Sold by: Sweet Security
Deployed on AWS
Sweet Security delivers runtime cloud detection and response, providing real-time visibility into applications and workloads. By analyzing live runtime behavior, Sweet detects active threats, enables fast investigation, and empowers security teams to respond with confidence and speed.
4.3
Overview
Sweet Security delivers a runtime-powered detection and response platform that provides real-time visibility into applications, workloads, and cloud environments.
Powered by deep runtime context and AI-driven analysis, Sweet detects sophisticated threats as they happen, cutting through noise and surfacing only what truly matters. Security teams gain the ability to investigate incidents quickly, understand attacker behavior in context, and respond decisively.
By focusing on real runtime activity rather than static signals, Sweet helps organizations move from reactive alert chasing to proactive threat detection and rapid response, enabling teams to stop real attacks in real time.
Highlights
- Widest coverage and unparalleled protection across the entire cloud stack within a single runtime solution.
- Lean sensor technology that requires minimal resources and takes only minutes to deploy.
- 30+ out-of-the-box integrations with SIEM, SOAR, notification and ticketing systems, and more.
Details
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/12 months |
|---|---|---|
Sweet Primary | Secure 100 workloads with log-based cloud runtime protection | $50,000.00 |
Sweet Advanced | Secure 100 workloads with comprehensive cloud runtime protection | $60,000.00 |
Vendor refund policy
For more information about refunds, please contact support@sweet.security .
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Support
Vendor support
Personalized onboarding and on-demand training, 1:1 slack channel for fast communication with our technical teams, access to our docs for guides/how-to articles/best practices, support email available 24/7: support@sweet.security .
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By Sweet Security
By Uptycs
![Tenable Cloud Security [Private Offer Only]](https://d7umqicpi7263.cloudfront.net/img/product/22b9f065-b28f-4713-a430-d04cee1d6c4b.png)
By Tenable, Inc.
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Runtime Threat Detection
AI-driven analysis of live runtime behavior to detect sophisticated threats and active attacks in real-time across applications and workloads.
Cloud Stack Coverage
Comprehensive protection across the entire cloud stack within a single runtime solution.
Lightweight Sensor Architecture
Minimal resource consumption sensor technology deployable in minutes without significant infrastructure overhead.
Contextual Incident Investigation
Runtime context analysis enabling rapid investigation of incidents with visibility into attacker behavior and attack patterns.
Multi-Cloud and Workload Coverage
Supports deployment across more than 40 AWS services including compute, containers, storage, databases, networking, developer tools, management and governance, analytics, security, application integration, end user computing, machine learning, and migration services. Extends coverage to public and private cloud, Kubernetes, rare Linux distros, IBM LinuxONE, Linux on Z, IBM Power, AIX, and HPC environments.
Unified Security Data Platform
Consolidates cloud security into a single console with unified policy framework and data lake. Normalizes security telemetry close to collection point and streams into detection cloud for queryable attack surface analysis without ETL requirements.
Full Lifecycle Application Protection
Provides end-to-end protection including malware and suspicious behavior detection on developer endpoints, vulnerability identification in build process, secure configuration verification, runtime monitoring, exposure scanning, full attack path analysis, anomaly and behavior-based threat detection, Infrastructure as Code misconfigurations identification, and Identity Threat Detection and Response (ITDR) capabilities.
Agentless and Agent-Based Detection
Offers instant-on agentless coverage with optional osquery-based agent utilizing eBPF technology for runtime protection, advanced remediation, and forensics. Agent designed to minimize memory, CPU, and disk I/O footprint while providing rich security telemetry including file system files, Augeas lens, DNS lookups, sudoers list, and disk encryption data.
Compliance and Security Standards Support
Supports CIS benchmarks, HIPAA, ISO 27001, NIST, PCI, and SOC 2 compliance requirements. Includes file integrity monitoring (FIM), vulnerability scanning, security hygiene assessment, cyber asset management, and 13-month historical data lookback for compliance and forensic analysis.
Cloud Security Posture Management
Automated assessment and management of cloud infrastructure configuration, identity, and access posture across AWS environments
Identity and Access Entitlement Management
Identity-first approach to discover, analyze and remediate excessive entitlements and misconfigured access privileges with automated least-privilege policy generation
Runtime Threat Detection
Continuous monitoring and detection of security threats during workload execution with advanced analytics for risk prioritization
Infrastructure as Code Security
Scanning and assessment of infrastructure as code configurations to identify misconfigurations and security risks before deployment
Kubernetes Security Posture Management
Dedicated security posture assessment and management for Kubernetes environments including workload protection and compliance monitoring
Validated by AWS Marketplace
FedRAMP
GDPR
HIPAA
ISO/IEC 27001
PCI DSS
SOC 2 Type 2
No security profile
-
-
-
-
-
No security profile
Standard contract
No
No
No
Customer reviews
reviewer2805510
Runtime-first security has transformed real-time threat detection and reduced alert fatigue
Reviewed on Apr 10, 2026
Review from a verified AWS customer
What is our primary use case?
My main use case for Sweet Security as a distributor is to distribute to our partners within the UK channel, and they then take it to their customers who are looking for a cloud-native platform that offers advanced threat detection and incident response capabilities to provide deep runtime context to security teams, enabling them to quickly extract actual attack narratives. Sweet Security is designed to protect sensitive data in cloud environments, understand the environment, and respond to any threats as they occur. The platform leverages runtime insights to deliver comprehensive protection across all layers of the security stack.
I can provide a specific example of how one of my partners' customers has used Sweet Security in practice. Organizations primarily utilize Sweet Security for VM vulnerability management on cloud assets, particularly with AWS , which enhances runtime visibility and enables effective threat detection. Sweet Security is integrated for runtime protection and has evolved to support broader security ranges. It allows users to visualize cloud relationships, understand dependencies, and manage vulnerabilities from a code perspective. Sweet Security provides real-time security event response for security teams.
What is most valuable?
What stands out about my main use case and how my partners use Sweet Security is the deep runtime visibility and application layer security, particularly for APIs and microservices. This is where most traditional CNAPP solutions are weakest, and this is where Sweet Security performs exceptionally well. Additionally, in production environments, Sweet Security is focused on detecting and responding to real-life effects in live production environments. It correlates signals across cloud, apps, identity, and data into a single attack story. The way it contextualizes information in story form is another real positive, which I found mentioned by other reviewers as well.
Before Sweet Security, partners and customers needed to conduct extensive investigations when they found detection of activity across all different platforms and security logs until they could identify what was actually wrong in the bigger picture. Sweet Security enabled teams to see each detection of activity upon every request made from the application level towards the infrastructure, making it much easier and reducing the time for an analyst to understand what is really happening. It provides real-time visibility in the cloud environment, which is a massive differentiator because teams are seeing events as they happen, live in real time.
Sweet Security's capabilities in runtime coverage impact my overall security strategy and the strategies of my partners by allowing us to capture threats as they occur in the live production environment in real time. We are capturing code-level events because we have shifted right in our approach. This is a key point to add: we are not traditional tools on the left side of the shift. We shift right, which means we operate in production and in real time. We are not pre-code or pre-cloud. We have shifted right, and this is a massive positive for time efficiency, workload efficiency, and more importantly, being proactive rather than reactive across the cyber landscape.
What needs improvement?
Sweet Security can be improved in terms of product maturity and ecosystem. It has a smaller market presence, so we do not have as many large enterprise deployments. Sweet Security is less mature than competitors such as Wiz or Palo Alto Networks. Some competitors provide better integrations and workflow tooling. Additionally, as a new vendor, there is a new market perception and higher perceived risk, which relates to trust of the product. Some competitors are seen as safer and more established choices. Since Sweet Security operates in the production live environment, there have been a couple of problems reported where issues occurred in production environments. However, these have been resolved within about an hour or two. Having that risk is always going to be a negative.
As a cloud-native platform solution, Sweet Security is really good overall. There are only a couple of areas for improvement, such as not being fully 100% production safe, and the reality that its competitors are global, well-known companies such as Palo Alto and Wiz .
For how long have I used the solution?
I have been working in my current field for about 18 months. I have been using Sweet Security for about 18 months, as long as I have been working within cyber. Sweet Security, as a cloud-native platform, has been part of my experience for approximately 18 months.
What do I think about the stability of the solution?
From my observations, Sweet Security is stable, as I find that user experience does not tend to reveal many production problems, and when they do occur, they are resolved quickly. Users have reported that they are very satisfied and Sweet Security garners praise while maintaining a stable environment across diverse scenarios. It is extremely stable, and I would give it a nine out of ten because if a problem does occur, it is resolved quickly.
What do I think about the scalability of the solution?
Regarding scalability, I find that deployment is quite straightforward across multiple different infrastructures. However, regarding performance with large-scale infrastructures, particularly those of enterprises across cloud assets, it sometimes struggles. Smaller to medium-sized enterprises or organizations represent the sweet spot for Sweet Security. There may be a couple of issues with scalability at the top level of enterprise and large organizations. While many find the scalability is good, it could be rated a bit lower if it was trying to cater exclusively to enterprise organizations. The best sweet spot is small to medium organizations, and there have been some issues with scalability across large enterprise organizations.
How are customer service and support?
Sweet Security excels in customer support, as they provide on-hand, prompt, hands-on assistance. Their customer service and CSM team address issues, and users get a line to a specialist who are the right experts and are involved in technical support. They are quick to resolve any issues that are encountered. This is why, even if the price is a bit higher, users get ROI from the price they pay because of the constant user help provided by customer service and support.
I would rate customer support a nine out of ten because they maintain a competitive price, offer trial periods, provide follow-up, are very responsive, and are effectively hands-on in assisting and offering prompt service and support.
How was the initial setup?
Sweet Security is deployed in my organization in a straightforward manner for multiple users across our partners and customers. While some experienced a few challenges, including a couple of bug log connections, the process was mostly easy and quick to implement. Generally, across variant sizes of teams, the setup was effective and took a couple of days depending on the approach from the security teams.
What was our ROI?
Sweet Security has positively impacted my organization by providing faster incident response in minutes versus hours, reducing alert fatigue through significant noise reduction because of the prioritization feature, giving better prioritization of exploitable risk, and providing better coverage for both traditional and AI-based apps. Sweet Security also improves visibility across multi-cloud environments and provides a unified visible platform. Most of the cyber landscape is moving toward platform plays, so Sweet Security is well-positioned in this direction. Most importantly, it moves from finding misconfigurations to detecting and stopping threats in real time in the environment.
Alert fatigue is always happening because at the end of the day, what we look for is not swimming through noise. Therefore, time is saved by the analyst or security team. The ROI is that we are not waiting for a breach but being proactive rather than reactive. Most people in that proactive phase find that it gives them the ability to find their infrastructure's breach attack paths and understand where they are most vulnerable to exposure. Sweet Security really does provide that proactive rather than reactive mentality within the cyber landscape.
Sweet Security has helped my team and my partners prioritize risks and threats more effectively because everything that comes out represents real-life detects and threats. Every time we see a threat, we push it through to our first-line support team so they can action it. Everything we see on Sweet Security then gets pushed and actioned because it represents real-time threats, and we are getting ahead of the curve. We can then over time as an ROI see where we are best suited and where we are finding most risks. From there, in our security stack or platform, we can assess whether we need to invest in a new tool, giving us ROI to take through the board to explain that this is where we are getting breached most and that having a tool like X will help with Y.
I have seen a return on investment where time saved is the best benefit because we are not working through hundreds of vulnerabilities. Sweet Security condenses it down, contextualizes it, and allows us to identify what is really going to breach us in real time. That is the best ROI. Additionally, we can spend less time worrying about where we will not get breached with vulnerabilities that might not be anywhere near breachable. However, if we find that certain cloud vulnerabilities come up time and time again, we can look into a tool that will help that as well. We can invest in that tool and go to the board or executive level explaining that we need this tool because Sweet Security has pinpointed specific issues, and we need to have this to prevent that from happening because we are seeing that as an ongoing problem we keep finding using Sweet Security.
What's my experience with pricing, setup cost, and licensing?
My experience with pricing, setup cost, and licensing has been that Sweet Security's pricing is quite fair and cost-effective by many users. It is not the cheapest option, but it offers competitive rates compared to its competitors. It shows better value through ROIs by reducing reliance on other tools because you can have Sweet Security as a platform across many different cloud tools. Obviously, the pricing depends on the specific company and what they are actually using it for, but overall, it highlights great value. Sweet Security works well for enterprise-level businesses, which many startups or newer companies struggle with. Overall, it is a fair and cost-effective solution because of the platform play and how it integrates and works.
Which other solutions did I evaluate?
I evaluated other options before choosing Sweet Security, including Wiz and Palo Alto. I also work with Tenable as a CNAPP platform, as they have released a new cloud component as part of their Tenable One platform.
What other advice do I have?
I would describe the effectiveness of Sweet Security's Layer-7 network traffic inspection in understanding application requests and responses as very important. Sweet Security monitors real-time API and service-to-service traffic in production while building context around normal versus abnormal application behavior. What Layer 7 detects in Sweet Security is essential because many modern attacks do not break infrastructure; they abuse applications. Traditional CNAPP tools often just look at misconfigurations and CVEs, whereas Sweet Security adds depth by focusing on runtime behavior. Sweet Security's Layer 7 capability means real-time visibility into API and application behavior to detect attacks that bypass infrastructure-level defenses.
I would assess the integration of LLMs in Sweet Security's vulnerability management as beneficial because they can summarize complex runtime security events in plain English. This gives faster alert triage and investigation and reduces alert noise. CNAPP tools can normally generate many alerts, but LLMs filter duplicates, group related issues, and prioritize real threats. This is why we are experiencing better time efficiency because we are prioritizing real threats and taking away alert fatigue. LLMs help interpret API and application layer behavior, which is useful for understanding normal API flows and authentication abuse, providing strong Layer 7 contextual analysis. Additionally, LLMs enable executive-ready reporting by converting technical incidents into summaries, impact analysis, and business risk explanations, making it much easier to communicate with leadership. The LLM integration with Sweet Security improves detection, reduces noise, and turns complex runtime cloud security data into clear, actionable intelligence.
My advice to others looking into Sweet Security is to examine whatever cloud-native platform they have, run a free trial, and attempt a proof of value or proof of concept. Learn about it, use it, and compare it to what you currently have. Although it may not be as well-known as Wiz, Palo Alto, or Tenable CNAPP, Sweet Security definitely stands the test of time and is a great product. Everything I have mentioned is truly excellent. Sweet Security represents the next generation of CNAPP that differentiates through a runtime-first approach and focuses on detecting and responding to real attacks in environments. For me, that provides correlating signals across cloud, app, and identity. What stands out against traditional tools is that we are shifting right in our approach. If you want to be proactive rather than reactive, Sweet Security is a strong CNAPP enterprise vendor that any organization should consider.
As a shifting-right technology in the production environment responding to real-time threats with Layer 7 integration and LLMs to help contextualize risk and show where breaches will occur rather than providing a long list of vulnerabilities, Sweet Security offers competitive pricing and great customer service. I would highly recommend that people research Sweet Security, trial it, and definitely compare it to their current CNAPP platform. I would rate this review an eight out of ten overall.
Filippos Malandrakis
Continuous runtime security has improved visibility while the interface still needs refinement
Reviewed on Feb 27, 2026
Review from a verified AWS customer
What is our primary use case?
I'm mostly using Sweet Security for real-time infrastructure security. If there is any threat, I want to detect it in real time. That's the main use case. Vulnerability management is one other benefit I am getting from Sweet Security as well.
What is most valuable?
In terms of the best features of Sweet Security, I haven't had any threat detected in the sense that there hasn't been any incident so far while Sweet Security is in place. In terms of vulnerabilities, I got some good findings and some good vulnerabilities were detected. Software that was on my infrastructure had known vulnerabilities and I was able to patch it timely. These things I was unaware of before installing Sweet Security on my infrastructure. So it was pretty good.
The Layer 7 network traffic inspection in Sweet Security has been pretty good. It can understand the traffic that's coming and can find potential credentials from users in this traffic, for example. Overall, it can detect sensitive data in this traffic very well.
Having runtime coverage with Sweet Security is also one of my audit requirements toward getting a certification. So having this in place will help me toward getting a certification in the future.
Having real-time visibility into my cloud environment with Sweet Security has changed the way my team detects and responds to threats. I didn't have a tool in place before. I have established a process for potential real-time threat findings, but I haven't had any yet, so I was not able to test this process yet.
Sweet Security helps unify various aspects of security detection into a single platform. It provides real-time infrastructure security and vulnerability management. It also monitors Layer 7 traffic for credential leaks and helps with vulnerability management on cloud accounts to detect if something is not configured properly. It's a lot of different functionality.
For the time I have been using Sweet Security, I feel a bit more safe in the sense that there is something that continuously scans my infrastructure for issues. I didn't have a solution in place for that before. So it has provided me peace of mind. In terms of actual findings, it found several vulnerabilities in my software. This has been definitely a benefit toward operating more secure software on infrastructure.
What needs improvement?
One thing I think Sweet Security can definitely improve is that they have a lot of features, but the UI right now is not so well designed in my opinion. It's a bit difficult to navigate and get to the signal. There is a lot of signal there, but it's a bit difficult to get to the correct place and understand what I am seeing. It has a small learning curve that I don't think such a product should have. It should be very straightforward.
Sweet Security has a mechanism where they initially show all the vulnerabilities that are in my infrastructure, which they show as a huge number, maybe around ten thousand, and they narrow it down to which of these could actually be exploited and are actually severe. It's nice that they are able to narrow it down to a few incidents. However, they don't really need to show this in the UI. Maybe they can just show the actual signal and not show that there is a lot of vulnerabilities, but indicate which are important. That's good that they can do it, but it's not so important to see it every time in the platform.
For how long have I used the solution?
I have been using Sweet Security for one to two months.
What do I think about the stability of the solution?
There were some issues during the proof of concept with Sweet Security. I would rate the stability at nine out of ten.
What do I think about the scalability of the solution?
I have a feeling that Sweet Security is better for small to medium-sized companies. I cannot give a one hundred percent answer here because I haven't tried to scale it. My infrastructure is not very big and my team is not very big, so these are just assumptions. However, the user interface that I see doesn't make me very confident that I will be able to extract information in case I had hundreds or thousands of Kubernetes clusters or hundreds or thousands of hosts. In terms of scalability, I would rate Sweet Security at five out of ten.
How are customer service and support?
If I take into account everything and all the support I received during the onboarding of Sweet Security, I would score it at nine out of ten.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I have previously used Wiz .
How was the initial setup?
I wouldn't say the deployment of Sweet Security is too complex. There was some bug in the Sweet Security UI at first that didn't allow me to fully connect the sensor to AWS logs or something. However, apart from that, once they resolved this issue, the installation itself is not very difficult. It's straightforward. It took days to get Sweet Security implemented.
What was our ROI?
With Sweet Security, it's something around ten to twenty percent resources saved.
What's my experience with pricing, setup cost, and licensing?
One very strong point of Sweet Security is their pricing. It's really good. Also, their team is very good, very responsive, and motivated. They gave me a trial period, did multiple follow-ups, and were reviewing themselves the findings to actually understand how their product is performing. I got a very hands-on team compared to other solutions I evaluated where I didn't see such an attitude.
Which other solutions did I evaluate?
We didn't evaluate other tools as we were moving from a purely manual process. Implementing Sweet Security automated our monitoring and alerts, saving us approximately 20% in time compared to our previous manual methods.
What other advice do I have?
I am using the eBPF sensor in Sweet Security. The usage of the eBPF-based sensor has been pretty low. I was concerned about this initially because these sensors typically are pretty resource-intensive. However, this specific one is below one gigabyte of RAM and has very low CPU usage. The RAM consumption is around three hundred megabytes and the CPU usage is around three percent of one core. It's super low.
I haven't tried the LLM-based reply scanning feature in Sweet Security yet. I recently received a message that they are also doing LLM reply scanning now, but I haven't tested this one yet.
It hasn't really saved me time, I would say. It actually creates more work because it makes me aware of things that I was not aware of before. I would probably receive a different answer from a company that had another tool before and now has Sweet Security, but for me, I didn't have any tool before, so Sweet Security creates more work now. However, it's good to have.
Babylon is a pretty small company, so the number I'll give for Sweet Security usage is up to ten users. That's a small number.
I am a global company with Sweet Security and operate remotely.
I have integrated Sweet Security with AWS and have integrated it with my own on-premises infrastructure as well. I have tried a few more integrations. I requested an integration with PagerDuty and an integration with GitHub audit logs, which they both don't have. They haven't implemented this and it's been almost half a year now. So they have some things, but they could have more.
I would definitely recommend Sweet Security to companies like mine, to small companies, small to medium-sized companies, or startups that need somewhere to start, need to get a lot of things from a single tool, don't want to pay a lot of money, and want to build the initial security. My overall review rating for Sweet Security is seven out of ten.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
reviewer2761083
Has reduced investigation time by correlating application and infrastructure events
Reviewed on Sep 30, 2025
Review from a verified AWS customer
What is our primary use case?
We are cloud native and are using Sweet Security for call runtime protection. It is much bigger than just runtime protection, but the main use case was bringing Sweet Security for runtime protection services and it grew into a platform that we can utilize for many different things.
We are using it instead of a CSPM and for visualizing what we call code-to-cloud, our code-to-cloud vision, to better understand the different packages and different dependencies that we have within the cloud runtime. It helps us a lot in understanding which vulnerabilities we should tackle from the code perspective.
What is most valuable?
I really love the feature within Sweet Security platform that allows you to visualize the specific packages or functions that are being loaded to the memory and are actually being executed by the operational system. The fact that they know how to filter those really helps to reduce our time invested in the triage and also in the remediation and mitigation steps for which vulnerability. This is an amazing feature. It's not the main feature of the platform, but that's something I really love about it.
Before we had Sweet Security, upon any type of detection of activity, we needed to conduct a lot of deep investigations in different platforms and in different logs until we could build the larger picture. Once we inserted Sweet Security in the runtime protection, we are able to actually see each and every request being made from the application level towards the infrastructure.
For example, there might be an API that gets a request, then ingests it into the backend and the backend processes it. We were able to see an API request being made and the exact method that it was infiltrated into the infrastructure. Previously, we were not able to correlate between an application layer event to an infrastructure layer event, but with Sweet Security, it's much easier. It reduces the time for an analyst to understand what's really happening. Any suspicion of an incident or something similar will not be a standalone. It will be part of a chain where you can see what happens from the application layer, then what it caused within the infrastructure layer.
What needs improvement?
Sweet Security has room for improvement in two areas. One is for robust integration with automations and playbooks. We have our internally developed platform that operates around security incident playbooks, so the connection between those two systems would be great.
The option to run specific playbooks through the Sweet Security platform would help us a lot, but these must be fully customizable. We prefer not to block the business from progressing unless we are fully sure that it is an incident. Most of the actions I would take would revolve around containment or notification on a specific platform and not via email or similar communications.
The second area is around the code perspective. I know it's just the start of a long journey that Sweet Security is going to go through to become a platform that also handles code, but I would expect options for a complete analysis and writing policies for infrastructure as code. The next great thing that Sweet Security can do is to turn toward IAC, how it is handled and enforced, to tackle potential breaches of policy before they really happen.
For how long have I used the solution?
We have been using Sweet Security for two years now.
What do I think about the stability of the solution?
I would rate the stability of Sweet Security as perfect. We have never had any issues with stability.
What do I think about the scalability of the solution?
Sweet Security is very scalable. We are a robust enterprise with thousands of assets in the cloud or tens of thousands. I would rate the scalability as exceptional.
How are customer service and support?
The technical support is exceptional. Sweet Security is amazing in that part. They are there immediately, providing us with the best technical people, solving any issue we had. Although we didn't have many issues, the few we had were resolved quickly, so I'm very satisfied.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
The first product we tried was GuardDuty. We had the EKS protection runtime. It was okay, but not more than that. I needed something more than just okay, because I wanted to know each and every event or everything that happens on the operational system we are running on, whether it's an EC2 with Linux or a Kubernetes environment.
The customization that Sweet Security brought was the option to not only cover all of the GuardDuty features but also create their own threat detection rules, and they allow us to create our own. Two years ago, I joked with them, saying that this is the next generation SIEM . The reason being that the old legacy SIEM solution is not really adjusted to the cloud environment.
If you have a solid CDR or runtime protection tool that also gives you options to write those rules and integrate business logic into the tool, it allows you to detect anything specific to your company.
During our examination of the product, we conducted a POC not just with Sweet Security, but also brought Defender for Cloud to run against Sweet Security. Our team created a testing platform with a few servers installed with Sweet Security and Defender on them. During red teaming tests, Sweet Security consistently won over GuardDuty and Defender for Cloud, confirming that this was the correct decision.
How was the initial setup?
The deployment was pretty easy. It's just a daemon set being installed on the Kubernetes level, which the team handled easily. The deployment itself can take minutes. We wanted to be sure that we did it correctly, so we deployed it in phases, which took a bit more than a few weeks.
What about the implementation team?
The integration aspect is really quick and easy. We didn't need any help; our engineers integrated it with AWS and GitHub swiftly. Each integration took just a few minutes.
What's my experience with pricing, setup cost, and licensing?
I'm not really into the specifics of the pricing, but as far as I know, it is cost-effective.
What other advice do I have?
I assess the effectiveness of the machine learning algorithms in reducing threat response time as pretty good. At first, when we started with Sweet Security, the first month or so was pretty noisy with lots of different alerts being raised, but that's understandable. However, as time passed, we don't see any false positives, which is amazing.
The machine learning works extremely well. We use the customizable dashboards and they are excellent in allowing us to create one dashboard for the CISO view. The CISO view is mainly for the CISO and the directors who are operating on the cloud, infrastructure and application security. They want to see things from a high-level, cross-company-wide perspective.
We have that dashboard, but we also created a dedicated dashboard per specific analyst team. We still don't really use the reporting tools much, unfortunately. This is our next step. The next step for us would be to connect the reporting mechanism with our internally developed system that knows how to take off those reports and then do whatever we need with them.
The threat detection capabilities influence our decision-making processes. Whenever we need to make a decision about what should be fixed first or what we should focus on, the team will first go to the threat detection page and learn about the system or the environment that we need to take a decision for.
On a day-to-day basis, around 10 users are logging into the platform. Overall, there might be around 30 or 40 people. The solution requires maintenance, but it is minimal. Once in a while, when Sweet Security releases a new agent, we need to conduct the installation ourselves, as we chose not to allow them to reinstall it remotely.
Overall rating: 10/10.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Reviewer302234
Real-time insights have reduced false positives and improved cross-team collaboration
Reviewed on Sep 16, 2025
Review from a verified AWS customer
What is our primary use case?
Our primary use case for using Sweet Security is to have more eyes and visibility to be able to catch things at runtime and not in a static way. I believe this offers more effective control.
What is most valuable?
I find the UX/UI to be comfortable. The insights that it brings us are related to the business logic of our company, which is important. If something is flagged as a critical alert, this indicates that it must be observed closely.
We have used the real-time monitoring feature of Sweet Security , and this specific solution has given us real detection that helps us find what is actually important against what is not important. It saves us a lot of investigation time that isn't required anymore. It's a very good product, I'm happy we have it. We looked into the CPU consumption and it's the lowest against the benchmark.
The time savings from Sweet Security have varied, but the impact has been significant. It has reduced the need for back-and-forth discussions between teams such as Security, DevOps, and R&D. It only flags the important and critical risks. It saves developers time from looking into fixes for false positives. We use the customizable dashboards in Sweet Security. These dashboards have helped in managing our security posture by presenting all the relevant information that the security team needs to see. The correlation between the information is very efficient. They made a lot of improvements to this over the last year. It's a lot better now than it was a year ago. The insights are good.
The reporting is very good because we can customize it to what we actually want to see.
The value of having real-time visibility in our cloud environment with Sweet Security changes everything because it differentiates between identifying and reacting to something that is not really a risk and something that is truly a risk that needs to be treated.
Sweet Security has had a big impact on mitigating risks and aiding development.
What needs improvement?
The main areas for improvement are related to how Sweet Security needs to be customized
We have weekly meetings with them to discuss any improvements. We asked for tailored company OKRs. a one-page report. This needs to be improved but it's not critical; it's a preference.
For how long have I used the solution?
We’re now in our second year of using Sweet Security.
What do I think about the stability of the solution?
I would rate the stability of Sweet Security a ten out of ten, though there was something a year ago that caused a production issue in my company, but they fixed it within an hour.
What do I think about the scalability of the solution?
I would rate the scalability of Sweet Security a ten because it is very scalable.
How are customer service and support?
I would rate the technical support that Sweet Security provides a ten out of ten. Their team is awesome.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
Sweet Security was part of my strategy to go with a runtime solution for all the advantages and effectiveness it offers.
How was the initial setup?
The deployment of Sweet Security was easy with no challenges. It was very quick.
The team that uses it is around 3-5 people.
What was our ROI?
Sweet Security has saved time, though I cannot estimate the percentage as it's very difficult to measure.
What's my experience with pricing, setup cost, and licensing?
I would describe the pricing of Sweet Security as fair, as it depends on the company they're working with. They're not cheap, but they're not as expensive compared to other companies. I also look at the ROI I save by removing other tools.
Which other solutions did I evaluate?
In comparing Sweet Security with other products or vendors in the market, Sweet Security is among the top two.
What other advice do I have?
The Sweet Security solution requires maintenance from our end, and we would prefer it to require less maintenance if possible.
I would recommend Sweet Security to other users based on all my previous responses, and because they succeeded in getting the biggest results during my POC.
On a scale of one to ten, I rate Sweet Security a nine.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Elior Duanis
Security updates and management become an effortless routine
Reviewed on Sep 04, 2025
Review from a verified AWS customer
What is our primary use case?
We use Sweet Security primarily for vulnerability management on all of our cloud assets, mainly AWS , but we also use it for SOC, with the SOC integration getting the events and responding to them.
What is most valuable?
The best feature of Sweet Security is that the events come in the form of stories, which are very informative, making it very clear what's going on.
The good sensor that can be installed on the servers themselves is an excellent feature.
The value we see from having real-time visibility into our cloud environment is significant. We actually came from a different tool that does almost the same, but it did not have some of the features that Sweet Security has, with the main uses being the SOC integration and addressing misconfigurations from the IT team.
The real-time monitoring feature is essential; it's a security tool that points out vulnerabilities, and once they point out the vulnerability, we address and fix it.
Sweet Security's reporting tools enhance our insights into potential vulnerabilities and threats as they serve as our eyes and ears inside AWS , telling us what we are doing wrong so we can fix it.
Sweet Security's threat detection capabilities influence our decision-making processes by providing alerts and allowing us to look at the dashboards and respond accordingly, even as a very small team consisting of just two people.
What needs improvement?
There is room for improvement. We have a very close relationship with Sweet Security and have a weekly meeting where we ask for new features, which they usually respond to very quickly, including the feature we requested for a Windows Server sensor, which they created and we are currently testing.
One area for improvement could be the alerts, as we have an issue with the alert time, the time it takes for the system to send the alert, but besides that, there is nothing special.
For how long have I used the solution?
I have been using Sweet Security for about a year, as we signed a contract about a year ago.
What do I think about the stability of the solution?
I would rate the stability at 10, at least for the last year.
What do I think about the scalability of the solution?
Sweet Security's scalability depends on what is considered scalability. For us, we don't need to scale it since it's all SaaS, but I can say it is very easily deployable.
How are customer service and support?
I would rate the vendor support an eight, as we have a very close relationship, allowing me to contact my account manager at Sweet Security anytime, and she gets the right people involved during our weekly meetings and ad hoc meetings, making the support very good.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
Previously, we used Ermetic , and we moved away from it due to their price increase.
How was the initial setup?
The migration from our previous tool to Sweet Security was not seamless but it was not that difficult.
What about the implementation team?
Sweet Security does not require any maintenance, as it is a completely SaaS solution where everything, including updates and dashboards, is done on their side, and the agents are also updated automatically.
What was our ROI?
Regarding return on investment, I cannot say how much time or resources Sweet Security has saved since we are a very small team, but I am guessing it saves some time because it's a good tool.
What's my experience with pricing, setup cost, and licensing?
I am not aware of the pricing details; that is a different department.
Which other solutions did I evaluate?
We evaluated other solutions before choosing Sweet Security, including big names like Wiz and Orca, but Sweet Security stood out for their amazing pricing and because they were much cheaper than Ermetic while providing approximately the same capabilities.
What other advice do I have?
I haven't used the customizable dashboards feature yet.
I cannot assess the effectiveness of the machine learning algorithms in reducing threat response time; I don't remember using a feature like that in Sweet Security.
Regarding how Sweet Security has helped me prioritize risks and threats more effectively, I don't know how to say if it helped or not, but it is definitely needed, as the tool is our eyes and ears with everything cloud-related.
We purchased Sweet Security through a direct purchase.
We are not a small company; we have 7,500 users, but our IT team is indeed very small with just two users of this product.
I would recommend Sweet Security to other users for the price and functionality.
I rate Sweet Security eight out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)