Uptycs
Cloud compliance software
Cloud detection and response (CDR) software
Cloud infrastructure entitlement management (CIEM) software
Cloud-native application protection platform (CNAPP)
Cloud security monitoring and analytics software
Cloud security posture management (CSPM) software
Cloud workload protection platforms
Extended detection and response (XDR) platforms
Managed detection and response (MDR) software
Container security tools
Endpoint detection & response (EDR) software
Cloud security software
System security software
DevSecOps software
Endpoint protection software
- Features
- Ease of use
- Ease of management
- Quality of support
- Affordability
- Market presence
Take the quiz to check if Uptycs and its alternatives fit your requirements.
$12,000 per year
Free Trial unavailableFree version unavailable
Small
Medium
Large
- Retail and wholesale
- Healthcare and life sciences
- Manufacturing
What is Uptycs
Uptycs is a cloud security platform that unifies asset inventory, posture management, and threat detection across cloud accounts, containers, Kubernetes, and endpoints. It is used by security operations and cloud security teams to monitor configuration risk, detect suspicious activity, and investigate incidents using a common data model. The product centers on a query-driven analytics approach (built on osquery concepts) to collect and analyze telemetry across heterogeneous environments. It is typically deployed to support continuous monitoring, incident response, and compliance reporting in cloud-first environments.
Unified telemetry via osquery
Uptycs uses an osquery-based approach to standardize endpoint and workload telemetry collection across Linux, Windows, and macOS, and to extend visibility into containers and Kubernetes. This can reduce the need to maintain separate tooling and data pipelines for different runtime environments. The query model supports ad hoc investigations and repeatable detection logic using SQL-like queries. It also helps teams operationalize threat hunting and compliance checks with the same underlying data.
Broad cloud-to-endpoint coverage
The platform spans CSPM-style configuration assessment, runtime detection for workloads/containers, and endpoint detection capabilities. This breadth supports use cases where teams want a single console for cloud posture, identity/entitlement risk signals, and runtime events. It can be useful for organizations operating mixed environments (multiple clouds, Kubernetes, and traditional endpoints). The consolidated view can simplify triage by correlating findings to assets and owners.
Security analytics and investigations
Uptycs emphasizes searchable security data and investigation workflows, which can help analysts pivot from an alert to related processes, users, network connections, and cloud resources. The platform supports detection engineering patterns that reuse queries and scheduled packs. This approach can be effective for teams that prefer transparent detection logic over opaque scoring. It also aligns with operational needs for audit trails and evidence collection during incident response.
Query-centric learning curve
Teams may need comfort with osquery concepts and SQL-like querying to get the most value from hunting and custom detections. Organizations without detection engineering resources can rely more heavily on built-in content, which may limit tailoring to unique environments. Building and maintaining query packs and tuning can require ongoing effort. This can slow time-to-value compared with products that are more prescriptive out of the box.
CNAPP scope varies by module
Coverage across CNAPP sub-domains (posture, entitlement risk, workload/runtime, container/Kubernetes, and response automation) depends on the specific modules licensed and deployed. Some organizations may still need adjacent tools for areas like ticketing workflow, governance, or specialized compliance frameworks depending on requirements. Buyers should validate which controls, integrations, and response actions are included versus optional. This is particularly important for regulated environments with strict reporting needs.
Operational overhead at scale
Deploying agents, integrating cloud accounts, and managing data retention can introduce operational complexity in large or highly segmented environments. High event volumes from endpoints and cloud telemetry may require careful tuning to control noise and cost. Cross-team coordination is often needed between cloud platform teams and security operations to maintain coverage. These factors can affect rollout timelines and ongoing administration.
Plan & Pricing
| Plan (package) | Price | Key features & notes |
|---|---|---|
| Discover — Workload | $3 per month (billed annually) (starting) | Basic visibility: Full asset inventory across hybrid cloud, Kubernetes, and endpoints; onboarding; unified management; tool integrations. Minimum order per year applies. |
| Discover — Cloud Workload | $5 per month (billed annually) (starting) | Same Discover features applied to cloud workloads. |
| Audit — Workload | $6 per month (billed annually) (starting) | Everything in Discover plus security risk assessments, continuous compliance and vulnerability scanning, exposure/attack-path analysis, alerting and reporting, historical analysis. |
| Audit — Cloud Workload | $10 per month (billed annually) (starting) | Audit package applied to cloud workloads. |
| Secure — Workload | Request for Pricing | Includes Audit features plus runtime protection, cloud detection & response, anomaly detection, threat intel, incident response, file monitoring, threat remediation. |
| Secure — Cloud Workload | Request for Pricing | Secure package applied to cloud workloads (contact sales). |
Usage-based / Per-endpoint pricing (Uptycs Nexus / Endpoint pricing)
Pricing model: Per-endpoint subscription (monthly pricing shown on vendor site) Free tier/trial: Not stated on pricing pages (see notes). Example costs: Standard price — $2 per endpoint/month (vendor-stated starting price for Nexus/endpoint management). Flight Recorder add-on — $1 per endpoint/month (7 days retention). Export Raw Telemetry add-on — $1 per endpoint/month. Discount options: Not specified on public pricing pages; vendor references custom/volume pricing and a pricing FAQ but no public rates.
Notes & constraints:
- Vendor page states a minimum order per year: $12K. (This appears on the official pricing page.)
- Many items are presented as "starting at" and "request for pricing"; enterprise/custom pricing requires contacting sales.
- All pricing above is taken from Uptycs' official website pages (pricing and product pages).
Seller details
Uptycs, Inc.
Waltham, Massachusetts, USA
2016
Private
https://www.uptycs.com/
https://x.com/uptycs
https://www.linkedin.com/company/uptycs/
