k9 Security Pricing
Secure IAM without breaking the bank
Free up your cloud security specialists and enable your entire team to understand and secure IAM quickly.
IAM security every security ❤️ing team can afford
Simple and predictable pricing that scales from your POC account to your whole organization. When and where you need it.
Usage-based Plan
Focused Platforms & Full Stack Teams(monitor 100 principals and resources in the account for only ~$7.50 per month!)
- • Show your teammates what you mean when you say “IAM is not in good shape” in less than an hour
- • Operationalize IAM access review with the k9 Security Katas
- • Scale IAM access monitoring with daily reports your whole team understands
- • Reports delivered to your Secure Inbox in Excel, CSV, Parquet, and JSON format
- • Support using k9 Security infrastructure code libraries
- • 🎉 Bonus: Pre-built k9 dashboards for Splunk & Datadog
- • 🎉 Bonus: AWS Identity Center Integration
- • Resource limits: 100 IAM users, 1000 IAM roles, 100 S3 buckets, 35 KMS keys, 50 RDS clusters, 50 DynamoDB tables, 35 EFS filesystems
View More Usage-based Plan Features
- Prove your cloud deployments are secure to Security & Compliance
- Support on-boarding and analyzing IAM reports with the Katas
- Purchase via credit card
- Deploy with CloudFormation in less than an hour
- 🎉 Bonus: Level-up your team with the Effective IAM book & masterclass
Trusted by people who know security.
IAM is hard. As a founder, k9 helps me to stick to the least privilege principle for my product and alerts me of any drift or overprivileged assets. As an AWS Security Consultant, it gives me deep insights into my customer environments and current IAM security posture. Try k9 and see how it can help your team scale IAM in your organization.
Audit your first account in under an hour.
Tired of wasting time trying to evaluate policies on your own? With k9 as your security companion, you’ll complete your first (and every other) audit with no faffing about. And your whole team will be empowered with the tools and information to understand and remediate effective access.
Save Time
Quickly identify and fix what actually matters for security and identity audits with proven processes: the k9 Katas.
Save Money
Actually secure your environment for less than you’d probably spend demo’ing an ‘Enterprise Security Solution’.
Scale Confidently
Enable your whole team with monitoring, policy generators, and processes to clean up their app permissions and keep them clean.
Still not sure if k9 is perfect for your cloud team?
See how k9 can help you simplify and scale security in a private demo
* If you use k9 and its processes for one month and aren’t able to find critical problems and craft a plan to fix them with our help, we’ll refund your money and donate $250 to the Electronic Frontier Foundation.
You will receive:
One hour of free Cloud Security advisory
Detailed IAM improvement plan outline
Free Copy of the Effective IAM for AWS ebook
Q: Where does my bill go?
… and other frequently asked questions
A: When purchased through Stripe, the monitoring subscription fees are billed to the subscriber’s credit card. When purchased through AWS Marketplace, the monitoring subscription fees are billed to the AWS account in which you subscribe to the product. You pay AWS, then AWS pays us. Enterprise customers are issued an additional invoice to their regular Accounts Payable process.
Is this just another pane of glass?
No, k9 is not just another pane of glass. k9 security makes your existing analysis and alerting systems better by telling you who has access to APIs and critical AWS data in a way that is simple for people to understand and designed to be joined to your existing data sources and analysis workflows (Splunk, Datadog, Athena / QuickSight, etc.)
What is a CIEM?
According to Gartner: “Cloud infrastructure entitlement management (CIEM) offerings are specialized identity-centric SaaS solutions focused on managing cloud access risk via administration-time controls for the governance of entitlements in hybrid and multi-cloud IaaS. They typically use analytics, machine learning (ML), and other methods to detect anomalies in account entitlements, like accumulation of privileges, dormant and unnecessary entitlements. CIEM ideally provides remediation and enforcement of least privilege approaches.”
The goal of our CIEM is to give customers better visibility of current policies, alert them when access has changed and provide engineers with the necessay resources to continuously deliver effective, least-privilege policies.
How does k9 differ from other CIEM solutions?
- eliminate or greatly reduce load/reliance on Cloud Security specialists
- reduce the cost of Security and risk of breaches
Are k9 Security's infrastructure code libraries free?
Yes. The k9 Security infrastructure code libraries are provided free of charge according to the Apache 2.0 license. You may use them in accordance with that license. If you have any questions or need to make another arrangement, please contact [email protected]
Does k9 Security help organizations without deep expertise in AWS security tools and services?
Yes! k9 Security is absolutely designed for organizations without deep expertise in AWS security and for organizations that need to simplify and scale out their security program.
How do I cancel monitoring for an account?
Customers can cancel monitoring of a monitored AWS account at any time by removing the k9-auditor CloudFormation stack in that account. If you want to cancel the entire subscription, you can cancel:
• a Stripe subscription via the k9 Security web application
• an AWS Marketplace subscription via the AWS Marketplace console in the account that you subscribed to k9 in (happy to help)
Does k9 analyze access to IAM roles across accounts?
Yes. k9 analyzes and reports external access across accounts to IAM roles in your AWS account. AWS Access Analyzer must be enabled in the monitored account (free).
k9 also reports internal access to IAM roles by other IAM users and roles within the account.
Does k9 suggest improvements to existing policies? For example, AWS CloudTrail and AWS Access Analyzer helps organizations understand what AWS APIs principals are using.
k9 advocates application and cloud teams declaring a minimal set of intended access capabilities using the k9 infrastructure code libraries. Then the library can generate minimized policies for engineers.
Can we use k9’s infrastructure code libraries independently of the SaaS monitoring service?
Yes! The k9 Terraform and CDK infrastructure code libraries are free to use and licensed as Apache2. k9 assists customer adoption of our infra code libraries, and the benefit of many years of experience helping teams migrate to and operate in AWS securely, including major banking operations.
k9 analysis services are delivered as a SaaS and procured via AWS marketplace so that you can easily add monitoring for AWS accounts as you need it – one at a time or the entire org. Add Enterprise professional services to a SaaS subscription to accelerate security architecture, policy development, or overhauling the security policies for an entire account.
How does k9 help Enterprises using on-premise identities and security policies managed via SSO?
k9 helps Enterprises access review for identities managed outside of AWS by simplifying several common jobs:
- Identify privileged principals easily for monitoring and alerting
- Identify unused principals for cleanup by identifying when it was last used (across console, api key, assume role)
- Report access in a form that can be joined with logs from your Identity Provider or Cloudtrail in your existing SIEM to show, e.g. what access ActiveDirectory users/groups have – happy to work with you on this.
- Identify who has access to critical or confidential data
Ready To Take Control Of AWS IAM?
Stop settling for poor security posture. Join the forward-thinking cloud teams who are harnessing the power of AWS IAM at scale.