CloudShield HQ
Simple, Transparent Pricing

See your cloud security posture. For free.

Start with a free security snapshot. Upgrade when you need AI-powered remediation, compliance reports, and continuous monitoring.

Free
Security Snapshot
$0 forever

Includes 14-day Pro trial

  • 1 AWS account connected
  • 2 scans/month on-demand
  • SecurityHub + Config findings
  • Up to 50 findings displayed
  • Security posture score
  • Full interactive dashboard
  • 10 AI calls/month — finding explanations
  • 7-day data retention
  • No AI remediation IaC snippets
  • No PDF compliance reports
Best Value
Pro
Full Assessment + AI Remediation
$49 /account/month

$39/mo billed annually — save 20%

Everything in Free, plus:

  • Up to 5 cloud accounts (AWS, Azure, GCP)
  • Daily automated scans + unlimited on-demand
  • All native tools — SecurityHub, Config, GuardDuty, Access Analyzer, Inspector
  • Unlimited findings
  • 100 AI calls/month — explanations, impact analysis, root cause
  • AI-generated IaC fixes — Terraform, CloudFormation, Bicep
  • PDF compliance reports — CIS, SOC 2, ISO 27001, HIPAA, PCI DSS
  • 30-day trend history + posture tracking
  • Email alerts for Critical/High findings
  • 30-day data retention (encrypted)
Security Audit
Expert-reviewed assessment
$997 one-time

Delivered within 48 hours

A complete security audit, including:

  • 1 cloud account — comprehensive scan of all native tools
  • 20-30 page PDF report — findings, posture score, compliance mapping
  • AI remediation for top 10 critical/high findings with IaC fix snippets
  • Prioritized action plan — “fix these 5 things first”
  • 30-minute expert walkthrough with a senior security architect (20+ years experience)
  • CIS, SOC 2, HIPAA, PCI DSS compliance mapping
  • No data retained after delivery — you get the report, we delete everything
Need more?
For organizations with 10+ cloud accounts, regulated industries requiring data sovereignty, or teams that want managed security with expert guidance — we have Enterprise and Dedicated options.

How Native Tool Scanning Works

We don't run our own scanner. We enable and read from your cloud provider's own security tools — so every finding is authoritative and auditor-trusted.

1

Connect Your Account

Deploy our read-only CloudFormation template. Takes 2 minutes. We get read access only — we never write to your cloud.

2

Native Tools Scan

We read findings from AWS SecurityHub, Config, GuardDuty, Access Analyzer, and Inspector. These are AWS's own security assessments.

3

AI-Powered Insights

Our AI explains each finding, analyzes impact, and generates ready-to-use Terraform/CloudFormation fixes.

What About Native Tool Costs?

CloudShield enables AWS native security tools in your account. These tools have their own (small) costs billed directly by AWS — not by us.

AWS Security Hub~$5-15/month
AWS Config~$5-20/month
Amazon GuardDuty~$3-10/month
IAM Access AnalyzerFree
Typical total$13-45/month

If these services are already enabled in your account, there's no additional cost. CloudShield simply reads from them.

Frequently Asked Questions

What do I get with the free tier?

A full interactive dashboard showing your security posture score, up to 50 findings from SecurityHub and Config, and 10 AI-powered finding explanations per month. Your data is retained for 7 days. You also get a 14-day Pro trial on signup to experience the full platform — including AI remediation and PDF reports — before deciding to upgrade.

How is this different from Prowler?

Prowler runs its own 500+ security checks — essentially a third-party scanner. CloudShield reads from your cloud provider's native security tools (AWS SecurityHub, Config, GuardDuty). This means every finding is authoritative and already trusted by auditors. We add an AI layer on top that explains findings, analyzes impact, and generates IaC fixes. Plus, we include AI at every tier — Prowler requires you to bring your own OpenAI/Bedrock keys at their starter price.

Do you access or modify my cloud resources?

Never. CloudShield uses a read-only IAM role with the SecurityAudit and ViewOnlyAccess managed policies. We can see your security findings but cannot create, modify, or delete any resources. You can revoke access anytime by deleting the IAM role.

What cloud providers do you support?

AWS is fully supported at launch with native integration for SecurityHub, Config, GuardDuty, Access Analyzer, and Inspector. Azure (Defender for Cloud) and GCP (Security Command Center) support is coming soon.

What happens to my data?

We store only masked finding summaries — never raw resource data. Sensitive fields like account IDs and resource names are masked in our systems. Free tier data is retained for 7 days, Pro for 30 days, then automatically deleted. For the Security Audit, we delete everything after delivering your report. Need longer retention or data sovereignty? Ask us about Enterprise and Dedicated options.

Can I cancel anytime?

Yes. Monthly Pro subscriptions can be cancelled anytime — no penalties, no lock-in. You keep access until the end of your billing period. Annual plans can be cancelled at renewal.

Who does the Security Audit walkthrough?

Your 30-minute walkthrough is with a senior security architect with 20+ years of experience in cloud security, financial services, and compliance. You'll get actionable priorities — not generic advice.

Ready to see your cloud security posture?

Start free. No credit card required. See your posture score in 5 minutes.