DivvyCloud
Cloud security posture management (CSPM) software
Cloud security software
- Features
- Ease of use
- Ease of management
- Quality of support
- Affordability
- Market presence
Take the quiz to check if DivvyCloud and its alternatives fit your requirements.
$5,775/mo per month
Free Trial
Free version unavailable
Small
Medium
Large
- Information technology and software
- Banking and insurance
- Healthcare and life sciences
What is DivvyCloud
DivvyCloud is a cloud security posture management (CSPM) product focused on continuous assessment and automated remediation of cloud configuration and governance issues across public cloud environments. It is used by cloud security and cloud operations teams to detect misconfigurations, enforce policy, and automate responses to reduce risk and operational overhead. The product emphasizes policy-as-code style controls, workflow-based remediation, and integration with cloud-native services and ITSM/SIEM tooling. DivvyCloud is associated with Rapid7 following its acquisition and is positioned within Rapid7’s cloud security portfolio.
Automated policy remediation workflows
DivvyCloud supports automated remediation actions tied to policy violations, helping teams move from detection to response without manual intervention. It is designed to execute corrective actions through cloud provider APIs and predefined workflows. This can reduce time-to-fix for common misconfigurations and governance drift. It also supports approval and exception patterns that align with operational change control.
Governance and compliance alignment
The platform maps technical findings to policy and compliance-oriented controls, which helps security teams communicate risk in governance terms. It supports continuous monitoring for configuration drift and noncompliant resources. This is useful for organizations that need repeatable evidence for audits and internal controls. Reporting and policy structure are oriented toward cloud governance use cases rather than only vulnerability-style findings.
Integrations with security operations
DivvyCloud integrates with common security and IT operations tools to route findings into existing workflows. Typical patterns include ticketing/ITSM, alerting, and log/SIEM pipelines to support triage and accountability. This helps teams avoid running CSPM as a standalone console. Integration-driven workflows are important in environments where multiple cloud security tools already exist.
Product lifecycle and branding changes
DivvyCloud is widely referenced as an acquired product and may be packaged or branded differently within Rapid7’s current cloud security offerings. This can create ambiguity for buyers comparing feature sets, licensing, and roadmap commitments across product names. Prospective customers often need to validate what is currently supported and how it is delivered (standalone vs. integrated). Procurement and implementation planning may require extra diligence.
Coverage varies by cloud services
As with many CSPM tools, depth of coverage can vary across cloud providers and across newer managed services within each provider. Organizations using a broad set of cloud-native services may find gaps that require compensating controls or custom policies. Teams should validate supported resource types, policy checks, and remediation actions for their specific service inventory. This is especially relevant for fast-evolving cloud platforms.
Policy tuning and operational overhead
Effective use typically requires policy tuning to reduce noise and align checks with organizational standards. Automated remediation can introduce operational risk if workflows are not carefully scoped, tested, and governed. Teams may need to invest time in exception handling, approvals, and change management to avoid unintended changes. This can slow initial time-to-value in complex environments.
Plan & Pricing
Pricing model: Instance-based subscription (usage-based)
Pricing details:
- Starting at $5,775 per month — for up to 500 instances. All subscriptions include unlimited managed clouds and containers, compliance packs, automated remediation, user accounts, policy guardrails, dashboards and reports.
Notes:
- Pricing is presented as a "starting" cost on the vendor site; additional tiers/volume-based pricing are not published publicly and require contacting sales or requesting a demo.
Seller details
Rapid7, Inc.
Boston, Massachusetts, USA
2000
Public
https://www.rapid7.com/
https://x.com/Rapid7
https://www.linkedin.com/company/rapid7/
