Multi-cloud asset discovery, cloud security posture across fourteen capability domains, and an eleven-station auto-remediation pipeline with virtual patching at the perimeter. From CMDB to closed finding without a runbook.
Continuous discovery across GCP, AWS, Azure, Cloudflare, Kubernetes, Terraform state, and GitHub. Forty canonical entity types covering compute, network, storage, data, identity, secrets, observability, and code. Per-entity heartbeat with drift, posture, vulnerability, exposure, change velocity, and ownership confidence.
Fourteen capability domains: configuration, vulnerability, identity, network exposure, container security, data security, IaC scan, code-to-cloud lineage, secret scanning, compliance frameworks, threat detection, active-exploit intelligence, application security, and risk prioritization via toxic-combination graph queries.
Eleven-station response pipeline. Severity-based time-to-live. Dual-clock human-in-the-loop. Virtual patches fire at the perimeter before the approval cycle on active exploits. Real fixes flow through Infrastructure-as-Code review with full audit. Never touches production directly.
The standard enterprise response is hours of exposure — sometimes days. The fix has to be coded, reviewed, tested, and deployed through Infrastructure-as-Code. While that pipeline runs, the exploit window is open. Adversaries with active scanners notice immediately.
Meridian's response is virtual patching. The moment the CVE arrives in our active-exploit intelligence feed, the response layer fires protective controls at the perimeter — web application firewall rules, network policies, cloud armor signatures — before the human-approval cycle for the actual code patch begins. The exposure window collapses from hours to minutes.
The real patch still goes through proper review, IaC pull request, and human authorization. But your perimeter is hardened the moment the threat is known. Detect. Mitigate at the edge. Patch through the proper channel. The middle step is what most platforms miss.
Each individual permission looked benign in isolation. Two of them together create a lateral path from a compromised function to your customer database — the exact pattern recent breach reports keep repeating. No CSPM tool that evaluates rules independently catches this.
Meridian's toxic-combination engine evaluates the identity graph holistically. It surfaces the exact composite finding: "this account, via this group, can reach this bucket." It proposes the minimum-scope correction. The fix lands in an IaC pull request with the graph traversal as evidence.
Someone made an out-of-band change six weeks ago. It's been running in production ever since. The next Terraform plan will silently revert it — or break a dependency nothing knows about.
Meridian's drift detection runs continuously, not on every push. It surfaces the exact gap, traces who changed it through audit logs, and proposes either a code change to absorb the drift or a controlled reconciliation. You decide. The system records the decision and moves on.
Most cloud-security tools observe and report. The buyer is left with a backlog of findings, no triage signal, and a remediation process that runs through whatever ticketing system the team uses. The mean time to fix is measured in weeks. The mean time to next breach is measured in days.
Meridian observes, prioritizes, and remediates on the same substrate. Findings carry severity, exploitability, exposure, blast-radius, and reversibility — assigned by graph traversal, not by checklist. The response pipeline is a circuit, not a runbook. Virtual patches fire automatically against active exploits while the proper fix goes through review. Never any direct production change. Every action is recorded.
And every cloud asset, every finding, every remediation, every approval is bound to the same substrate that runs your business operations, your knowledge graph, your security posture, and your executive dialogue. Cost drift on an over-provisioned database becomes a finance signal. A new internet-exposed service becomes a security signal. The CFO and the CISO see different views of the same graph.
"You came for a CSPM tool. By the time you're in production, you'll discover the same substrate also runs your incident response, your finance signals, and your IT operations knowledge graph. One pane of glass — because there's one substrate."
Seven other domains running on the same substrate
Get a private walkthrough when IT Operations opens to early customers.