2022 CSPM Comparison and Pricing

We recently did a comparison of the top CSPM vendors and did a pricing exercise. If you are unfamiliar, CSPM is more of the compliance side of the house and stands for Cloud Security Posture Management, whereas CWPP stands for Cloud Workload Protection Platform and is more for container and VM scanning.

This blog post is mostly for price transparency so you have some idea of the prices these vendors are charging and for a ballpark measurement. We got a quote for 100 vm/s across the board to get a equitable measurement, for both CSPM and CWPP. There is definitely economies of scale so if you order more there it will be cheaper per vm. All prices listed in USD. We will also give you some notes of what we thought about the vendor overall and what we think they did well.

The list of vendors and their prices:

Orca

Orca was $38,000/100 VMs and included both CSPM and CWPP. Based on our analysis it performed best in the CSPM side of the house compared to the other vendors (it was most accurate). Their focus is agentless scanning, especially of containers. We enjoyed the included threat intel and PII scanning with their solution.

Aqua

Aqua pricing was $5,500/100 vms for CSPM and $150,000/100 vms for CWPP. We felt they were stronger at CSPM than CWPP, even though their CWPP solution was really expensive.

Prismacloud

Prismacloud by Palo Alto was at $15,000/100 vms for CSPM, and $15,000/100 vms for CWPP. They go with a credit system and everything takes credits, at $150 per credit pretty much. Overall they were pretty expensive but had good coverage for everything. Palo alto bought a bunch of solutions and mashed them together. We didn’t like the pricing model though, even stuff like PII scanning would cost you more credits.

Sysdig

Sysdig by the folks that brought you Wireshark, was at $2,400/100 vms for CSPM, and $72,000 / 100 vms for CWPP. Overall we think these guys should have stuck with packet captures, since their solution felt really immature, we had a bunch of problems onboarding onto the trial and they lacked a bunch of CSPM capabilities like the ability to export reports, etc.

Lacework

Lacework came in at $27,000 for 100 vms and included both CSPM and CWPP. Lacework’s focus was container security on the CWPP side of the house and didn’t feel super strong in the CSPM arena.

Summary

Overall, we found Orca to perform the best CSPM (We tested against the latest AWS benchmarks from CIS and they were most accurate. Their agentless CWPP was also very convenient, we had a hard time encouraging our teams to install agents on all their VMs and kubectls. They also included PII data scanning for free, and free threat intel which was nice. This pricing will change over time, but it should give you a snapshot of what we found in 2022. Keep in mind these were inital quotes and in general the vendors are willing to negotiate, especially if you have a competing quote in hand.

Leave a Reply

Your email address will not be published. Required fields are marked *