Astra Security launches cloud vulnerability scanner for AWS, Azure, GCP

Security Brief Australia reports that Astra Security has launched a new cloud vulnerability scanner designed to continuously identify and validate exploitable misconfigurations across Amazon Web Services, Microsoft Azure, and Google Cloud, addressing the rapid pace of change in modern cloud environments.

The company highlights that traditional quarterly scanning cycles are inadequate, citing research indicating 73% of cloud breaches originate from misconfigurations rather than sophisticated exploits. Unlike tools that generate large volumes of unprioritized alerts, Astra’s scanner employs an "offensive-grade validation engine" that tests whether detected vulnerabilities are actually exploitable, aiming to direct teams to the most critical issues. Built from insights gained from thousands of penetration tests, the agentless scanner performs over 400 configuration checks and 3,000 automated vulnerability tests, reanalyzing environments upon detecting changes. Co-founder and CEO Shikhil Sharma emphasized the need for "ongoing proof of security, not just periodic visibility."

The product integrates with CI/CD pipelines and major cloud platforms, offering predictable pricing without scale-based fees, and expands Astra's unified security portfolio, which includes dynamic application security testing and API security platforms.