Blast Preemptive Cloud Defense Platform

Preemptive cloud security that prevents risks by default, before they become a breach.

Overview

Blast Preemptive Cloud Defense Platform turns cloud security from reactive firefighting into proactive protection.

Driven by your cloud context, Blast Compiler transforms your security strategy into tailored preventive guardrails. Over the pillars of identity, data, workloads, and networks, Blast utilizes your native security controls into one unified defense fabric. The platform leverages context-aware simulation layers to confidently validate and enforce those guardrails, with zero business disruption.

The result: a cloud environment secured by default, a security team empowered to innovate rather than remediate, and an organization that consistently stays ahead of threats.

Highlights

Proactive Cloud Security: Prevent misconfigurations and threats before they happen, ensuring your cloud environment remains secure by default.
Seamless Multi-Cloud Support: Easily apply security guardrails across AWS, Azure, GCP, and Kubernetes environments for consistent, scalable security enforcement.
Continuos Impact Simulations: Validate security configurations with real-time simulations, ensuring full compliance and zero business disruption with every change.

Details

Sold by

Blast Security

Unlock automation with AI agent solutions

Fast-track AI initiatives with agents, tools, and solutions from AWS Partners.

Explore AI agent solutions

Features and programs

Financing for AWS Marketplace purchases

AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.

View financing details

Quick Launch

Leverage AWS CloudFormation templates to reduce the time and resources required to configure, deploy, and launch your software.

Learn more

Pricing

Blast Preemptive Cloud Defense Platform

Info

View purchase options

Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.

Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.

12-month contract (1)

Info

Dimension	Description	Cost/12 months
Blast Preemptive Cloud Defense Platform	For private offer contact us: aws-marketplace-seller@blast.security	$300,000.00

Vendor refund policy

Due to the nature of our product, we do not offer refunds after purchase. All sales are final. If you have any questions or concerns about your purchase, please contact our support team at support@blast.security , before completing your transaction. We are here to assist you and ensure your satisfaction with our service.

How can we make this page better?

We'd like to hear your feedback and ideas on how to improve this page.

Legal

Vendor terms and conditions

Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .

Content disclaimer

Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.

Usage information

Info

Delivery details

Software as a Service (SaaS)

SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.

Additional details

Usage instructions

☁️ Connecting AWS Cloud Accounts

Setting Up the Blast Role

To enable secure integration between Blast Security and your AWS environment, you'll need to deploy a set of predefined IAM roles using AWS CloudFormation. These roles grant read-only access via AWS STS, allowing Blast to collect data and simulate enforcement impact across your organization.

<Note> This setup uses a **CloudFormation StackSet** for member and log-archive accounts, and a standalone **CloudFormation Stack** for the management account **with the same template**. </Note>

AWS CloudFormation Deployment

🔧 Prerequisites

Before deployment, ensure you have the following:

Administrator access to AWS CloudFormation.
AWS Organizations configured with:
- Management Account
- Member Accounts
- Log-Archive Account (The CloudTrail S3 Bucket Account)
ARN of your CloudTrail S3 bucket (in the Log-Archive account).
(Optional) ARN of the KMS key used for CloudTrail log encryption.
ExternalId provided by the Blast team.

1️⃣ Deploy Roles to Member & Log-Archive Accounts (StackSet)

Accounts: All AWS Member Accounts + Log-Archive Account\

Template: blast-role-cf.yaml

Steps:

Login to the AWS Management Account Console.
Go to CloudFormation → StackSets → Create StackSet (Direct Link )
Upload the template: blast-role-cf.yaml
Name your stack set (recommended: BlastManagementStackSet).
Provide the following parameters:
- BlastLogCollectorRoleName : BlastLogCollectorRole
- BlastUnitCollectorRoleName : BlastUnitCollectorRole
- BucketArn : ARN of CloudTrail S3 bucket (only for Log-Archive)
- ExternalId : Provided by Blast
- KmsKeyArn : (Optional) ARN of KMS key for log encryption
- LogArchive : Account ID of Log-Archive account
Check the box: “I acknowledge that AWS CloudFormation might create IAM resources with custom names.”*
Set deployment options:
- Deploy new stacks → Default
- Target → Deploy to organization
- Auto-deployment → Activated
- Removal behavior → Delete stacks
- Specify region → Enter your target region
Review and submit.
Wait for deployment to complete across all accounts.

Capture Outputs:

Copy the ARNs of the created roles and share with Blast team:

BlastUnitCollectorRoleARN (from each Member account)
BlastLogCollectorRoleARN (from the Log-Archive account)

2️⃣ Deploy Role in Management Account (Standalone Stack)

Account: AWS Management Account\

Template: CloudFormation-Management.yaml

Steps:

Login to the AWS Management Account Console.
Go to CloudFormation → StackSets → Create StackSet (Direct Link )
Upload the template: blast-role-cf.yaml
Stack Name: BlastManagementStack (recommended)
Provide parameters:
- BlastUnitCollectorRoleName : BlastUnitCollectorRole
- ExternalId : Provided by Blast
Acknowledge IAM creation: “I acknowledge that AWS CloudFormation might create IAM resources with custom names.”
Review and submit.
Confirm successful deployment.

🔎 Capture Output:

BlastUnitCollectorRoleARN (from Management account)

3️⃣ Share ARNs with Blast Security

After both deployments, securely send the following ARNs to the Blast team:

BlastUnitCollectorRoleARN (Management & Member accounts)
BlastLogCollectorRoleARN (Log-Archive account)

📧 Email: contact@blast.security

4️⃣ Finalization

Blast Security will verify the received ARNs and complete the integration process. You'll receive confirmation and further instructions upon success.

Support

Vendor support

support@blast.security

AWS infrastructure support

AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.

Get support

Similar products

Blast API

By Blast

Blast is a high-performance API and development tooling platform focused on providing access to blockchain nodes for Web3 developers. Leveraging an advanced smart routing system and a proprietary cloud architecture optimized for blockchain infrastructure, Blast stands out as one of the most reliable and fastest API and node providers in the Web3 space for more than 39 different blockchains. Additionally, we offer the most competitive pricing in the industry, ensuring top-tier performance and affordability for developers and enterprises alike.

View product

CloudGuard Network Security with Threat Prevention and SandBlast

By Check Point Software Technologies

Advanced threat prevention security for AWS and hybrid cloud environments, with Threat Extraction and Threat Emulation, and with GWLB (starting with R81.20) **Please note: To ensure optimal operations, Check Point recommends a 4 vCores machine size. This provides balanced efficiency and smooth performance, which most customers find ideal for their needs.

View product

CloudGuard Network Security with Threat Prevention & SandBlast BYOL

By Check Point Software Technologies

Advanced threat prevention security for AWS and hybrid cloud environments, with Threat Extraction and Threat Emulation. **Please note: To ensure optimal operations, Check Point recommends a 4 vCores machine size. This provides balanced efficiency and smooth performance, which most customers find ideal for their needs.

View product

Loci

By Karyosoft Inc.

Your In-House Secure GenBank for All Your Genomics Data

View product

Customer reviews

Leave a review

Ratings and reviews

Info

0 ratings

5 star

4 star

3 star

2 star

1 star

0 AWS reviews

No customer reviews yet

Be the first to review this product . We've partnered with PeerSpot to gather customer feedback. You can share your experience by writing or recording a review, or scheduling a call with a PeerSpot analyst.