Introducing EchelonGraph: Cloud Security Intelligence for the Modern Enterprise

The Problem

Cloud infrastructure is growing faster than security teams can keep up. The average enterprise uses 3+ cloud providers, runs thousands of workloads, and ships dozens of changes per day. Traditional security tools scan in silos — one tool for vulnerabilities, another for compliance, another for network exposure.

The result? Security teams are drowning in alerts with no way to answer the most important question: "What's actually at risk?"

Our Approach

EchelonGraph takes a fundamentally different approach. Instead of scanning in isolation, we build a real-time graph of your entire cloud infrastructure — every asset, every connection, every vulnerability, every compliance control — in a single, queryable database.

This graph-first approach enables capabilities that are impossible with traditional tools:

🔬 Attack Surface Mapping

We continuously discover every asset across AWS, GCP, and Azure. EC2 instances, VPCs, security groups, S3 buckets, IAM roles, Kubernetes clusters, serverless functions — all mapped with their relationships.

💥 Blast Radius Visualization

Click any node in your infrastructure graph and instantly see its blast radius — every other asset that could be compromised if that node is breached. This is powered by real-time graph traversal against Neo4j, not static rule matching.

🛡️ Compliance Automation

EchelonGraph continuously evaluates your infrastructure against SOC 2, GDPR, ISO 27001, NIST CSF, PCI DSS, HIPAA, DPDP Act, and ISMS-P. Scores update every 5 minutes. Evidence is collected automatically.

🕵️ Threat Intelligence

Real-time CVE matching against your discovered software versions. Attack path analysis identifies exploitable multi-hop paths from the internet to sensitive data.

Architecture

EchelonGraph is built as a set of Go microservices communicating via gRPC and NATS:

Core Backend: Fiber REST API serving the dashboard, blast radius, and CVE feed

Auth Service: SSO (SAML, OIDC, LDAP), MFA, RBAC with 5 roles and 18 permissions

Compliance Engine: Continuous scoring against 8 frameworks with 266+ controls

Ingestion Pipeline: gRPC ingester + NATS JetStream processor for real-time telemetry

3-Tier Scanners: Agentless cloud scan, network port scan, eBPF runtime agent

All data stores implement per-tenant isolation: PostgreSQL RLS, Neo4j label isolation, ClickHouse partition isolation.

What's Next

We're launching in beta with multi-cloud support for AWS, GCP, and Azure. Over the coming months, we'll be adding:

Automated remediation workflows

Executive reporting with PDF export

Integration marketplace (Jira, ServiceNow, Slack, PagerDuty)

Industry benchmark comparisons

Start your free trial →