What AWS services does Vigilare monitor?

Vigilare monitors 7+ AWS services: Billing (cost anomalies and usage spikes), IAM (policy drift, root account usage, missing MFA), GuardDuty (threat findings), SES (sending reputation), CloudTrail (suspicious API patterns), Service Quotas (limit utilisation), and Account Health (AWS notifications). Coverage is continuously expanded.

How does Vigilare access my AWS account?

Vigilare uses a read-only cross-account IAM role that you provision using our open-source Terraform module. The role grants only the minimum permissions required for monitoring — no write access, no credential storage, and no data leaves your account except what is needed to display findings in your dashboard.

How quickly will I be alerted?

Depending on your plan, Vigilare scans every 1, 5, or 15 minutes. Alerts are delivered in real time via email, Slack, or PagerDuty the moment a threshold is crossed. The typical end-to-end latency from event to alert is under 90 seconds.

Can I monitor multiple AWS accounts?

Yes. The Solo plan covers 1 account, Team supports up to 10, Agency up to 50, and Enterprise is unlimited. All accounts appear in a single dashboard with per-account risk scores and consolidated alert feeds.

Is my AWS data secure?

All data is encrypted at rest with AES-256 and in transit with TLS 1.2+. Vigilare's control plane runs on AWS infrastructure in dedicated, isolated tenants. We never store raw AWS credentials. The platform is SOC 2 Type II compliant and we provide reports on request for Enterprise customers.

Is there a free trial?

Yes — all paid plans include a 14-day free trial. No credit card is required to get started. You can connect your first AWS account and see findings within 5 minutes of signing up.

What happens if I exceed my account limit?

We'll notify you as you approach your account limit and give you the option to upgrade. We won't stop monitoring your existing accounts without notice.

Can I cancel at any time?

Yes. There are no long-term contracts. You can cancel your subscription at any time from the billing settings page. Your access continues until the end of the current billing period.

Do I Need a CSPM? A Decision Framework for Small Teams

Cloud Security Posture Management (CSPM) is one of the fastest-growing categories in cloud security. Vendors like Wiz, Prisma Cloud, Orca, and Lacework promise comprehensive cloud security — misconfiguration detection, vulnerability scanning, compliance mapping, and threat detection in a single platform. Enterprise pricing starts around $5,000/year and can reach $50,000+ depending on the number of cloud assets.

If you're a startup or a small team managing a few AWS accounts, the question isn't whether CSPM is useful — it is. The question is whether the value justifies the cost relative to your actual risk profile. This framework helps you decide.

What a CSPM Actually Does

At its core, a CSPM tool continuously scans your cloud environment for misconfigurations, compliance violations, and security risks. The typical feature set includes configuration scanning (finding S3 buckets that are public, security groups that are too permissive, encryption that's missing), compliance mapping (mapping your configuration against frameworks like CIS Benchmarks, SOC 2, PCI DSS, HIPAA), vulnerability detection (scanning compute workloads for known CVEs and software vulnerabilities), identity analysis (finding overly permissive IAM roles, unused permissions, cross-account trust chains), and attack path analysis (modeling how an attacker could chain multiple misconfigurations into a breach).

The Decision Framework

Answer these five questions. Count your "yes" answers.

1. Are you pursuing a compliance certification (SOC 2, PCI DSS, HIPAA, ISO 27001)?

If yes, a CSPM significantly reduces the manual effort of evidence collection and continuous control monitoring. Auditors accept CSPM reports as evidence, which simplifies the audit process. This is the strongest single reason to invest in a CSPM.

2. Do you operate across multiple cloud providers (AWS + Azure, AWS + GCP)?

If yes, a multi-cloud CSPM provides a unified view that AWS-native tools can't. AWS Config and Security Hub only cover AWS. If you need to assess security posture across clouds, a CSPM fills a real gap.

3. Do you manage more than 10 AWS accounts?

At scale, the operational complexity of native tool aggregation grows significantly. A CSPM with native multi-account support simplifies the aggregation, correlation, and prioritization that you'd otherwise build yourself.

4. Do you have a dedicated security team (or at least a security-focused engineer)?

CSPM tools generate a lot of findings. Without someone to triage, prioritize, and remediate, the findings accumulate into an ignored backlog. A CSPM is most valuable when someone is actively working through its outputs.

5. Do customers or partners require a specific CSPM as part of their vendor security assessment?

Some enterprise customers include CSPM as a requirement in their vendor security questionnaires. If losing a deal because you don't have a CSPM would cost more than the CSPM itself, the ROI is clear.

Interpreting Your Score

4-5 yes answers: A CSPM is probably worth the investment. The combination of compliance requirements, multi-cloud complexity, scale, and dedicated security resources makes a CSPM the most efficient tool for the job.

2-3 yes answers: Consider a CSPM, but evaluate whether a lighter-weight approach covers your needs first. You might be able to defer the investment for 6-12 months while using native tools and a supplementary monitoring layer.

0-1 yes answers: A traditional CSPM is almost certainly overkill. Your real risks — billing surprises, credential compromise, misconfiguration — can be covered more cost-effectively with native AWS tools and a purpose-built monitoring layer.

The Alternative for Small Teams

If you scored 0-2, here's the stack that provides CSPM-like coverage at a fraction of the cost:

AWS Config + Conformance Packs ($5-15/month) gives you configuration scanning and compliance mapping against CIS Benchmarks. GuardDuty ($10-30/month) gives you threat detection. IAM Access Analyzer (free) gives you identity analysis. Vigilare ($29/month) gives you the correlation, risk scoring, and account health monitoring that ties it all together.

Total: $44-74/month versus $400-4,000/month for a CSPM. You lose the attack path analysis, the multi-cloud support, and the compliance automation for complex frameworks. You keep the misconfiguration detection, threat awareness, and the account-level health visibility that actually prevents incidents for small teams.

When to Upgrade

Revisit the CSPM decision when you start a SOC 2 or similar compliance process, when you add a second cloud provider, when your AWS account count exceeds 10, or when you hire a dedicated security engineer who needs a primary tool. Until then, the lighter stack is more cost-effective and operationally simpler.

Protect your AWS accounts before it's too late

Vigilare monitors your AWS accounts for suspension risks — billing anomalies, IAM issues, GuardDuty findings, and more — and alerts you before AWS takes action.

See Vigilare pricing Talk to us about securing your AWS Browse documentation →

Written by Viktor B.

Co-founder & CEO