Your perimeter changed 47 times today.
STACK Pulse is the continuous diff of every exposed surface — security groups, NACLs, route tables, peering connections, load-balancer listeners, public buckets — with full replay of any prior state.
CSPM scans every six hours. Your perimeter changes every six minutes.
Snapshot-based posture management is structurally too slow. Pulse taps the cloud audit stream and rebuilds perimeter state in near-real-time.
Event-Tap Architecture
CloudTrail, Azure Activity Log, GCP Audit Log streamed and replayed into live perimeter state. No periodic scan windows.
Ingress Delta Stream
Every port open, rule add, peering accept surfaced with blast-radius context — which subnets, which workloads, which data.
Public Surface Inventory
S3, Blob, GCS, ELB, ALB, API Gateway, K8s LoadBalancer — one tracked object per exposed thing.
Drift to Baseline
Known-good states preserved with one-click revert. Approval-gated re-application.
ChatOps Approval Hooks
High-blast-radius changes — ingress to data tier, new peering, IAM trust adds — gated via Slack or Teams.
Forensic Replay
Reconstruct any prior perimeter state at second-precision for incident scoping and post-mortem.
Questions teams ask before deploying
Straightforward answers about scope, integration, data handling, and rollout.
How is this different from Wiz, Orca, or Prisma Cloud?
They re-scan every 6-24 hours. We tap the cloud audit stream — sub-minute alerts on any change, plus replay you don't get from posture snapshots.
Does it require agents?
No. Read-only IAM role plus event subscription. Five minutes to first event in your console.
Which clouds and platforms?
AWS, Azure, GCP, OCI. Kubernetes via audit-webhook subscription. On-prem edge via NetFlow + config polling.
Does it integrate with our SIEM?
Yes — every delta is also a structured event. Native Splunk, Sentinel, Chronicle, Elastic, and Datadog destinations.