma Cloud Compute Edition is a subscription-based model that provides workload protection for hosts, containers, and serverless deployments. It uses 2 Credits per feature.
Prisma Cloud Enterprise Edition is a subscription-based SaaS offering with two product plans. These product plans give you the option of where and how you protect your code and cloud environments. It 5 Credits per feature.
1. Cloud Security Foundations provides agentless visibility and compliance for multi-cloud environments. It offers the following modules via an agentless architecture:
- Real-time threat and misconfiguration detection for IaaS and PaaS
- Compliance management
- Agentless workload scanning
- Infrastructure as code (IaC) misconfiguration detection
- Least-privileged access implementation.
2. Cloud Security Advanced adds on Cloud Security Foundations’ use case coverage and offers real-time, prevention-first capabilities. Modules include:
- Host, container, and serverless runtime security
- Web Application and API Security
Lacework
Lacework’s pricing model is determined by the size of your organization. The following are the estimated pricing intervals for annual subscriptions:
- For small to mid-sized organizations: $23,000 – $43,000
- For mid-sized organizations: $46,000 – $79,000
- For large enterprises: $68,000 – $142,000
Note that, these pricing estimates are subject to change based on factors such as:
- Cloud infrastructure usage: Number of workloads, cloud environments (AWS, Azure, Google Cloud), and scalability.
- Features utilized: Features like agentless scanning, and compliance tracking.
- Custom requirements: Add-ons or specialized integrations.
What is cloud security posture management?
Cloud security posture management (CSPM) is the method of managing public cloud infrastructure risk. CSPM technologies automate the identification and correction of misconfigurations across cloud resources (for example, Amazon EC2 instances). Organizations utilize CSPM in public and multi-cloud environments to lower the risk of breaches and increase regulatory compliance.
Cloud security posture management (CSPM) tools explained
Cloud security posture management (CSPM) is a growing industry for security compliance and vulnerability management tools that are required to secure computing environments. CSPM solutions are also part of the secure access service edge (SASE) technology market, which also includes:
- software-defined perimeter (SDP)
- cloud access security brokers (CASB)
- zero trust networking software
These vendors monitor cloud services, apps, containers, and infrastructure to discover and address misconfigurations or policies. Furthermore, CSPM vendors can develop customized solutions that often resolve issues automatically based on administrator-defined rules.
Comments
Your email address will not be published. All fields are required.