A proprietary cloud security posture and cloud identity attack-path engine, built by CVEasy. It reads AWS, Azure, and GCP from one place, scores every finding, and sits in the same CTEM app as your on-prem exposure.
One engine for cloud posture and cloud identity, built in-house and wired into the same platform that scores your on-prem exposure.
Configuration and posture analysis across storage, network, encryption, logging, and public exposure. Every finding is scored and ranked so the misconfiguration that actually matters rises to the top.
Maps roles, permissions, trust relationships, and privilege escalation routes. Shows how an over-permissioned identity chains into a path toward sensitive resources, before an attacker walks it.
Three providers, one console. No separate tool per cloud and no stitching results together by hand. Multi-cloud posture and identity read from a single view inside the CTEM app.
Every check maps to a CIS Benchmark control: 88 for AWS, 61 for Azure, 55 for GCP. A per-framework coverage rollup shows exactly where each cloud stands against the benchmark.
The engine runs against your own cloud accounts using read-only credentials. It inspects configuration and identity state, it never changes it. You grant read scope, nothing more.
This engine scans your cloud, it is not the app phoning home. Findings stay in your local CVEasy instance, so the core platform stays local-first while it reaches out read-only to the accounts you point it at.
204 CIS-tagged checks split across the three major clouds, each with its own compliance coverage rollup.
Each provider rolls up to a per-framework compliance coverage view. Scope covers CSPM and CIEM. Container image scanning and agent-based workload runtime are not part of this engine.
Point it at your accounts, and it reads posture and identity, scores what it finds, and hands proven paths to BASzy for validation.
Grant read-only access to your AWS, Azure, or GCP accounts. The engine authenticates and enumerates configuration and identity state.
Every posture and identity control runs against the accounts. Each result maps to its CIS Benchmark tag for the matching provider.
Findings are scored and reranked in the CTEM app alongside on-prem exposure, so cloud and network risk share one priority queue.
Identity attack paths feed BASzy validation to confirm which routes are actually reachable, separating real exposure from theory.
Teams buy Wiz for cloud posture and identity attack paths. CVEasy delivers that value with flat-rate pricing and one unified console.
Wiz is the incumbent for cloud posture and identity attack paths, and it does that job well. The critique is the model, not the people: per-asset cloud pricing and a console that lives apart from your on-prem program. CVEasy folds the same cloud posture and identity attack-path value into the CTEM app you already run, at flat-rate pricing.
Cloud and network exposure in one priority queue.
Proprietary CSPM and CIEM across AWS, Azure, and GCP. Read-only, local-first, and unified with on-prem exposure in one CTEM app.