SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Multicloud soc analysts filtering aws azure gcp security alerts
#
DevOps
#
Hyperscale
#
Cloud Security

Astra unveils cloud scanner to cut misconfig alert noise

Mon, 12th Jan 2026
Author image
By Sofiah Nichole Salivio, News Editor

Astra Security has launched a Cloud Vulnerability Scanner that targets misconfigurations and vulnerabilities across Amazon Web Services, Microsoft Azure and Google Cloud.

The company said cloud environments change frequently as teams adjust identity and access settings, network rules and new deployments. It said quarterly scanning cycles do not match the pace of change. It also cited a claim that 73% of cloud breaches stem from misconfigurations rather than advanced exploits.

Astra said security teams often face large volumes of alerts from existing tools. It said teams then need to confirm which findings represent real risk.

Scanner approach

Astra said the new scanner gives a continuous view of cloud posture and validates the impact of findings through testing. It said the product identifies exploit paths and confirms whether reported weaknesses are exploitable.

Requestly said it has used the product. Requestly sits within BrowserStack's portfolio.

"What I love is the clarity. Other tools tell you a hundred things might be wrong," said Sagar Soni, CTO, Requestly. "Astra's cloud vulnerability scanner tells you the five things that actually matter and proves it. Our cloud security posture finally feels manageable."

Astra positioned the product as part of a shift towards more frequent validation of cloud security controls.

"Organisations need ongoing proof of security, not just periodic visibility," said Shikhil Sharma, Co-Founder and CEO, Astra Security. "Our Cloud Vulnerability Scanner provides a continuous validation process that confirms what needs attention and verifies that issues have been fixed."

Dynamic changes

Astra said it built the scanner after reviewing outcomes from thousands of penetration tests. It said high-impact cloud risks often start with routine configuration changes, permission drift and incremental adjustments that alter the attack surface. The company cited its own research and said cloud threats increased 1.8 times over the past year.

Astra said the Cloud Vulnerability Scanner includes more than 400 checks focused on cloud misconfigurations, permissions and policy drift. It also said the product runs more than 3,000 automated vulnerability tests mapped to OWASP Top 10 and SANS 25. It said the scanner uses an agentless setup based on read-only keys or APIs.

The company said it triggers reanalysis when it detects a cloud configuration change. It also said the product includes an "offensive-grade validation engine" that confirms whether a vulnerability is exploitable.

"Every result is validated through Astra's offensive testing engine," said Ananda Krishna, Co-Founder and CTO, Astra Security. "This approach helps teams focus their efforts on real, proven issues and verify each fix before audits."

Integrations

Astra said the scanner integrates with AWS, Azure and GCP through an agentless connection. It said the product connects to CI/CD pipelines and developer tools. It said this gives Security, DevOps and Compliance teams a unified view.

Astra also pointed to pricing. It said the product uses a predictable and transparent model and does not include scale-based fees. The company did not provide pricing figures.

Broader platform

The launch adds a cloud product to Astra's existing portfolio, which includes Dynamic Application Security Testing, an API Security Platform and continuous penetration testing services. Astra said it treats these products as a unified system across web, API and cloud environments.

Astra said it founded the business in 2018. It said it has performed more than 3,000 pentests and identified more than 2 million vulnerabilities. It said more than 1,000 organisations across 70 countries use its services, including Ford, Hitachi, CompTIA, Prime Healthcare and Loom.

The company also listed certifications including PCI ASV, CERT-In, CREST and ISO 27001. It said it has taken part in the French Government's Tech Ticket Programme and received recognition at the Global Cybersecurity Conference hosted by Prime Minister Narendra Modi.

Astra said the Cloud Vulnerability Scanner will sit alongside its other products and will connect into existing development workflows in AWS, Azure and GCP environments.

Related stories
Macquarie boosts loan to fund Sydney AI data centre
Datadog opens DASH 2026, spotlighting AI in production
Rubrik launches Agent Cloud to govern enterprise AI
12Port unveils AI session intelligence for PAM security
DryRun Security adds Andrew Peterson to drive AI shift

Top stories

Internal auditors fear AI fraud but lack readiness
Most enterprises unprepared for HPE’s virtualisation reset
Why Australian superannuation funds need to prioritise security for their customers with strong MFA
Milestone chooses Australia to launch 2026 MXD series
CrowdStrike Falcon now available via Microsoft Marketplace