Security in a multi-account environment

To improve security posture across a multi-account environment, organizations need to implement controls such as vulnerability assessment, firewalls, and intrusion prevention. AWS Marketplace offers integrated software solutions for AWS Control Tower that help organizations secure diverse workloads and provide broader visibility into assets, events and vulnerabilities.

These are just a few examples of security in a multi-account environment solutions. Scroll down or use the drop-down menu to learn more about each solution.

Choose a solution
  • Choose a solution
  • Alert Logic
  • Aqua Security
  • BigID
  • CloudKnox
  • CrowdStrike
  • Ermetic
  • Lacework
  • Netskope
  • Palo Alto Networks
  • Snyk
  • Sonrai Security
  • Tenable
  • Trend Micro

Alert Logic

Alert Logic Managed Detection and Response (MDR) is always on, providing protection across your entire organization and delivering unrivaled security through five key elements: intelligence driven by data and humans, a scalable MDR platform, security experts named to your account, security insights at your fingertips, and protection tailored to each asset in your environment.

Alert Logic MDR (US) features include:

  • A named MDR concierge with 24/7 threat management and a 15-minute escalation SLA
  • Real-time reporting, intrusion detection, and user behavior anomaly detection
  • Hybrid asset and risk discovery
  • Essential compliance coverage
  • Vulnerability scanning and Endpoint protection
  • Cloud configuration assessment

How it works

Additional resources from Alert Logic


ClubCorp is the largest owner and operator of private clubs nationwide with 200+ country clubs, city clubs, athletic clubs, and stadium clubs. The company has adopted a multi-cloud, hybrid environment in relentless pursuit of the ultimate member experience. With constant growth, a constantly changing IT footprint, and an urgent need to keep member data secure, ClubCorp turned to Alert Logic. With Alert Logic MDR, the company has mitigated security concerns saving both time and resources.

quotes icon

We needed an environment that was going to be secure, stable and scalable. We’ve had that with AWS and Alert Logic.

Zach Vinduska, Vice President, Infrastructure, Security & Compliance, ClubCorp

Aqua Security

Aqua Wave provides a SaaS-based, cloud security posture management (CSPM) solution for AWS Control Tower. Aqua CSPM continually audits your cloud accounts for security risks and misconfigurations. This is performed across hundreds of configuration settings and compliance best practices, enabling consistent, unified multi-account security. It also provides self-securing capabilities to help ensure your cloud accounts do not drift out of compliance by leveraging a policy-driven approach. 

Aqua CSPM features include:

  • Continuous auditing of hundreds of settings for infrastructure risks and misconfigurations
  • Enterprise-ready scale supports hundreds of cloud accounts and integrates with AWS Control Tower
  • Scan AWS CloudFormation templates (Infrastructure-as-code) for weaknesses
  • Self-securing with detailed and actionable advice or automatic remediation

How it works

Additional resources provided by Aqua Security


BigID is a modern data intelligence platform for data privacy, security, and governance - built on a foundation of Machine Learning (ML)-based data discovery. Customers deploy BigID to proactively discover, manage, protect, and get more value from their regulated, sensitive, and personal data across their data landscape. With BigID, organizations can get deep insight into any data in the data center or cloud, at rest or in motion. Organizations can leverage BigID’s first-of-its-kind application and API framework to action their data in privacy, security or data governance.

BigID features include:

  • Automated discovery, cataloging, and classification of all structured and unstructured data
  • Identification of sensitive, personal, regulated, critical, and duplicate data identification
  • Privacy requirement management (with privacy portal), automated data rights fulfillment, consent governance, preference management, and data mapping
  • Transformed data security with access intelligence, data remediation, data deletion, labelling, and risk analysis
  • Reimagined data governance with data quality, data stewardship, data retention, and metadata exchange and enrichment

How it works

Additional resources provided by BigID


CloudKnox is an entitlements management platform that uses a patented activity-based authorization protocol to protect enterprises from machine and human identities with excessive high-risk permissions. CloudKnox works across your AWS accounts to support continuous, adaptable risk-based decision making, alerting organizations of unexpected and excessive risk caused by privilege misuse. 

CloudKnox Cloud Security Platform features include:

  • Comprehensive visibility and automatic remediation of all over-permissioned identity and resources including cross account access
  • Deliver Permissions-on-Demand which are time and resource bound
  • Detect, alert, and remediate infrastructure anomalies
  • Monitor and remediate cloud resources for configuration violations through custom alerts and automated reports
  • Measure compliance against regulatory frameworks - CIS, NIST, PCI and custom policies

How it works

Additional resources provided by CloudKnox


Guidewire needed a tool to automate permissions management and monitor priority access
across the enterprise. Adopting CloudKnox eliminated the need to use scripts and spreadsheets to track identify access and clean up unused account permissions, saving hours of work. As a result, Guidewire can now aggregate and gather all the data it needs to achieve the goal of least privilege in just minutes. 

quotes icon

CloudKnox provided insight into identities where full administrator access was granted and gave guidance to help account administrators proceed in the path of least privilege access. CloudKnox also provided an easy means to create and deploy these new more restricted policies reducing workload and saving significant time.

Jay Brothers, Identify and Access Engineer, Guidewire


Crowdstrike Falcon Endpoint Protection uses advanced artificial intelligence (AI), machine learning, behavioral protection, kernel level visibility and proactive threat hunting to identify potential attacks in real-time. For organizations who are adopting or migrating to cloud workloads, CrowdStrike Falcon Endpoint Protection provides comprehensive visibility and breach protection allowing customers to rapidly adopt and secure technology across any workload.

CrowdStrike Falcon Endpoint Protection Premium features include:

Workload Discovery: Automatically discover all existing cloud workload and containers deployments to get full visibility into the scope and nature of your cloud footprint

Observability: Improve cloud hygiene with real-time information about workloads and containers, including metadata on configurations, networking and security.

Runtime Protection: Protect against malware and sophisticated attacks for Amazon EC2 instances running Linux

EDR for Cloud Workloads: EDR for cloud workloads and containers helps prevent silent failure by capturing raw events for complete event monitoring and visibility

API-Led Integrations: Seamlessly integrate with DevOps and CI/CD pipelines and leverage AWS Cloud Formation, Terraform, Ansible, Chef, Puppet, etc

How it works

Additional resources from CrowdStrike

Oak Hill Advisors

Oak Hill Advisors relies on CrowdStrike for in-context visibility and streaming protection of their cloud workloads. CrowdStrike has become integral to both managing and updating the tools Oak Hill offers its customers as well as growing and innovating the firm’s technological footprint. A comprehensive overview of AWS accounts, VPCs, security groups, and EC2 instances helps their security team operate with their cloud-first strategy.

quotes icon

One security challenge of the cloud is that your systems cannot sit behind a perimeter. Another challenge is the dynamism of the infrastructure. We introduce changes daily, which in the past was not the case. And even if it were, because we were behind a firewall it took more time to discover and mitigate security issues. In the cloud, your vulnerability can be exposed within minutes or seconds. That’s where CrowdStrike is truly valuable for us. Our security team can continue to work on what they need to work on.

Sajawal Haider, Chief Information and Security Officer, Oak Hill Advisors


Ermetic is an identity-first, cloud infrastructure security, Software-as-a-Service (SaaS) solution for detecting, prioritizing, and remediating risky entitlements and misconfigurations at scale. Enterprises use Ermetic to enforce full-stack least privilege access for all cloud identities and manage security posture without impact to application continuity or speed to market.

The Ermetic platform features include:

  • Full asset inventory with deep, contextual visibility
  • Permission risk assessment and prioritization across identities, configurations, network, and data
  • Automated and tailored remediation with actual-use policy suggestions
  • Anomaly and threat detection using continuous risk analysis
  • Compliance and access governance (CIS, GDPR, HIPAA, PCI, SOC2, etc.)

How it works

Additional resources provided by Ermetic

Latch sought more visibility into their AWS identities and to minimize access permissions without disrupting work. Latch selected Ermetic to help improve their security posture by detecting and reducing permissions risk and shifting left on least privilege. This resulted in hours saved managing IAM, rapid operationalization, headcount savings of 3-4 risk analysts, and automated least privilege AWS roles and policies.
quotes icon

Ermetic allows us to generate a role, or a policy tied to a service that's based on exactly what that service needs – and no more than that. You're able to rapidly operationalize this tool in ways that I didn't expect.

Dom Zanardi, Software Engineer, Security Automation, Latch


Lacework is a threat detection, compliance, and automated cloud security monitoring platform that automatically identifies and resolves anomalous changes and discovers cloud compliance issues. It’s embedded security enables continuous security, automation, and faster builds. Using Lacework, DevSecOps teams gain deep visibility into security issues and increase development speed.
Lacework features include:
  • Complementary security and configuration support for workloads and accounts running in Amazon Web Services (AWS)
  • Deep visibility and alerts across cloud accounts, workloads, containers, and Kubernetes
  • One-click investigation of events
  • Polygraph-created visual and searchable temporal baseline monitoring entire infrastructure

How it works

Additional resources provided by Lacework

Snowflake required a faster way to enable third-party penetration testers to simulate threats against the Snowflake system in order to detect gaps and vulnerabilities. The company turned to Lacework to identify and trace the patterns of the penetration testing, expose vulnerabilities and gaps, and prevent further threats. In addition, Lacework’s forensic capabilities outperformed any previous tools that Snowflake had tried. This resulted in full end-to-end visibility across Snowflake’s environment, reduced configuration and analysis of events and alerts from 3 hours daily to 15 minutes., and detected security incidents within minutes.
quotes icon

"...nothing short of revolutionary. It’s making a change in how security teams are thinking about their environment and what they’re doing on a daily basis."

–Mario Duarte, Director of Security, Snowflake


The Netskope Security Cloud provides unrivaled visibility and real-time data and threat protection when accessing cloud services, websites, and private apps from anywhere, on any device. Netskope understands the cloud and takes a data-centric approach that empowers security teams with the right balance of protection and speed they need to secure their digital transformation journey.
Netskope Security Cloud features include:
  • Inline data and threat protection for cloud services, apps, and web access
  • Zero-trust network access to private apps and resources
  • Cloud access security for managed cloud services and apps
  • Cloud and SaaS security posture management for audit checks and compliance
  • Cloud infrastructure storage scans with data and threat protection
  • Instance awareness between company and personal accounts to detect insiders and unapproved data flows

How it works

Additional resources provided by Netskope


Cloudrise had limited visibility into what cloud apps were being used organization-wide and by whom. Security teams were manually checking configurations and causing production delays. Netskope provided a public cloud infrastructure security solution with the required visibility and control for their multi-cloud environment. The benefits include securing services faster in their cloud environment, while meeting industry compliance and internal standards.
quotes icon

"At Cloudrise, we deliver seamless and integrated data protection services around AWS cloud services by leveraging Netskope’s security cloud solutions to provide unrivalled visibility and real-time data and threat protection. We understand the importance of securing data in the cloud and our customers realize it too."

–Rob Eggebrecht, CEO, Cloudrise

Palo Alto Networks

Prisma Cloud provides cloud security posture management (CSPM) and cloud workload protection (CWP) as a single pane of glass for comprehensive visibility and control. Securely provision automated account registrations, continuous governance, and enterprise-wide management of multiple AWS accounts in just a few clicks. Prisma Cloud also extends cloud automation to integrated Lambda serverless remediation and manages it through a common policy and governance framework.

Prisma Cloud features include:

  • CSPM to monitor posture, detect and respond to threats, and maintain compliance
  • CWP to secure hosts, containers, and serverless across the application cycle
  • Cloud network security to gain network visibility, enforce microsegmentation, and secure trust boundaries
  • Cloud infrastructure entitlement management to enforce permissions and secure identities across workloads
  • Full lifecycle and multi-account security for any cloud native workload or application

How it works

Additional resources provided by Palo Alto Networks


After switching to AWS, 3-GIS needed a SecOps solution to manage security, compliance, and visibility, while their company scaled. By integrating with Prisma Cloud, 3-GIS was able to spin up an account in 10 minutes and adopt a “set it and forget it” approach. This allowed a single employee to manage everything, saving valuable time and resources.

quotes icon

AWS gives us the ability to compute and run our application, and Prisma Cloud by Palo Alto Networks helps us make it more secure. AWS grew to about a third of our business—but we still had only one person running everything with Prisma Cloud.

Damion Harrylal, Solutions Engineer, 3-GIS


Snyk Container is a security solution designed to help developers find and fix vulnerabilities in cloud native applications. Snyk’s seamless integration into the developer workflow, with continuous monitoring of applications in production, empowers developers to continue to release fast, while helping to ensure secure code.
Snyk Container features include:
  • Continuous monitoring and automated remediation
  • Vulnerability matching to Dockerfile commands
  • Vulnerability scanning, assessment, and risk management
  • Comprehensive alerts and notification settings
  • Asset discovery and tagging
  • Real-time analytics and dashboard

How it works

Additional resources provided by Snyk

Sonrai Security

Sonrai Dig is an identity and data governance platform built for cloud and container environments, providing complete visibility inside your organization. It continuously identifies and monitors every trust relationship, inherited permission, and policy across all multi-account AWS environments. Sonrai Dig’s Governance Automation Engine automates workflow, remediation, and prevention capabilities across cloud and security teams to ensure end-to-end security.

Sonrai Dig - Identity and Data Governance Platform features include:

  • Auto-remediation of all identity, data, and network risks in your AWS environment
  • Continuous access monitoring finds, classifies, and minimizes access to all critical data in structured and unstructured stores
  • Over 1000 control policies and 30 frameworks spanning data, identity, cloud-platform, and container compliance regulations
  • Machine learning and graph analytics automate identifying, classifying, and prioritizing risks for responsible teams and individuals

How it works

Additional resources provided by Sonrai Security

World Fuel Services

World Fuel Services needed to consolidate its data centers to optimize costs and deliver energy
solutions more seamlessly. After deciding to migrate its legacy systems to AWS, the company adopted Sonrai Dig to maximize efficiency, increase security, and reduce risk across its enterprise. With Sonrai Dig, World Fuel Services has closed 20 of its 22 data centers while providing security controls for 200+ AWS accounts and over 6500 AWS roles.

quotes icon

Security is absolutely foundational for any large scale migration to the public cloud. Sonrai Dig on AWS is central to the World Fuel Services cloud security operating model. The elimination of identity and data risks, automation, and continuous monitoring has transformed our cloud security operations, and helped accelerate our cloud migration.

Richard Delisser, Senior Vice President, World Fuel Services


Vulnerability Management for Modern IT, provides the most accurate information about assets and vulnerabilities in your IT environment. Available as a cloud-delivered solution, features the broadest vulnerability coverage, intuitive dashboard visualizations for rapid analysis, and seamless integrations that help you maximize efficiency and increase effectiveness. features include:

  • Comprehensive assessment
  • Predictive prioritization
  • Dynamic asset tracking
  • Passive network monitoring
  • Automated cloud visibility
  • Pre-built integrations and flexible API

How it works

Additional resources from Tenable

Trend Micro

Trend Micro Cloud One™ - Workload Security is purpose-built for server, cloud, and container environments, providing visibility across your entire hybrid cloud. Automatically protect against vulnerabilities, malware, and unauthorized changes with a wide range of powerful and intelligent capabilities. Workload Security automatically integrates with the DevOps toolchain and includes a rich set of REST APIs, which facilitate deployment, policy management, health checks, and compliance reporting.

Trend Micro Cloud One – Workload Security features include:

  • Intrusion prevention, anti-malware, machine learning, behavioral analysis, application control, integrity monitoring, web reputation, firewall, and log inspection
  • Security policy automation as you migrate or create new workloads
  • Multi-platform application control to detect and block unauthorized software execution
  • API-first, developer-friendly tools to help you integrate security controls into DevOps processes
  • Integration for leading SIEM, security management, orchestration, monitoring, pipeline, and IT service management tools

How it works

Additional resources from Trend Micro Cloud One - Workload Security


Blackbaud is the world's leading cloud software company powering social good. Serving the entire social good community—nonprofits, foundations, companies, education institutions, healthcare organizations and individual change agents—Blackbaud connects and empowers organizations to increase their impact through cloud software, services, expertise, and data intelligence.

quotes icon
We compared solutions between several companies, and Trend Micro was the most complete solution. Trend Micro Cloud One - Workload Security checked all the boxes across cybersecurity and DevOps.
      Mario Mendoza, Team Lead, Cyber Security Architecture and Engagement, Blackbaud