How does EchelonGraph compare to Wiz?

Both offer agentless CNAPP with CSPM, CWPP, DSPM, and attack path analysis. Key differences: EchelonGraph offers self-hosted deployment, zero-knowledge architecture, network/Shadow IT scanning, and transparent pricing starting at $0/month. Wiz is offered as SaaS with quote-based pricing (per wiz.io, May 2026). Source: wiz.io, echelongraph.io

How does EchelonGraph compare to Orca Security?

Orca uses patented SideScanning™ technology for agentless cloud workload analysis. EchelonGraph offers a 3-tier architecture with agentless cloud scanning, on-prem network scanning, and eBPF kernel telemetry. EchelonGraph also offers self-hosted deployment and a free tier, which Orca does not. Source: orca.security, echelongraph.io

Which CNAPP platforms offer self-hosted deployment?

Among the major CNAPPs we compared, EchelonGraph (full self-hosted via Helm chart) and Prisma Cloud Compute Edition offer a self-hosted deployment option; Wiz, Orca Security, CrowdStrike, and FortiCNAPP are offered primarily as SaaS (per public vendor documentation, May 2026). Vendor offerings change — verify current options with each vendor.

Which CNAPP has a free tier?

EchelonGraph offers a free-forever tier (up to 3 cloud accounts, 500 assets, Tier 1 scanning, CIS + SOC 2 frameworks). The other platforms we compared — Wiz, Orca, CrowdStrike, Prisma Cloud, and FortiCNAPP — are quote-based and, as of May 2026, did not list a free-forever tier on their public pricing.

8 Platforms • 22 Features • All Data Sourced

EchelonGraph vs. The Market

Honest, sourced comparison of EchelonGraph against Wiz, Orca Security, CrowdStrike Falcon, Prisma Cloud, and FortiCNAPP. Every data point links to an official vendor page.

Toggle vendors and filter by category. Click ↗ on any cell to verify the source.

Free tier available

Free-forever plan — rare among CNAPPs

3-Tier

Agent architecture

Cloud + Network + Kernel

Zero-knowledge

Data never leaves your VPC

Self-hosted

Air-gapped ready

Helm chart deployment

Feature	🛡️EchelonGraph	🟢Wiz	🐋Orca Security	🦅CrowdStrike	🔺Prisma Cloud	🏰FortiCNAPP	🔐Palo Alto Idira	🌐Versa CSPM
Architecture
Deployment Model	SaaS + Self-hosted↗	SaaS↗	SaaS↗	SaaS↗	SaaS + Self-hosted (Compute Ed.)↗	SaaS (Fortinet Fabric)↗	SaaS (Idira platform)↗	SaaS (VersaONE Universal SASE)↗
Agent Requirement	Agentless (T1) + optional eBPF (T3)↗	Agentless-first + optional sensor↗	Agentless (SideScanning™)↗	Agent required (Falcon sensor)↗	Agent + Agentless options↗	Agentless + behavioral agent↗	Connector-based (300+ integrations)↗	Agentless↗
eBPF Runtime Protection	✅ Tier 3 (EcheDeep)↗	✅ Wiz Sensor (optional)↗	✅ Orca Sensor (optional)↗	✅ Falcon sensor (kernel-level)↗	✅ Defender agent↗	Behavioral analytics↗	n/a — PAM product↗	❌↗
Cloud Providers	AWS, GCP, Azure↗	AWS, GCP, Azure, OCI, Alibaba↗	AWS, GCP, Azure, OCI, Alibaba↗	AWS, GCP, Azure↗	AWS, GCP, Azure, OCI↗	AWS, GCP, Azure, OCI↗	Cloud-agnostic identity layer (SaaS, cloud, dev envs)↗	AWS, GCP, Azure, OCI (500+ rules)↗
Capabilities
CSPM	✅↗	✅↗	✅↗	✅↗	✅↗	✅↗	n/a — PAM product↗	✅ (launched May 2026)↗
CWPP	✅↗	✅↗	✅↗	✅↗	✅↗	✅↗	❌↗	❌↗
DSPM	✅↗	✅↗	✅↗	✅↗	✅↗	✅↗	❌↗	❌↗
CIEM	✅ AWS + GCP, read-only↗	✅↗	✅↗	✅↗	✅↗	✅↗	✅ PAM-native↗	Partial (in CSPM)↗
Attack Path Analysis	✅ Neo4j graph↗	✅ Security Graph↗	✅ Unified Data Model↗	✅↗	✅↗	✅ Composite Alerts↗	Identity paths only↗	❌↗
IaC Scanning	✅ Terraform, CloudFormation, K8s↗	✅ Wiz Code↗	✅ Shift Left↗	✅↗	✅↗	✅↗	❌↗	❌↗
AI Security Analyst	✅ RAG-powered (Gemini)↗	✅ Wiz AskAI↗	✅ Orca AI↗	✅ Charlotte AI↗	✅ Prisma AI Copilot↗	✅ FortiAI↗	AI-driven analytics (embedded)↗	❌↗
AI-SPM (AI Service Posture)	✅ SageMaker + Bedrock + Vertex AI, read-only↗	✅ AI-SPM↗	✅ AI Security↗	Emerging↗	✅ AI-SPM↗	Limited↗	❌↗	❌↗
Compliance & Pricing
Pricing Model	Free / $49 / $149 / Custom↗	Custom quote required↗	Custom quote required↗	Custom quote / AWS PAYG↗	Credit-based (custom)↗	Custom quote required↗	Per-identity (custom)↗	Bundled with SASE (custom)↗
Free Tier	✅ Free forever (3 accounts, 500 assets)↗	❌ Not listed	❌ Not listed	❌ Not listed	❌ Not listed	❌ Not listed	❌ Not listed	❌ Not listed
Transparent Pricing	✅ Published on website↗	❌ Contact sales↗	❌ Contact sales↗	❌ Contact sales↗	❌ Contact sales↗	❌ Contact sales↗	❌ Contact sales↗	❌ Contact sales↗
Compliance Frameworks	17 built-in + unlimited via custom-framework builder — incl. 5 AI-governance frameworks (EU AI Act, NIST AI-RMF, ISO 42001, MITRE ATLAS, OWASP LLM), still rare among CNAPPs↗	100+ (CIS, SOC 2, PCI, HIPAA, GDPR, NIST, etc.)↗	100+ (CIS, SOC 2, PCI, HIPAA, GDPR, etc.)↗	Multiple (CIS, PCI, HIPAA, NIST, etc.)↗	Multiple (CIS, SOC 2, PCI, HIPAA, etc.)↗	Multiple (CIS, SOC 2, PCI, HIPAA, etc.)↗	Audit-ready (frameworks not publicly itemised)↗	CIS, NIST, ISO 27001, SOC 2, PCI-DSS↗
Real-time compliance re-scoring (≤30s)	✅ Webhook on every cloud / K8s change↗	Scheduled scans↗	Scheduled scans↗	Scheduled scans↗	Scheduled scans↗	Scheduled scans↗	n/a — PAM product↗	Continuous monitoring (poll-based, not webhook)↗
EU AI Act controls live (21 obligations)	✅ 21 obligations (Art 9-17, 19, 26-27, 50, 61, 72, 85/99)↗	Partial (general AI policies)↗	❌↗	❌↗	Partial↗	❌↗	Partial via identity controls↗	❌↗
Differentiators
Self-Hosted / Air-Gapped	✅ Helm chart, BYOK, air-gapped↗	❌ No self-hosted option listed↗	❌ No self-hosted option listed↗	❌ No self-hosted option listed↗	✅ Compute Edition (self-hosted)↗	❌ SaaS (Fortinet Fabric)↗	Legacy CyberArk on-prem PAM↗	❌ No self-hosted option listed↗
Zero-Knowledge Architecture	✅ AES-256-GCM, BYOK (AWS/GCP/Vault)↗	❌	❌	❌	❌	❌	❌	❌
Zero Standing Privilege scoring	✅ CIS-AWS 1.13/1.15/1.16 live↗	Partial (IAM scanning)↗	Partial↗	Partial↗	Partial↗	Partial↗	✅ Enforced (core product)↗	❌↗
Network / Shadow IT Scanning	✅ Tier 2 (EcheNet)↗	❌	❌	❌	❌	❌	❌	✅ SASE-native↗
SBOM Generation	✅ CycloneDX + SPDX↗	✅↗	✅↗	✅↗	✅↗	✅↗	❌↗	❌↗

See it in action

Watch the 60-second product demo

A walkthrough of the live attack graph, the 21 EU AI Act obligations scoring live, and the Shadow AI Radar real-time feed. No signup, no email gate.

Watch the demo →

📚 Sources & References

Comparisons reflect publicly available information from official vendor websites and documentation as of May 2026. Vendor offerings change frequently — verify current capabilities, deployment options, and pricing directly with each vendor. Pricing details are indicative; contact each vendor for customized quotes.

Why Choose EchelonGraph?

💰

Transparent Pricing

We publish our prices. Free tier forever, Pro at $149/user/mo. No surprise six-figure quotes after a demo call.

🏠

Self-Hosted & Air-Gapped

Deploy in your VPC with BYOK encryption. Zero-knowledge architecture means your data never leaves your infrastructure.

🔍

3-Tier Depth

The only platform combining agentless cloud APIs (T1), network/Shadow IT scanning (T2), and eBPF kernel telemetry (T3) in one product.

See Pricing →Compare Compliance Frameworks →