Skip to main content
built by CrownTrend

Sovereign cloud security
for the world's regulated economy.

Universal-inventory scanning across every AWS, Azure, and GCP resource type, mapped to 25 compliance frameworks — ISO 27001, SOC 2, PCI DSS, GDPR, NIS2, DORA, NESA, SAMA, and India BFSI. Read-only credentials, desktop-first, your scan data never leaves the laptop.

Agentless · no install on cloud
Runs on your laptop
Read-only access
Data stays on-prem
AWS · Azure · GCP

aws-production-mumbai

last scan · 14 sec ago · 1,247 resources

Critical

1

High

4

Medium

23

Compliance score

92%

Top findings

CIAM-014Root account access keys present
HS3-022Public-read S3 bucket with PII tag
HEC2-007Security group allows 0.0.0.0/0 on SSH

the evidence, not the testimonials

We're early — public customer references go up when each named customer's written permission lands. Until then, here's what you can verify yourself:

1,894+

native security checks

AWS · Azure · GCP · written natively, not adapted

25

compliance frameworks

ISO · SOC 2 · PCI · GDPR · NIS2 · DORA · 19 more

100%

scan data on your machine

SQLite-local · no SaaS multi-tenant boundary to trust

Read-only

cloud access

Never modifies infrastructure · auditable IAM trail

Windows installer signed by CrownTrend India Private Limited (EV)SHA-256 hashes published on every releaseReproducible Linux builds

the principle

Your cloud is invisible until something moves through it. Abhra makes it visible.

The Sanskrit word अभ्र means cloud — the rain-bearing kind, in the Rigveda. The thing that carries what's invisible and reveals it as it moves.

That's what we built. A platform that walks through every corner of your AWS, Azure, and GCP, finds the risks that shouldn't be there, and maps them to the frameworks your auditor cares about — in a language the engineers who run the cloud actually speak.

built for

  • Platform engineers

    who own the cloud they built, not the security team across the corridor.

  • Mid-market across regulated geos

    priced out of Wiz / Lacework / Prisma — we bill in INR, USD, EUR, or AED.

  • Regulated industries

    BFSI, healthtech, public sector — the regulators are real, and so is our compliance coverage.

  • Sovereignty-conscious teams

    your scan data lives on your laptop, not in a vendor's SaaS cloud.

capabilities

Built for the depth of cloud security, priced for the rest of the world.

Agentless universal inventory

Every AWS, Azure, and GCP resource type — discovered via Cloud Control API, Resource Graph, and Cloud Asset Inventory. No agents on cloud workloads, no instrumentation, no sidecars. Read-only credentials are all we need.

25 compliance frameworks

ISO 27001, SOC 2 Type II, PCI DSS 4.0, GDPR, EU NIS2 + DORA, NESA UAE, SAMA Saudi, MAS TRM Singapore, HIPAA, plus India BFSI (SEBI, RBI, CERT-In, DPDPA). Cross-mapping shows which controls satisfy multiple frameworks at once.

IAM + network + storage

Identity over-privilege, exposed credentials, public storage, security-group sprawl, untracked attack paths. The graph of who-can-reach-what, visualized.

Ticketing where engineers work

Findings flow to Jira, ServiceNow, Azure DevOps, Linear, GitHub Issues, GitLab Issues, PagerDuty, Freshservice, custom REST, or email. Bidirectional sync coming. Triage the queue your team already lives in.

SIEM / SOAR integration

Stream every finding to Splunk, Microsoft Sentinel, Google Chronicle, Palo Alto XSOAR, Elastic, syslog, or any webhook. Critical-only routing, severity filters, and structured events your SOC can index.

Read-only by design

Abhra needs read access to inventory and scan. It never modifies your infrastructure. Your remediation, on your terms, on your timeline.

Desktop-first, sovereignty-aware

Runs on your laptop. SQLite-local data store. Scan history, evidence, and reports never touch a vendor cloud. No multi-tenant access boundary to trust.

Auditor-ready evidence

Every finding includes the check ID, framework citations, the resource it applies to, and a remediation runbook. PDF + Excel reports your compliance partner can hand to a regulator.

the honest comparison

Wiz, Prisma, Defender, Orca are all SaaS-only.

Those products are excellent at what they do — and what they do requires sending your cloud telemetry to their multi-tenant SaaS. For regulated buyers in BFSI, defence, public sector, and sovereignty-conscious EU operators under NIS2, DORA, or local data-residency law, that is a non-starter — or a long, expensive risk-review.

Abhra is the same category — agentless cloud security posture, universal inventory, deep compliance — built desktop-first and air-gappable from day one. Sovereignty is the architecture, not the marketing line.

On-prem license server·Air-gapped install·USD / EUR / INR / AED billing·Founder-led sales

compliance

25 frameworks. One platform.
Regional regulators get the same depth as SOC 2 or ISO 27001.

Most cloud-security platforms treat anything outside CIS / SOC 2 / PCI as a “regional add-on.” Abhra ships GDPR, NIS2, DORA, NESA, SAMA, MAS TRM, and India BFSI (SEBI / RBI / CERT-In / DPDPA) as first-class citizens — authored, cited, and mapped with the same depth as the global frameworks.

Global baseline

  • ISO 27001:2022
  • SOC 2 Type II
  • PCI DSS 4.0
  • HIPAA
  • NIST CSF 2.0

EU + UK

  • GDPR
  • EU NIS2
  • EU DORA
  • UK Cyber Essentials+
  • ISO 27018 PII

Middle East + APAC

  • NESA UAE
  • SAMA Saudi
  • PDPL Saudi
  • MAS TRM Singapore
  • CMMC

Cloud-native + India

  • CIS AWS / Azure / GCP
  • AWS Well-Architected
  • FedRAMP
  • MITRE ATT&CK
  • SEBI · RBI · CERT-In · DPDPA

architecture

Desktop-first. Your data never leaves your machine.

Abhra runs as a native desktop application — Windows, macOS, Linux. The scan happens on your hardware, against your cloud credentials, with results stored in a local SQLite database.

The cloud (this site) handles license issuance, validation, and updates. Your scan data, your findings, your evidence — never leaves the laptop. This isn't a marketing claim. It's the architecture.

  • Read-only AWS / Azure / GCP credentials
  • Scans run locally — never proxied through us
  • SQLite-local storage with export to PDF/Excel
  • Air-gap friendly for high-security environments

Independently verifiable

  • Windows installer signed by CrownTrend India Private Limited (EV certificate)
  • SHA-256 hashes published on every release page
  • Reproducible Linux build pipeline

AWS

Azure

GCP

Abhra Desktop

Windows / macOS / Linux · runs on your machine

Scanner
Plugin engine
SQLite store

Abhra license server

License + updates only · no scan data

License key issuance + validation. Auto-update channel for new releases. No scan data, no findings, no resource inventory ever traverses this connection.

get started

Find your first risk in 15 minutes.

Download Abhra, connect your AWS / Azure / GCP credentials, and see your cloud the way a regulator sees it — but with the language and remediation that engineers can act on.