NewSOC 2 · PCI DSS 4.0 · ISO 27001 · NIST CSF

Compliance automation
built for security teams

Stop spending weeks manually collecting audit evidence. NetGuard connects to your firewall, AWS, and identity systems and maps findings to 102 compliance controls automatically.

Start free — no card neededSee how it works →
SOC 2 ready
PCI DSS 4.0
ISO 27001
NIST CSF
app.netguardapp.io/dashboard
Last scan: 2h ago
Dashboard
Controls
Frameworks
Reports
Integrations
Acme Corp ▾
Security Overview
Q1 2025 · 102 controls evaluated
⚡ Run Scan
Overall Score
87%
+3%
Passing
89
+6
Failing
11
-2
Warnings
4
±0
Framework Coverage
SOC 2
87%
PCI DSS
74%
ISO 27001
91%
ControlSourceStatus
No public S3 bucketsAWSPCIFAIL
MFA on all privileged accountsOktaSOC2PASS
No critical unpatched CVEsAWSISOFAIL
CloudTrail enabled all regionsAWSSOC2PASS
Inactive accounts disabled >90dOktaNISTWARN
Firewall denies inbound on 22MerakiPCIPASS
102automated controls
8native integrations
4compliance frameworks
< 48hto first audit report
Connects to your existing stack
☁️AWS
🌐Azure
🔵GCP
🔐Okta
🛡️Palo Alto
📡Cisco Meraki
🐙GitHub
🦊GitLab
How it works

From messy infra to
audit-ready in hours

Three steps. No agents to maintain on modern systems. No consultants needed.

01
🔌
Connect your infrastructure
Grant read-only access to AWS, Okta, your firewall, and SIEM. Takes 10 minutes per integration. We never write — only observe.
02
We collect and map automatically
NetGuard pulls your configs daily, evaluates them against 102 controls across SOC 2, PCI DSS, ISO 27001, and NIST CSF — no manual work.
03
📄
Generate auditor-ready reports
Export a full evidence package with timestamped proof per control. Your auditor gets exactly what they need. You get your time back.
Features

Everything a security team
needs for compliance

Automation
Automated evidence collection
Connectors for AWS, Okta, Palo Alto, Cisco, Azure AD, and more pull evidence on a daily schedule — no manual screenshots ever again.
Read-only API access only
Timestamped evidence snapshots
Auto-retry on failed collections
Monitoring
Continuous drift detection
NetGuard compares every scan against the previous one and flags the exact control that changed — before your auditor or an attacker finds it first.
Regression alerts within minutes
Full drift timeline per control
Configurable scan schedule (6h → weekly)
Reporting
Reports for every audience
One scan, three reports. C-Level gets a plain-English risk brief. Management gets a summary. IT gets step-by-step remediation for every finding.
C-Level: business impact, zero jargon
Summary: category scores + key findings
Technical: evidence + numbered fix steps
Network-depth
Firewall-native compliance checks
Built by network engineers. We check firewall rule sets, zone configurations, and VPN policies that generic tools like Vanta miss entirely.
PCI DSS Requirement 1 (firewall)
Network segmentation validation
On-prem & cloud hybrid support
Reports

One scan.
Three reports. Every audience covered.

Run a scan once and instantly generate the right report for each stakeholder — no manual reformatting.

💼
C-Level Report
For: Board · CEO · CFO
Plain-English executive brief. No technical jargon — just business risk, what's exposed, and what leadership needs to do. Designed to be read in under 5 minutes.
Business risk score in plain language
Traffic-light security snapshot
Why it matters — business consequences
What to do — executive action items
📊
Summary Report
For: IT Manager · Compliance Officer
Balanced management overview with compliance score, category-by-category breakdown, and the top findings that need attention before the next audit.
Overall score with visual progress bar
Category compliance breakdown
Top 10 failing + warning controls
Framework coverage overview
🔧
Technical Report
For: IT Engineer · Security Team
Full IT detail. Every control, the raw evidence collected, and numbered step-by-step remediation instructions. The engineer gets exactly what they need to fix the issue.
Every control with raw evidence
Priority fix list sorted by severity
Numbered step-by-step remediation
Console commands & config paths included
Cross-Framework Mapping
See how every security check maps across SOC 2, PCI DSS, ISO 27001, and NIST CSF — simultaneously. One matrix view shows where you're covered and where gaps exist across all frameworks at once.
CheckSOC 2PCI DSSISO 27001NIST CSF
MFA EnforcedPASSPASSPASSPASS
SSH RestrictedFAILFAILFAILWARN
Audit LoggingPASSWARNPASSPASS
Data EncryptionPASSPASSFAILPASS
Frameworks

All the frameworks
your customers ask for

One platform — every major compliance framework, with deep automated coverage.

🛡
SOC 2 Type II
Trust Services Criteria for security, availability, and confidentiality
87%
62 automated controls
💳
PCI DSS 4.0
Payment Card Industry standards with deep firewall rule coverage
74%
48 automated controls
🌐
ISO 27001
International information security management standard
91%
38 automated controls
🏛
NIST CSF
Cybersecurity framework for critical infrastructure protection
79%
44 automated controls
Pricing

Simple, predictable pricing

No per-seat fees. No hidden integration charges. Pay per organisation.

Starter
$299/month
For startups getting their first SOC 2 or PCI certification.
Up to 50 assets
1 compliance framework
3 integrations
Daily automated scans
Email alerts
PDF report export
Custom control library
Start free trial
Most popular
Growth
$799/month
For scale-ups with active compliance programs and multiple frameworks.
Up to 500 assets
All 4 compliance frameworks
Unlimited integrations
Continuous monitoring
Slack + email alerts
PDF report export
Custom control library
Start free trial
Enterprise
Custom
For large organisations with complex on-prem and cloud hybrid environments.
Unlimited assets
All frameworks
Custom connectors built
Custom control library
SSO / SAML
Dedicated onboarding
SLA + priority support
Contact sales
Your next audit doesn't have to be painful.
Join security teams that replaced spreadsheets and screenshots with automated evidence.
Start free trial →Talk to sales
Testimonials

Trusted by security teams

6 weeks → 3 daysSOC 2 audit prep

The firewall coverage is unlike anything else on the market — it actually understands PCI DSS Requirement 1. Our auditor was impressed.

MR
Maria R.
CISO · Fintech startup
0 incidentssince onboarding

The drift alerts are a game changer. We caught a developer accidentally opening port 22 to the internet at 3am — before anyone else did.

JK
James K.
Head of IT · SaaS company
1 sprint savedper audit cycle

Every control had timestamped evidence automatically. The PDF package saved our team an entire sprint. Our auditors asked what tool we used.

SA
Sara A.
VP Engineering · Series B
FAQ

Common questions

Does the client need to install anything?
For cloud systems (AWS, Okta, Azure) — no. You grant read-only API access via a guided 10-minute setup. For on-prem firewalls (Cisco ASA, Palo Alto), we provide a lightweight Docker-based agent that makes outbound-only connections — no inbound ports required.
Is my infrastructure data safe?
All credentials are stored in AWS Secrets Manager with AES-256 encryption, namespaced per organisation. We hold read-only permissions only — it is technically impossible for NetGuard to modify anything in your infrastructure. All data is encrypted at rest and in transit (TLS 1.3).
How is this different from Vanta or Drata?
Vanta and Drata focus on SaaS integrations (GitHub, Google Workspace, HR tools). They handle firewall and network compliance poorly. NetGuard is built specifically for network and infrastructure-heavy environments — we go deep on PCI DSS firewall requirements, network segmentation, and on-prem systems that generic tools skip entirely.
How long does onboarding take?
Most customers connect their first integrations and run their first scan within 30 minutes of signup. Your first full compliance report can be ready the same day. There is no professional services engagement required.
Can I add custom compliance controls?
Yes, on the Enterprise plan. You can define custom controls in YAML, map them to any data source, and they appear alongside the standard framework controls in your dashboard and reports.
What if a scan fails or a connector goes stale?
You'll receive an email and Slack alert immediately. Each data source shows a last collected timestamp in the dashboard. Failed collections are retried automatically 3 times with exponential backoff before alerting you.
What's the difference between the C-Level, Summary, and Technical reports?
They all come from the same scan — zero extra work. The C-Level report is a plain-English brief written for executives: no acronyms, no control IDs, just business risk and what leadership needs to authorise. The Summary report gives managers a compliance score, category-by-category breakdown, and the top findings. The Technical report is for your IT team — every control with the raw evidence collected and numbered step-by-step instructions on exactly how to fix each failing issue.
What is the Cross-Framework Map?
It's a single matrix that shows how every security check maps across all four frameworks (SOC 2, PCI DSS, ISO 27001, NIST CSF) at the same time. Instead of running four separate audits, you can see at a glance which checks satisfy multiple frameworks simultaneously — and where you have gaps in specific frameworks. Available as an interactive view in the dashboard and as a PDF export.

Start your free trial today

Connect your first integration in 10 minutes. No credit card required. Your first compliance report in under an hour.

14-day free trial · No credit card · Cancel anytime