Sovereign cloud security
for the world's regulated economy.
Universal-inventory scanning across every AWS, Azure, and GCP resource type, mapped to 25 compliance frameworks — ISO 27001, SOC 2, PCI DSS, GDPR, NIS2, DORA, NESA, SAMA, and India BFSI. Read-only credentials, desktop-first, your scan data never leaves the laptop.
aws-production-mumbai
last scan · 14 sec ago · 1,247 resources
Critical
1
High
4
Medium
23
Compliance score
92%
Top findings
the evidence, not the testimonials
We're early — public customer references go up when each named customer's written permission lands. Until then, here's what you can verify yourself:
1,894+
native security checks
AWS · Azure · GCP · written natively, not adapted
25
compliance frameworks
ISO · SOC 2 · PCI · GDPR · NIS2 · DORA · 19 more
100%
scan data on your machine
SQLite-local · no SaaS multi-tenant boundary to trust
Read-only
cloud access
Never modifies infrastructure · auditable IAM trail
the principle
Your cloud is invisible until something moves through it. Abhra makes it visible.
The Sanskrit word अभ्र means cloud — the rain-bearing kind, in the Rigveda. The thing that carries what's invisible and reveals it as it moves.
That's what we built. A platform that walks through every corner of your AWS, Azure, and GCP, finds the risks that shouldn't be there, and maps them to the frameworks your auditor cares about — in a language the engineers who run the cloud actually speak.
built for
Platform engineers
who own the cloud they built, not the security team across the corridor.
Mid-market across regulated geos
priced out of Wiz / Lacework / Prisma — we bill in INR, USD, EUR, or AED.
Regulated industries
BFSI, healthtech, public sector — the regulators are real, and so is our compliance coverage.
Sovereignty-conscious teams
your scan data lives on your laptop, not in a vendor's SaaS cloud.
capabilities
Built for the depth of cloud security, priced for the rest of the world.
Agentless universal inventory
Every AWS, Azure, and GCP resource type — discovered via Cloud Control API, Resource Graph, and Cloud Asset Inventory. No agents on cloud workloads, no instrumentation, no sidecars. Read-only credentials are all we need.
25 compliance frameworks
ISO 27001, SOC 2 Type II, PCI DSS 4.0, GDPR, EU NIS2 + DORA, NESA UAE, SAMA Saudi, MAS TRM Singapore, HIPAA, plus India BFSI (SEBI, RBI, CERT-In, DPDPA). Cross-mapping shows which controls satisfy multiple frameworks at once.
IAM + network + storage
Identity over-privilege, exposed credentials, public storage, security-group sprawl, untracked attack paths. The graph of who-can-reach-what, visualized.
Ticketing where engineers work
Findings flow to Jira, ServiceNow, Azure DevOps, Linear, GitHub Issues, GitLab Issues, PagerDuty, Freshservice, custom REST, or email. Bidirectional sync coming. Triage the queue your team already lives in.
SIEM / SOAR integration
Stream every finding to Splunk, Microsoft Sentinel, Google Chronicle, Palo Alto XSOAR, Elastic, syslog, or any webhook. Critical-only routing, severity filters, and structured events your SOC can index.
Read-only by design
Abhra needs read access to inventory and scan. It never modifies your infrastructure. Your remediation, on your terms, on your timeline.
Desktop-first, sovereignty-aware
Runs on your laptop. SQLite-local data store. Scan history, evidence, and reports never touch a vendor cloud. No multi-tenant access boundary to trust.
Auditor-ready evidence
Every finding includes the check ID, framework citations, the resource it applies to, and a remediation runbook. PDF + Excel reports your compliance partner can hand to a regulator.
the honest comparison
Wiz, Prisma, Defender, Orca are all SaaS-only.
Those products are excellent at what they do — and what they do requires sending your cloud telemetry to their multi-tenant SaaS. For regulated buyers in BFSI, defence, public sector, and sovereignty-conscious EU operators under NIS2, DORA, or local data-residency law, that is a non-starter — or a long, expensive risk-review.
Abhra is the same category — agentless cloud security posture, universal inventory, deep compliance — built desktop-first and air-gappable from day one. Sovereignty is the architecture, not the marketing line.
compliance
25 frameworks. One platform.
Regional regulators get the same depth as SOC 2 or ISO 27001.
Most cloud-security platforms treat anything outside CIS / SOC 2 / PCI as a “regional add-on.” Abhra ships GDPR, NIS2, DORA, NESA, SAMA, MAS TRM, and India BFSI (SEBI / RBI / CERT-In / DPDPA) as first-class citizens — authored, cited, and mapped with the same depth as the global frameworks.
Global baseline
- ISO 27001:2022
- SOC 2 Type II
- PCI DSS 4.0
- HIPAA
- NIST CSF 2.0
EU + UK
- GDPR
- EU NIS2
- EU DORA
- UK Cyber Essentials+
- ISO 27018 PII
Middle East + APAC
- NESA UAE
- SAMA Saudi
- PDPL Saudi
- MAS TRM Singapore
- CMMC
Cloud-native + India
- CIS AWS / Azure / GCP
- AWS Well-Architected
- FedRAMP
- MITRE ATT&CK
- SEBI · RBI · CERT-In · DPDPA
architecture
Desktop-first. Your data never leaves your machine.
Abhra runs as a native desktop application — Windows, macOS, Linux. The scan happens on your hardware, against your cloud credentials, with results stored in a local SQLite database.
The cloud (this site) handles license issuance, validation, and updates. Your scan data, your findings, your evidence — never leaves the laptop. This isn't a marketing claim. It's the architecture.
- Read-only AWS / Azure / GCP credentials
- Scans run locally — never proxied through us
- SQLite-local storage with export to PDF/Excel
- Air-gap friendly for high-security environments
Independently verifiable
- Windows installer signed by CrownTrend India Private Limited (EV certificate)
- SHA-256 hashes published on every release page
- Reproducible Linux build pipeline
AWS
Azure
GCP
Abhra Desktop
Windows / macOS / Linux · runs on your machine
Abhra license server
License + updates only · no scan data
License key issuance + validation. Auto-update channel for new releases. No scan data, no findings, no resource inventory ever traverses this connection.
get started
Find your first risk in 15 minutes.
Download Abhra, connect your AWS / Azure / GCP credentials, and see your cloud the way a regulator sees it — but with the language and remediation that engineers can act on.